Learn the emerging software trends you should pay attention to. Attend online QCon Plus (Nov 29 - Dec 9, 2022). Register Now
Facilitating the Spread of Knowledge and Innovation in Professional Software Development
Jordan Bragg discusses using entry-points, breadth-first scanning, and operation tagging to demystify the domain, see where to dive deeper, and uncover what technical debt may exist.
Even when designing a Minimum Viable Architecture (MVA), developers must consider resource location, especially when mobile apps are part of a distributed system. Distributing the data and processing can introduce new challenges if location is not part of the decision making criteria.
In a web-based service, a slowdown in request processing can eventually make your service unavailable. Chances are, not all requests need to be processed right away. Some of them just need an acknowledgement of receipt. Have you ever asked yourself: “Would I benefit from asynchronous processing of requests? If so, how would I make such a change in a live, large-scale mission critical system?”
Nicky Wrightson shares from her expertise having several different senior IC roles to give insight into the possible routes of staff plus role, including what is needed to get a staff plus role.
At QCon Plus November 2021, Nora Jones, CEO and founder of Jeli, talked about how to build production readiness reviews (PRR) with emphasis on context and psychological safety. Her talk focused on the particulars of a PRR process that relates to incidents.
Understand the emerging software trends you should pay attention to. Attend in-person on Oct 24-28, 2022.
Make the right decisions by uncovering how senior software developers at early adopter companies are adopting emerging trends. Register Now.
Adopt the right emerging trends to solve your complex engineering challenges. Register Now.
Your monthly guide to all the topics, technologies and techniques that every professional needs to know about. Subscribe for free.
InfoQ Homepage News Production Identity Framework SPIRE Graduates from CNCF
The Cloud Native Computing Foundation has announced the graduation of SPIFFE and SPIRE. SPIFFE defines a standard to authenticate software services through the use of platform-agnostic, cryptographic identities. SPIRE is an implementation of the SPIFFE API that is production ready. Recent improvements to the project include adding experimental Windows support.
The SPIFFE (Secure Production Identity Framework for Everyone) specification is designed to work within dynamic and heterogeneous environments providing a means to mutually authenticate workloads. At the base of the specification is the concept of short lived cryptographic identity docs, known as SVIDs (SPIFFE Verifiable Identity Documents), available via API. Workloads can leverage these documents to authenticate to other workloads.
In order to graduate, SPIFFE and SPIRE had to demonstrate a level of project maturity expected by the CNCF for stable projects. This includes good adoption, a Core Infrastructure Initiative Best Practices Badge, and a defined governance and committer process.
Both projects have undergone numerous security reviews including a TAG Security review in 2020 and, more recently, a third-party security audit from Cure53. The Cure53 audit focused on the security posture of the SPIRE project, performed a source code audit of the SPIRE code base, and a penetration test against a live SPIRE deployment. With no severe or critical issues found, the Cure53 team stated that "the overall quality of the whole project can be judged as quite mature".
SPIFFE has support for workloads within AWS, GCP, Azure, and running on bare metal. There are also integrations available with Kubernetes, Docker, Vault, MySQL, and Envoy. A number of projects are now issuing IDs as per the SPIFFE specification such as Istio Citadel, Consul, and Kuma.
As of version 1.3.0 SPIRE has introduced experimental support for Windows workloads. This allows for running both the SPIRE server and agent on Windows. With this new support, the goal of the project is to provide a similar feel to running on Linux. Many of the existing plugins that comprise SPIRE architecture have been adapted to work under Windows. A new Windows-specific workload attestor has been added that works similarly to the existing Linux version.
At the time of release, the SPIFFE Workload Endpoint standard does not expose the Workload API as a named pipe endpoint. As of version 1.4.0, the Kubernetes workload attestor plugin is now supported on Windows. The go-spiffe library has been updated to support the use of named pipes with the Workload API but other language libraries have not. Agustin Martinez Fayó, SPIRE maintainer, notes that this "is in part due to a lack of support for named pipe transports in the C/C++ gRPC library".
SPIFFE and SPIRE are available for download from GitHub under the Apache-2.0 license. With this announcement, SPIFFE and SPIRE join 16 other graduated projects including Envoy, Helm, and Prometheus.
Becoming an editor for InfoQ was one of the best decisions of my career. It has challenged me and helped me grow in so many ways. We'd love to have more people join our team.
Clumio is a secure backup as a service that provides comprehensive data protection against ransomware attacks and account compromises in AWS. Start Free Trial.
A round-up of last week’s content on InfoQ sent out every Tuesday. Join a community of over 250,000 senior developers. View an example
You need to Register an InfoQ account or Login or login to post comments. But there's so much more behind being registered.
Get the most out of the InfoQ experience.
Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p
Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p
Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p
A round-up of last week’s content on InfoQ sent out every Tuesday. Join a community of over 250,000 senior developers. View an example
Real-world technical talks. No product pitches. Practical ideas to inspire you and your team. QCon San Francisco - Oct 24-28, In-person. QCon San Francisco brings together the world's most innovative senior software engineers across multiple domains to share their real-world implementation of emerging trends and practices. Uncover emerging software trends and practices to solve your complex engineering challenges, without the product pitches.Save your spot now
InfoQ.com and all content copyright © 2006-2022 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with. Privacy Notice, Terms And Conditions, Cookie Policy