Artwork

Contenu fourni par Confluent, founded by the original creators of Apache Kafka® and Founded by the original creators of Apache Kafka®. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Confluent, founded by the original creators of Apache Kafka® and Founded by the original creators of Apache Kafka® ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.
Player FM - Application Podcast
Mettez-vous hors ligne avec l'application Player FM !

Rethinking Apache Kafka Security and Account Management

41:23
 
Partager
 

Manage episode 349153498 series 2355972
Contenu fourni par Confluent, founded by the original creators of Apache Kafka® and Founded by the original creators of Apache Kafka®. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Confluent, founded by the original creators of Apache Kafka® and Founded by the original creators of Apache Kafka® ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.

Is there a better way to manage access to resources without compromising security? New employees need access to a variety of resources within a company's tech stack. But manually granting access can be error-prone. And when employees leave, their access must be revoked, thus potentially introducing security risks if an admin misses one. In this podcast, Kris Jenkins talks to Anuj Sawani (Security Product Manager, Confluent) about the centralized identity management system he helped build to integrate with Apache Kafka® to prevent common identity management headaches and security risks.
With 12+ years of experience building cybersecurity products for enterprise companies, Anuj Sawani explains how he helped build out KIP-768 (Secured OAuth support in Kafka) that supports a unified identity mechanism that spans across cloud and on-premises (hybrid scenarios).
Confluent Cloud customers wanted a single identity to access all their services. The manual process required managing different sets of identity stores across the ecosystem. Anuj goes on to explain how Identity and Access Management (IAM) using cloud-native authentication protocols, such as OAuth or OpenID Connect, solves this problem by centralizing identity and minimizing security risks.
Anuj emphasizes that sticking with industry standards is key because it makes integrating with other systems easy. With OAuth now supported in Kafka, this means performing client upgrades, configuring identity providers, etc. to ensure the applications can leverage new capabilities. Some examples of how to do this are to use centralized identities for client/broker connections.
As Anuj continues to build and enhance features, he hopes to recommend this unified solution to other technology vendors because it makes integration much easier. The goal is to create a web of connectors that support the same standards. The future is bright, as other organizations are researching supporting OAuth and similar industry standards. Anuj is looking forward to the evolution and applying it to other use cases and scenarios.
EPISODE LINKS

  continue reading

Chapitres

1. Intro (00:00:00)

2. Common identity management problems and security risks (00:06:19)

3. Building a centralized identity management system (00:11:33)

4. Recommendations for enterprise IAM (00:14:47)

5. OAuth vs. Open ID Connect (00:18:35)

6. Integrating identity providers with Apache Kafka (00:22:36)

7. KIP-768: Introducing secured OAuth support for Apache Kafka (00:25:24)

8. Setting up discovery end points (00:30:35)

9. Tips for getting started with centralized identity management (00:35:22)

10. Authentication vs. authorization standards (00:38:41)

11. It's a wrap! (00:39:42)

265 episodes

Artwork
iconPartager
 
Manage episode 349153498 series 2355972
Contenu fourni par Confluent, founded by the original creators of Apache Kafka® and Founded by the original creators of Apache Kafka®. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Confluent, founded by the original creators of Apache Kafka® and Founded by the original creators of Apache Kafka® ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.

Is there a better way to manage access to resources without compromising security? New employees need access to a variety of resources within a company's tech stack. But manually granting access can be error-prone. And when employees leave, their access must be revoked, thus potentially introducing security risks if an admin misses one. In this podcast, Kris Jenkins talks to Anuj Sawani (Security Product Manager, Confluent) about the centralized identity management system he helped build to integrate with Apache Kafka® to prevent common identity management headaches and security risks.
With 12+ years of experience building cybersecurity products for enterprise companies, Anuj Sawani explains how he helped build out KIP-768 (Secured OAuth support in Kafka) that supports a unified identity mechanism that spans across cloud and on-premises (hybrid scenarios).
Confluent Cloud customers wanted a single identity to access all their services. The manual process required managing different sets of identity stores across the ecosystem. Anuj goes on to explain how Identity and Access Management (IAM) using cloud-native authentication protocols, such as OAuth or OpenID Connect, solves this problem by centralizing identity and minimizing security risks.
Anuj emphasizes that sticking with industry standards is key because it makes integrating with other systems easy. With OAuth now supported in Kafka, this means performing client upgrades, configuring identity providers, etc. to ensure the applications can leverage new capabilities. Some examples of how to do this are to use centralized identities for client/broker connections.
As Anuj continues to build and enhance features, he hopes to recommend this unified solution to other technology vendors because it makes integration much easier. The goal is to create a web of connectors that support the same standards. The future is bright, as other organizations are researching supporting OAuth and similar industry standards. Anuj is looking forward to the evolution and applying it to other use cases and scenarios.
EPISODE LINKS

  continue reading

Chapitres

1. Intro (00:00:00)

2. Common identity management problems and security risks (00:06:19)

3. Building a centralized identity management system (00:11:33)

4. Recommendations for enterprise IAM (00:14:47)

5. OAuth vs. Open ID Connect (00:18:35)

6. Integrating identity providers with Apache Kafka (00:22:36)

7. KIP-768: Introducing secured OAuth support for Apache Kafka (00:25:24)

8. Setting up discovery end points (00:30:35)

9. Tips for getting started with centralized identity management (00:35:22)

10. Authentication vs. authorization standards (00:38:41)

11. It's a wrap! (00:39:42)

265 episodes

Semua episode

×
 
Loading …

Bienvenue sur Lecteur FM!

Lecteur FM recherche sur Internet des podcasts de haute qualité que vous pourrez apprécier dès maintenant. C'est la meilleure application de podcast et fonctionne sur Android, iPhone et le Web. Inscrivez-vous pour synchroniser les abonnements sur tous les appareils.

 

Guide de référence rapide