Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, October 29 • 9:00am - 9:40am
Make Keystone The Center Of Universe - How eBay Uses it in Multi-security Zones

Sign up or log in to save this to your schedule and see who's attending!

We will share the experience how we use global keystone here at eBay, those are addressed by real questions:

The instances running in production environment have different security level than the ones running in development environment. Projects locates in high secured zones requires 2FA(Two Factor Authentication) to authenticate while others use password credential. We also introduced a more secured authentication method for service access - API Key, which restricts not only what project it would be grant access to but also where the key can be used. The dynamic project based policy makes that happen and easy to use/configure. We will take a deep look at it as well.

We also isolate the controlling services from the production services into the secured control plane. We enhanced the Keystone to a fully armed IAM(Identity & Access Management) and integrate all the control plane services with it.

We will also share the experience on how to reduce the PKIZ token size as for global keystone, the token size would increase per region basis.

  • eBay multi-environment security model

  • Fill the gap between keystone and a generic IAM

  • The answer to more secured service access - API Key

  • Dynamic Project Based Policy for API Key authentication & management

  • eBay global keystone journey

  • Make the token smaller!


Speakers
avatar for Subbu Allamaraju

Subbu Allamaraju

Chief Engineer, Cloud, eBay Inc
Subbu is the Chief Engineer of cloud at eBay Inc. His team builds and operates a multi-tenant geographically distributed OpenStack based private cloud. This cloud now serves 100% of PayPal web and mid tier workloads, significant parts of eBay front end and services, and thousands of users for their dev/test activities.


Thursday October 29, 2015 9:00am - 9:40am
Kougyoku