Sig Auth Deep Dive

The presentation discusses the major enhancements the SIG is working on for authentication and authorization, including Pod Security, KMS encryption, structured configuration, reduction of legacy service account token attack surface area, and certificate signing request duration control. It also explains how to set up authentication and credentials for paths, and the different levels of specificity for credentials.

• Major enhancements for authentication and authorization
• Pod Security
• KMS encryption
• Structured configuration
• Reduction of legacy service account token attack surface area
• Certificate signing request duration control
• How to set up authentication and credentials for paths
• Different levels of specificity for credentials

The presenter demonstrates how to set up authentication for a path and how to indicate that authentication is required by locking a padlock icon. They explain that the most specific credentials are set up directly on the path, while the least specific are set up at the organizational level. The presenter also shows how the system gives flexibility in determining how to authenticate equipment, depending on the architecture. They illustrate this by purposely changing the credentials to see how the system tries different levels of credentials until it gains access to the folder.

In this presentation, we will talk about all the major enhancements the SIG is working on. These include the ongoing Pod Security effort, KMS encryption at rest observability and performance enhancements, structured configuration for authentication and authorization, reduction of legacy service account token attack surface area, certificate signing request duration control, etc. We will also discuss ways you can get involved with the SIG: https://docs.google.com/document/d/1sY8fRyRtk4eG9R439z5ao5i9bFuuxilS03XaNlqoni0