ONF Connect 2018 has ended
Back To Schedule
Wednesday, December 5 • 4:30pm - 5:00pm
Securing XOS Services on Edge Using Istio Citadel Central Authority

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
XOS Service orchestration framework enables services to be managed as as first-class abstraction, regardless of where these tenant services are hosted. Since multi-tenancy is a staple of cloud services, it is imperative that managing service credentials directly effects dataplane service connectivity. Thus, services’ authentication and verifiability requirement directly follows from XOS's Model-Controller-View programmability framework that allows access to those resources.

We introduce and discuss Citadel, Istio’s Certificate Authority, to improve edge security by automating the issuance and rotation of certificates for XOS services. Firstly, we focus on the use case of provisioning SPIFFE identities as X509 certificates for a set of workloads that make up an XOS service in a point of presence. Secondly, we describe how XOS can be used with Citadel to build a reliable system for certificate management. Finally, we’ll uncover the workflow protocol used for automatic certificate issuance, including how authentication of the workload and its execution environment can be performed.

avatar for Lizan Zhou

Lizan Zhou

Founding Engineer, Tetrate
Lizan Zhou is a Founding Engineer at Tetrate leading mesh backend team. He is a senior maintainer of Envoy and one of the core contributors of Istio. Previously he was working at Google Cloud, during his time at Google he worked on security and networking on Istio and Cloud Endpoints... Read More →

Wednesday December 5, 2018 4:30pm - 5:00pm PST
Salon 4