Google is going to standardize their Workload identity based on #SPIFFE 🎉 Watch this: youtube.com/clip/UgkxcujMW…

We have some amazing speakers lined up for SPIFFE Community Day next Friday 🙌🙌🙌 you should definitely attend if you're able to! Hybrid event, but in-person attendees in SF will have an unconference bit at the end 😀 see you there! …ecommunityday-fall2023.splashthat.com

Last call for SPIFFE community day in-person attendees!! We'll cover all things workload identity, even some non-SPIFFE stuff 😁 see ya there!

Here are a few key management lessons from decades of successes and failures.

SPIFFE Community Day kick-off!

In operating system design, the user context in which tasks operate is factored into the design to ensure the desired security properties. In application design, this consideration is often overlooked, with applications usually running as monolithic structures that are blindly

These two are such a fun couple of humans both of them lift others up and share that incredible knowledge they’ve learned everyday! With Evan Gilman and Andrew Martin ⚡☸️

Using SPIFFE/SPIRE? Some systems like Istio have established conventions about how to encode identity with SPIFFE IDs, but you may be wondering how best to construct SPIFFE IDs… this is a GREAT blog from [email protected] // bsky.social 🖤🕯️ SPIRL spirl.com/blog/how-to-co…

Are you working with SPIFFE and wondering what should go into your SPIFFE ID? Check out our post where we teach you what to consider for your IDs. buff.ly/41RUrIu

SSH3 with ACME just naturally solves the classical Trust On First Use problem of SSH for VMs with hostnames such as Microsoft Azure VMs. Easily implemented in SSH3 v0.1.6 using Caddy Web Server's certmagic.✨ Native access to the HTTPS ecosystem in SSH is a real game changer, here's why:

📢 Join me this Friday at 8:00 AM PST! I'm excited to be a special guest on Whitney Lee’s livestream. We'll dive into the world of SPIFFE, SPIRE, and turtles 🐢⚡️. 📅 Mark your to Calendar to Enlighten⚡️: tanzu.vmware.com/developer/tv/e… #SPIFFE #SPIRE #ZeroTrust #Security #Tanzu

Psst… In case you want to hear me ranting for two hours about secrets, SPIFFE, SPIRE, Turtles, passport, piano, kids, teenagers, and Neurology this is the video recording of today’s Enlightning » youtube.com/watch?v=EB6AJT…

It is 2024 will wouldn't be rolling out new systems using passwords and no MFA would you? Of course not -- It is probably time to rethink the way you do your workload and machine authentication too.

In case you missed the SPIFFE Virtual meetup last month, here are the recordings. Thank you to presenters from Coinbase, Indeed, and HPE for sharing their insights and experiences youtube.com/playlist?list=… #SPIFFE #ZeroTrust

Episode 166 "Workload Identity, Zero Trust and #SPIFFE (Also Turtles!)" of Cloud Security Podcast where hosts Dr. Anton Chuvakin and Timothy Peacock interview Evan Gilman (Evan Gilman) and Eli Nesterov (꩜ Eli Nesterov), co-founders SPIRL about identities cloud.withgoogle.com/cloudsecurity/…

Wrote this short post yesterday on why multi-factor auth for machines in the form of hardware/software attestation is so important. Lots and lots of breaches involving single factor creds like service account etc...

Put some thoughts together on how to think about ACME and SPIFFE. The TL;DR is: ACME is about proving control of an identifier, while SPIFFE is about assigning and managing identifiers dynamically to enable the authorization of the subjects of those identifiers.

If you're in Seattle for Cloud Native Security Con, come hang out tonight for some bites and good times .. all things workload identity! What is there not to love? See you there!

Pass-the-{token} attacks are still very much relevant. Tokens may change: Cookie, NT Hash, Kerberos ticket, MFA token, ... However, the problem is not in the "token" but in the "pass". We need a solutions to make tokens stay put, such as device and channel binding.

The potential of AI agents should not make us forget that we already have the tools needed to secure them. Just follow the advice of an 11th-century monk, and "start by doing what's necessary." Read more in Pieter Kasselman's blog hubs.li/Q037pyqT0 #AI #AISecurity #identity