# KubeCon + CloudNativeCon EU 2022 CFP Template ## Session Title: (75 character max) Rethinking Kubernetes RBAC ## Level of Expertise for Intended Audience: - [ ] Anyone - [ ] Beginner - [ ] Intermediate - [x] Advanced ## Which Cloud Native Computing Foundation (CNCF) hosted software will your presentation be focused on? List all that apply. Graduated and incubating projects can be found [here](https://www.cncf.io/projects/). Sandbox projects can be found [here](https://www.cncf.io/sandbox-projects/). - Kubernetes ## Topic/Track: - [ ] 101 (sessions for those new to the conference overall and/or beginners to the conference content, i.e. Kubernetes 101) - [ ] Application & Development (includes Helm, Brigade, Telepresence, Buildpacks, Backstage, & Porter) - [ ] Business Value - [ ] CI/CD (Flux) - [ ] Community - [x] Customizing & Extending Kubernetes (including KubeVirt, Volcano, CNI-Genie, KUDO, Artifact Hub, Crossplane, Cloud Custodian, Contour, k3s, Tremor and metal3-io, & OpenYurt) - [ ] Machine Learning & Data - [ ] Networking (includes CoreDNS, CNI, gRPC, NATS, KubeEdge, Network Service Mesh, Strimzi, & BFE) - [ ] Observability (includes Fluentd, Prometheus, Jaeger, OpenTracing, OpenMetrics, Cortex, OpenTelemetry, & Thanos) - [ ] Operations (including Argo, LitmusChaos, Operator Framework, & ChaosMesh) - [ ] Performance - [ ] Research + Academia - [ ] Runtimes (includes containerd & CRI-O) - [ ] Security, Identity & Policy (includes Notary, OPA, TUF, SPIFFE/SPIRE, in-toto Parsec, Falco, & Dex) - [ ] Serverless (includes CloudEvents, Virtual Kubelet, & KEDA) - [ ] Service Mesh (includes Envoy, Linkerd, Service Mesh Interface, & Open Service Mesh) - [ ] Storage (includes Rook, Vitess, OpenEBS, Longhorn, TiKV, ChubaoFS & Piraeus-Datastore) - [ ] Student ## Is your presentation considered a case study? - [ ] Yes - [x] No ## Session Description: (1000 character max, written in third person) Businesses, small and large, need RBAC in Kubernetes for compliance, security, and separation of concerns. The current RBAC implementation suffers from some well known limitations, including positive-only rules, no user ownership semantics, and no ACL filtered list. In this session Evan Cordell and Jake Moshenko will show how some of those limitations impact end users day to day, how an improved model could help them, and how a Zanzibar-like approach can solve some of those problems. They will demonstrate this power in action using a prototype which augments RBAC with SpiceDB, and open-source relationship based permissions service. ## Benefits to the ecosystem (1000 character max, tell us how the content of your presentation will better the ecosystem): Giving Kubernetes maintainers and users a clear vision for how a more flexible RBAC system would tangibly improve the platform's experience will help drive and align effort toward making it reality. The prototype implementation could also be used as a starting point for others to explore their own RBAC improvement ideas and implementations. ## Open Source Projects: (please list all open source projects that will be discussed in your presentation and any relevant links) TBD ## Resources: (presentation recording, published books, personal websites, open source projects, etc. ) TBD ## Session Format: - [x] Solo Presentation // 35 mins // 1 speaker - [ ] Dual Presentation // 35 mins // 2 speakers - [ ] Panel Discussion // 35 mins // 3 - 5 speakers - [ ] Tutorial // 90 mins // 1 - 5 speakers - [ ] Lightning Talk // 5 mins // 1 speaker ## Speaker 1: * Name: Evan Cordell * Preferred pronouns: he/him/his * Company: Authzed * Job Title: Software Engineer * Email: evan@authzed.com * Github Handle: ecordell * Twitter Handle: @evancordell * Other Social (i.e. LinkedIn): https://www.linkedin.com/in/evan-cordell-6206a1b/ * Country of residence: USA * Employed at an end user company? Yes * Has the speaker spoken at any KubeCon + CloudNativeCon conferences before? - [ ] Yes * Please provide more details (i.e. name of session that the speaker spoke at during a KubeCon + CloudNativeCon, when and where, recording links): TBD - [ ] No ### Speaker 1 Biography: (800 characters max, written in third person) Evan Cordell is a software engineer working on distributed authorization problems at Authzed. He previously worked on the Operator Framework and OpenShift