Loading…
In-person
November 12-15
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Mountain Standard Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
← Back to schedule
Pushing Authorization Further: CEL, Selectors and Maybe RBAC++ - Mo Khan & Rita Zhang, Microsoft; Jordan Liggitt, Google
Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 3| 355 BC
Significant changes have been made to authorization in recent versions of Kubernetes. For example, common expression language (CEL) in validating admission policy (VAP) can access the authorizer to perform runtime checks during admission. Authorization has also been made aware of label and field selectors, which are available as extra info to be used by webhooks and CEL expressions in VAP. Looking forward, Kubernetes RBAC could be enhanced to take advantage of this new info. RBAC++ is a proof of concept design to combine CEL with RBAC to allow for conditional bindings at runtime. Thinking about even more experimental changes: what if authorization (and RBAC++) could directly assert conditions at admission time?
Speakers
avatar for Rita Zhang

Rita Zhang

Principal software engineer, Kubernetes SIG Auth co-chair, Security Response Committee, Microsoft
Rita Zhang is a Principal software engineer at Microsoft, based in San Francisco bay area. She leads the Azure Container Upstream team of maintainers and contributors building features for Kubernetes upstream, CNCF projects, and for Azure Kubernetes Service. She is a Kubernetes sig-auth... Read More →
avatar for Mo Khan

Mo Khan

Software Engineer, Microsoft
Mo Khan is a software engineer who is passionate about open source and security. He started working on Kubernetes in 2016, and currently serves as a chair, technical lead and subproject owner for Kubernetes SIG Auth, a member of the Kubernetes Security Response Committee and a contributor... Read More →
avatar for Jordan Liggitt

Jordan Liggitt

Software Engineer, Google
Jordan Liggitt is a software engineer at Google, and helps lead Kubernetes authentication, authorization, and API server efforts.
Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 3| 355 BC
  Maintainer Track, Auth

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link