Back To Schedule
Thursday, October 29 • 11:50am - 12:30pm
Security: Authorizing cloud workloads to cloud services and limiting exploitation risks

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

During the recent security mid-cycle the topic of authorizing on cloud applications to cloud services (e.g A compute instance that wants to interact with Swift) was addressed, we designed a reflective pattern that focussed on de-escalating application privilege and moving policy enforcement for applications into the application space, we've called this "Re-entrant policy management for on-cloud applications".

A second, slightly earlier approach using PKI and Barbican exists as a spec called "Instance Users for Cloud Interaction" (https://review.openstack.org/#/c/222293)

In this fishbowl we will briefly introduce both models before inviting the attendees to discuss the relevant benefits and issues with both sets of ideas. The aim is to breed discussion and capture research items to discuss further - we wont fix anything in this session but we will capture the next steps for working towards solving this problem.

Etherpad: https://etherpad.openstack.org/p/security-mitaka-fishbowl-authz

Thursday October 29, 2015 11:50am - 12:30pm JST
Nadeshiko room
  • format json

Attendees (0)