ICAM on a Purchase Card

Marc BoorshteinCompliance, ficam, icam, Identity Management, Implementation Costs, Open Source, sso, user provisioning

If you’ve done any work for or with the US federal government, you’ve heard the acronym ICAM or FICAM.  It stands for the Federal Identity, Credential and Access Management standards outlined at https://gsa.github.io/ficam-arch/.  These are a set of standards agencies should follow when it comes to identity management, items like using your PIV cards for authentication and providing audit frameworks.  In … Read More

Marc BoorshteinICAM on a Purchase Card

Containers are (Not) Doomed Because of Dirty Cow, and Why Identity Management is Important For Mitigation

Marc BoorshteinCloud, Cloud Native, Identity Management, Kubernetes, Linux, Open Source, OpenShift, Red Hat

OK, sorry for the click bait style headline but for the first blog of the new year I thought I’d have some fun. I came across a blog post on twitter from @geek_king about this real nasty bug in the kernel that can give you root access to the host server, breaking out of your container. Is this a big … Read More

Marc BoorshteinContainers are (Not) Doomed Because of Dirty Cow, and Why Identity Management is Important For Mitigation

Unison 1.0.8 Available

Marc BoorshteinAmazon Web Services, Cloud, Cloud Native, Identity Management, Infrastructure as a Service, Kubernetes, Linux, Open Source, OpenShift, PaaS, ubuntu

We’re pleased to announce the immediate availability of Unison and OpenUnison 1.0.8. This release brings new features specifically aimed at Cloud Native systems: OpenID Connect support, both as a relying party and as an identity provider Kubernetes SSO integration MongoDB Support for storing authorization data and additional attributes outside of your corporate Active Directory Identity Management for OpenShift and OpenStack … Read More

Marc BoorshteinUnison 1.0.8 Available

OpenShift Compliance and Identity Management

Marc BoorshteinCloud, Cloud Native, Compliance, Identity Management, Implementation Costs, Open Source, OpenShift, Red Hat

The OpenShift team at Red Hat has put together a GREAT compliance guide for OpenShift.  This doc does a great job detailing each control in NIST 800-53.  There’s one major compliance issue that this document explicitly leaves to the “Organization” – identity management.  As you go through this document you’ll notice that nearly every control that deals with identity management … Read More

Marc BoorshteinOpenShift Compliance and Identity Management

MyVirtualDirectory 1.0.0 Released

Marc BoorshteinCloud, Identity Management, Implementation Costs, Open Source, Uncategorized

I started MyVirtualDirectory nearly ten years ago as a hobby project to “keep my claws sharp” since I wasn’t doing much programming.  Today I’m proud to announce that after multiple revamps, production deployments, and feature enhancements MyVD is now ready for 1.0.0! LDAP is the protocol thats been “dead” or “dying”, depending on who is pontificating on the subject, for … Read More

Marc BoorshteinMyVirtualDirectory 1.0.0 Released

Tremolo Security at ISSA International in Dallas, Tx

Marc BoorshteinAmazon Web Services, Cloud, Drupal, Identity Management, Implementation Costs, Infrastructure as a Service, Kubernetes, Linux, Open Source, OpenShift

We’re proud to be a sponsor this year of the Information Security System Association’s (ISSA) international conference.  We’ll be in booth 707 and I’ll be presenting with my colleagues about the US National Capital Region’s Identity and Access Management Program (IAMS) at Secure User Application Access in a Hurry on Thursday November third at 11:30 am talking about just how quickly … Read More

Marc BoorshteinTremolo Security at ISSA International in Dallas, Tx

Kubernetes on Raspberry Pi II – Networking

Marc BoorshteinKubernetes, Linux, Open Source, PaaS, raspberry pi, ubuntu

After my last blog, I had thought I had this pretty much working.  Not really.  Once I got the api server and minion up and running I still needed to get networking running.  The suggestion in the kubeadm install instructions says to use Weave.  I know there are several networking plugins for Kubernetes, and I’ll be honest I don’t really know … Read More

Marc BoorshteinKubernetes on Raspberry Pi II – Networking

Building an Identity Enabled Kubernetes Cluster on Raspberry Pi

Marc BoorshteinIdentity Management, Kubernetes, Linux, Open Source, raspberry pi, ubuntu, Uncategorized

Why?  WHY NOT?  Ok, so while at DevFestDC this year Ray Tsang (aka @saturnism) was doing a code demo of Kubernetes and has his stack of Raspberry Pis that he uses and I thought it was pretty cool.  Given we have a couple of conferences coming up (ISSA security conference in Dallas and Kubecon in Seattle) I thought it would … Read More

Marc BoorshteinBuilding an Identity Enabled Kubernetes Cluster on Raspberry Pi

Missed Google DevFestDC? Here’s My Talk on Kubernetes Identity Management

Marc BoorshteinCloud, Identity Management, Kubernetes, Open Source, Uncategorized

Couldn’t make DevFestDC?  Want to learn about how you can deploy Kubernetes in an identity aware way?  The session recording hasn’t been published yet, but here’s a screen cast of the talk and the demo.  We figured this would be easier to watch then me standing in front of a room. Kubernetes Identity Management at Google DevFest DC 2016 from … Read More

Marc BoorshteinMissed Google DevFestDC? Here’s My Talk on Kubernetes Identity Management

Kubernetes Identity Management Part II – RBAC and User Provisioning

Marc BoorshteinCloud, Identity Management, Kubernetes, Open Source, Uncategorized

In our last episode we talked about the new SSO features in Kubernetes 1.3 and got it working.  The flip-side of the access coin from SSO is identity management.  SSO answers the question “who?”, identity management answers “what?” and should also answer “why?”.  In this episode we’re going to walk through Kubernetes’ RBAC model and show off its integration with … Read More

Marc BoorshteinKubernetes Identity Management Part II – RBAC and User Provisioning