Photo courtesy of Dan Vogel
If you're in the Washington, D.C. area on Thursday, June 27, and attending Identiverse, swing by. Dan Vogel and Norka Lucena from the Oracle Cloud Infrastructure team are presenting Identities for Everything at 2:35 in the Ballroom at the Washington Hilton.
As a growing cloud service provider, we faced a problem when building our robust multitenancy identity system. The implementation for authorizing advanced services like compute and DBaaS instances was safe but could be complicated for customers to easily reason about.
We solved this problem by creating a new type of principal actor, called resource principals, that abstracts both physical and logical resources, and self-identifies when communicating with infrastructure services.
Resource principals are a novel way to distribute trust at scale. We have found four patterns of resource principals that can be mixed to define all of our cloud resources to date:
By assigning Identities to everything in our infrastructure, we reduce the scope and number of distributed credentials, better capture customer intention of infrastructure interaction, and produce more precise and actionable audit logs.
Dan and Norka will show how it works by building a simple cloud app and applying these patterns to result in a clear authentication and authorization story. We hope that by sharing these patterns we can improve identity solutions of other cloud products by embracing the idea of safe, secure identities for everything.
If you can't attend our session but still want to learn more about how to use Resource Principals with Oracle Cloud, check out this white paper on best practices for IAM on Oracle Cloud Infrastructure.