Authenticating and Authorizing Every Connection at Uber - Yangmin Zhu & Matt Mathew, Uber

less than 1 minute read

Abstract

Uber operates one of the world’s largest and most complex microservice architectures, composed of thousands of services built in diverse languages and maintained by independent teams. Ensuring consistent, secure service-to-service communication, without requiring code changes, posed a massive challenge.In this talk, we’ll share how we built and scaled a platform-level authentication and authorization solution based on Envoy, SPIRE, and the SPIFFE standard. Over a 3-year journey, we rolled out a Zero Trust architecture securing every service interaction with mTLS, authenticating workloads using SPIFFE identities, and enforcing fine-grained policies through a unified control plane.Attendees will learn about the architectural decisions, operational hurdles, and user-experience tradeoffs we faced along the way. Whether you’re starting your Zero Trust journey or looking to scale Envoy/SPIRE across a large org, this talk will offer practical insights from real-world deployment at scale.

Sched URL

Video

Share on

X Facebook LinkedIn Bluesky

About

Conferences

Authenticating and Authorizing Every Connection at Uber - Yangmin Zhu & Matt Mathew, Uber

Abstract

Video

Share on

You May Also Enjoy

You Deployed What?! Data-Driven Lessons on Unsafe Helm Chart Defaults - Yossi Weizman, Microsoft

Tools and Strategies for Making the Most of Kubernetes Access Control - Lucas Käldström, Upbound & Micah Hausler, AWS

The Ultimate Container Challenge: An Interactive Trivia Game on Supply Chain Security - Aurélie Vache, OVHcloud & Sherine Khoury, Red Hat

Securing Data Applications at Pinterest With Finer Grained Access Control on Kubernetes - Soam Acharya & William Tom, Pinterest