SIG-Security facilitates collaboration to discover and produce resources which enable secure access, policy control and safety for operators, administrators, developers, and end-users across the cloud native ecosystem.
“Cloud Native” is open source cloud computing for applications — a complete trusted toolkit for modern architectures (CNCF presentation). There are multiple projects which address key parts of the problem of providing access controls and addressing safety concerns. Each of these adds value, yet for these technical solutions to be capable of working well together and manageable to operate they will need a minimal shared context of what defines a secure system architecture.
There is a future where operators, administrators and developers feel confident creating new cloud native applications. They use cloud technologies with clear understanding of risks and the ability to validate that their security policy decisions are reflected in deployed software.
We envision that there could exist an ecosystem of tools that can simplify the experience of cloud native operators, administrators and developers, including:
- System security architecture that understands and accommodates the ever growing heterogeneity of systems and provides a framework to protect resources and data while servicing their users
- Common vocabulary and open source libraries that make it easy for developers to create and deploy apps that meet system security requirements
- Common libraries and protocols that enable people to reason about the security of the system, such as auditing and explainability features.
The charter of the working group is to reduce risk that cloud native applications expose end user data or allow other unintended access. Distributed deployments across heterogeneous infrastructure are increasingly common for cloud native applications. The working group sees common need patterns in cloud-native application architecture to improve the security of the systems. Without common ways to programatically ensure consistent policy, it is increasingly difficult to evaluate system architecture security at scale. We propose that the creation of open source libraries, if needed, that enable interoperability across software and providers will enable the adoption of common protocols for access control. This will in turn accelerate the adoption of cloud-native application development models, as well as streamline operations for both cloud and traditional infrastructure.
- Dan Shaw (@dshaw), PayPal [chair]
- Sarah Allen (@ultrasaurus), [chair]
- Jeyappragash JJ (@pragashj), Tetrate.io [chair]
- Devarajan P Ramaswamy (@deva), PADME
- Kamil Pawlowski (@kbpawlowski)
- Geri Jennings (@izgeri), CyberArk
- Howard Huang (@hannibalhuang), Huawei [Kubernetes Policy WG co-chair]
- Jason Melo (@jasonmelo), NearForm
- Torin Sandall (@tsandall), OPA
- Sree Tummidi (@sreetummidi), Pivotal [Cloud Foundry Project Lead]
- Christian Kemper (@ckemper67), Google
- Ray Colline (@rcolline), Google
- Doug Davis (@duglin), IBM
- Sabree Blackmon (@heavypackets), Docker
- Justin Cormack (@justincormack), Docker
- Liz Rice (@lizrice), Aqua Security
- Erik St. Martin (@erikstmartin), Microsoft
- Cheney Hester (@quiqie), Fifth Third Bank
- Erica von Buelow (@ericavonb), Red Hat [Kubernetes Policy WG]
- Mark Underwood (@knowlengr)
- Rae Wang (@rae42), Google
- Rachel Myers (@rachelmyers), Google
- Evan Gilman (@evan2645), Scytale.io
- Andrew Weiss (@anweiss), Docker
- TK Lala (@tk2929), ZcureZ
- Maor Goldberg (@goldberg10)
- Andrew Martin (@sublimino), ControlPlane
- Karthik Gaekwad (@iteration1), Oracle
- Chase Pettet (@chasemp), Wikimedia Foundation
- Jia Xuan (@xuanjia), China Mobile
- John Morello (@morellonet), Twistlock
- Alban Crequy (@alban), Kinvolk
- Michael Schubert (@schu), Kinvolk
- Andrei Manea (@andrei_821), CloudHero
- Justin Cappos (@JustinCappos), New York University
- Santiago Torres-Arias (@SantiagoTorres), New York University
- Brandon Lum (@lumjjb), IBM
- Ash Narkar (@ashutosh-narkar), OPA
- JOIN OUR MEETINGS REGULARLY, THEN ADD YOURSELF VIA PULL REQUEST
- SAFE WG - renamed to CNCF Security SIG
- (Proposed) CNCF Policy Working Group - Merged into SAFE WG
Anyone is welcome to join our open discussions of WG projects and share news related to the group's mission and charter. Much of the work of the group happens outside of WG meetings and we encourage project teams to share progress updates or post questions in these channels:
- Email list