at Red Hat, and Quay and Docker Notary at CoreOS before that. ## Speaker 2: * Name: * Preferred pronouns: * Company: * Job Title: * Email: * Github Handle: * Twitter Handle: * Other Social (i.e. LinkedIn): * Country of residence: * Employed at an end user company? * Has the speaker spoken at any KubeCon + CloudNativeCon conferences before? - [ ] Yes * Please provide more details (i.e. name of session that the speaker spoke at during a KubeCon + CloudNativeCon, when and where, recording links): TBD - [ ] No ### Speaker 2 Biography: (800 characters max, written in third person) TBD ## Speaker 3: * Name: * Preferred pronouns: * Company: * Job Title: * Email: * Github Handle: * Twitter Handle: * Other Social (i.e. LinkedIn): * Country of residence: * Employed at an end user company? * Has the speaker spoken at any KubeCon + CloudNativeCon conferences before? - [ ] Yes * Please provide more details (i.e. name of session that the speaker spoke at during a KubeCon + CloudNativeCon, when and where, recording links): TBD - [ ] No ### Speaker 3 Biography: (800 characters max, written in third person) TBD ## Speaker 4: * Name: * Preferred pronouns: * Company: * Job Title: * Email: * Github Handle: * Twitter Handle: * Other Social (i.e. LinkedIn): * Country of residence: * Employed at an end user company? * Has the speaker spoken at any KubeCon + CloudNativeCon conferences before? - [ ] Yes * Please provide more details (i.e. name of session that the speaker spoke at during a KubeCon + CloudNativeCon, when and where, recording links): TBD - [ ] No ### Speaker 4 Biography: (800 characters max, written in third person) TBD ## Speaker 5: * Name: * Preferred pronouns: * Company: * Job Title: * Email: * Github Handle: * Twitter Handle: * Other Social (i.e. LinkedIn): * Country of residence: * Employed at an end user company? * Has the speaker spoken at any KubeCon + CloudNativeCon conferences before? - [ ] Yes * Please provide more details (i.e. name of session that the speaker spoke at during a KubeCon + CloudNativeCon, when and where, recording links): TBD - [ ] No ### Speaker 5 Biography: (800 characters max, written in third person) TBD ## Diversity & Inclusion * What gender does Speaker 1 identify with? - [ ] Woman - [ ] Man - [ ] Other Gender Identity - [ ] Prefer not to answer * What gender does Speaker 2 identify with? - [ ] Woman - [ ] Man - [ ] Other Gender Identity - [ ] Prefer not to answer * What gender does Speaker 3 identify with? - [ ] Woman - [ ] Man - [ ] Other Gender Identity - [ ] Prefer not to answer * What gender does Speaker 4 identify with? - [ ] Woman - [ ] Man - [ ] Other Gender Identity - [ ] Prefer not to answer * What gender does Speaker 5 identify with? - [ ] Woman - [ ] Man - [ ] Other Gender Identity - [ ] Prefer not to answer * Does Speaker 1 identify as a person of color? - [ ] Yes - [ ] Prefer not to answer - [ ] Asian - [ ] Black - [ ] Latinx - [ ] Native American - [ ] Indigenous People - [ ] Self Identify: TBD - [ ] No - [ ] Prefer not to answer * Does Speaker 2 identify as a person of color? - [ ] Yes - [ ] Prefer not to answer - [ ] Asian - [ ] Black - [ ] Latinx - [ ] Native American - [ ] Indigenous People - [ ] Self Identify: TBD - [ ] No - [ ] Prefer not to answer * Does Speaker 3 identify as a person of color? - [ ] Yes - [ ] Prefer not to answer - [ ] Asian - [ ] Black - [ ] Latinx - [ ] Native American - [ ] Indigenous People - [ ] Self Identify: TBD - [ ] No - [ ] Prefer not to answer * Does Speaker 4 identify as a person of color? - [ ] Yes - [ ] Prefer not to answer - [ ] Asian - [ ] Black - [ ] Latinx - [ ] Native American - [ ] Indigenous People - [ ] Self Identify: TBD - [ ] No - [ ] Prefer not to answer * Does Speaker 5 identify as a person of color? - [ ] Yes - [ ] Prefer not to answer - [ ] Asian - [ ] Black - [ ] Latinx - [ ] Native American - [ ] Indigenous People - [ ] Self Identify: TBD - [ ] No - [ ] Prefer not to ## This event is currently being planned as an in-person event, May 17-20, in Valencia, Spain WITH a virtual component. Please select the option that best fits how you’d anticipate participating if chosen to speak.* - [ ] I plan to speak in-person if travel and state/country guidlines allow - [ ] I do not plan on traveling and would need to give a virtual talk - [ ] I am unsure and please check back closer to the event