SIG Auth Deep Dive

The presentation discusses authentication and authorization in the context of a test server, covering how to indicate a path that requires authentication, setting up credentials at different levels of specificity, and the hierarchy of authentication attempts.

• Authentication can be indicated on a path by locking a padlock icon
• Credentials can be set at different levels of specificity, including the global organizational level, the warehouse server level, the client level, and the path level
• The program will attempt to authenticate using the most specific credentials first, following a hierarchy from path to client to warehouse to global
• An anecdote is provided where the presenter intentionally sets incorrect credentials at the path level to demonstrate the hierarchy of authentication attempts

The presenter intentionally sets incorrect credentials at the path level to demonstrate the hierarchy of authentication attempts, showing that the program first attempts to authenticate using the path-level credentials, then moves on to the client-level credentials when the path-level credentials fail.

After a quick intro, this presentation will touch upon the current items the SIG is working on. These include the ongoing Pod Security effort, KMS encryption at rest observability and performance enhancements, structured configuration for authentication and authorization, reduction of legacy service account token attack surface area, certificate signing request duration control, etc. We will also discuss how to get involved with the SIG: https://docs.google.com/document/d/1sY8fRyRtk4eG9R439z5ao5i9bFuuxilS03XaNlqoni0Click here to view captioning/translation in the MeetingPlay platform!