- CNCF Slack #sig-security channel
The Security SIG group meets every Friday at 11:00am PT (USA Pacific):
Join: https://zoom.us/j/665428022
Or iPhone one-tap:
- US: +16699006833,,665428022# or +16468769923,,665428022#
Or Telephone:
- US: +1 669 900 6833 or +1 646 876 9923, Meeting ID: 665-428-022
- International numbers available: https://zoom.us/zoomconference?m=r-YGNTQJzZphTlO4LYkdhAt4oIQpwl2g
Please let us know if you are going and if you are interested in attending (or helping to organize!) an in-person meetup. Create a github issue for an event and add to list below:
- KubeCon + CloudNativeCon, Barcelona, Spain, May 20 – 23, 2019 - [issue#127]
- KubeCon + CloudNativeCon, San Diego, CA - Nov 18 – 21, 2019 - [issue#128]
Past
- KubeCon + CloudNativeCon, North America, Dec 11-13, 2018 - issue#29
- KubeCon + CloudNativeCon, Shanghai, Nov 14-15, 2018 - issue#28
- KubeConEU May 2-4, 2018 in Copenhagen, Denmark (notes)
- 2018-04-12 SAFE Meeting - OPA with SAFE Presentation Framework
- 2018-04-11 SAFE Meeting - Working Session
- 2018-04-05 SAFE Meeting - Google Open Source Project Onboarding
- 2018-04-04 SAFE Meeting - Working Session
- 2018-03-29 SAFE Meeting - Revised presentation framework with in-toto (OPA, Kamus, TOC invited)
- 2018-03-28 SAFE Meeting - Working Session
- 2018-03-22 SAFE Meeting
- 2018-03-22 SAFE Meeting - SAFE Whitepaper Working Session
- 2018-03-15 SAFE Meeting
- 2018-03-08 SAFE Meeting
- 2018-03-07 SAFE Meeting - Working Session
- 2018-03-08 SAFE Meeting
- 2018-03-07 SAFE Meeting - Working Session
- 2018-03-01 SAFE Meeting
- 2018-02-28 SAFE Meeting - Working Session
- 2018-02-22 SAFE Meeting
- 2018-02-21 SAFE Meeting - Working Session
- 2018-02-15 SAFE Meeting
- 2018-02-08 SAFE Meeting
- 2018-02-01 SAFE Meeting
- 2018-01-31 SAFE Meeting - Working Session
- 2018-01-25 SAFE Meeting
- 2018-01-24 SAFE Meeting - Working Session
- 2018-01-18 SAFE Meeting
- 2018-01-17 SAFE Meeting - Working Session
- 2018-01-11 SAFE Meeting
- 2018-01-10 SAFE Meeting - Working Session - ⭐ new meeting notes doc
- 2018-12-21 SAFE Meeting
- 2018-12-13 SAFE WG BOF Deep Dive @ KubeCon + CloudNativeCon North America 2018
- 2018-12-11 SAFE WG Dinner @ KubeCon + CloudNativeCon North America 2018
- 2018-12-11 SAFE WG BOF Intro @ KubeCon + CloudNativeCon North America 2018
- 2018-12-14 SAFE Meeting
- 2018-12-07 SAFE Meeting
- 2018-11-30 SAFE Meeting
- 2018-11-29 SAFE Meeting - Working Session
- 2018-11-23 - no meeting
- 2018-11-22 - no meeting 🦃
- 2018-11-16 SAFE Meeting
- 2018-11-15 SAFE Meeting - Working Session
- 2018-11-14 - KubeCon Shanghai 2018 Intro Session: Intro: SAFE (A Cloud Native Security Working Group)
- 2018-11-09 - no meeting: SPIFFE Community Day
- 2018-11-08 SAFE Meeting - Working Session
- 2018-10-26 SAFE Meeting
- 2018-10-25 SAFE Meeting - Working Session
- 2018-10-19 SAFE Meeting
- 2018-10-12 SAFE Meeting
- 2018-10-05 SAFE Meeting
- 2018-10-04 SAFE Meeting - Working Session
- 2018-09-28 SAFE Meeting
- 2018-09-21 SAFE Meeting
- 2018-09-20 SAFE Meeting - Working Session
- 2018-09-14 SAFE Meeting
- 2018-09-07 SAFE Meeting
- 2018-09-06 SAFE Meeting - Working Session
- 2018-08-31 SAFE Meeting
- 2018-08-31 SAFE Meeting
- 2018-08-30 SAFE Meeting
- 2018-08-24 SAFE Meeting
- 2018-08-21 SAFE WG proposal to the CNCCF TOC
- 2018-08-17 SAFE Meeting
- 2018-08-16 SAFE Meeting - Working Session
- 2018-08-10 SAFE Meeting
- 2018-08-09 SAFE Meeting - Working Session
- 2018-08-03 SAFE Meeting
- 2018-08-02 SAFE Meeting - Working Session
- 2018-07-27 SAFE Meeting
- 2018-07-13 SAFE Meeting
- 2018-06-29 SAFE Meeting
- 2018-06-15 SAFE Meeting
- 2018-06-08 SAFE Meeting
- 2018-06-01 - no meeting
- 2018-05-25 SAFE Meeting
- 2018-05-18 SAFE Meeting
- 2018-05-11 SAFE Meeting
- KubeCon Europe 2018 Deep-dive Session
- KubeCon Europe 2018 Intro Session
- 2018-04-27 SAFE Meeting
- 2018-04-20 SAFE Meeting - CNCF TOC Proposal follow-up
- 2018-04-13 SAFE Meeting - Prep for the SAFE WG proposal presentation to the CNCF TOC on 4/17
- 2018-04-06 SAFE Meeting - SAFE Personas WhitePaper
- 2018-03-30 SAFE Meeting
- 2018-03-23 SAFE Meeting - NIST Big Data public working group - security and privacy subgroup with Mark Underwood
- 2018-03-16 SAFE Meeting
- 2018-03-09 - no meeting
- 2018-03-02 SAFE Meeting - GCP Administrators Bill of Rights with @raycolline
- 2018-02-23 SAFE Meeting - Open Policy Agent (OPA) Use Case with @tsandall and @timothyhinrichs
- 2018-02-16 SAFE Meeting - Cloud Foundry Use Case with @sreetummidi
- 2018-02-07 SAFE Meeting