Dan Vogel

Consulting Member of the Technical Staff; Oracle Corporation
Dan Vogel is a Consulting Member of the Technical Staff at Oracle and an IAM wonk. He acts as one of the chief architects of the Oracle Cloud Infrastructure (OCI) Identity team and has developed multiple core platform features for the latest generation of the Oracle cloud. Prior to OCI, Dan was a developer member of the Competitive Intelligence team at Amazon, focusing on measuring the quality and speed of other retailers for a committee of Bezos and others to evaluate the company performance in comparison to its competitors. Dan holds a Bachelor of Science in Chemistry with a Minor in Computer Science from Carnegie Mellon University.

Dan's Session


Thursday, June 27
2:35 - 3:00 pm
Ballroom
Identities for Everything
As a growing cloud service provider, we faced a problem when building our robust multi-tenancy identity system. The implementation for authorizing advanced services composed of basic infrastructure was safe, but getting too complicated to easily reason about. We solved it by creating a new type of principal actor called resource principal that abstracts both, physical and logical resources, and self-identifies when communicating with infrastructure services. Resource principals represent a novel mechanism for distributing trust at scale. We have found four patterns of resource principals that can be mixed to define all of our cloud resources to date: infrastructure — using physical identifiers (e.g. compute instances); ephemeral — using injected identifiers (e.g. Kubernetes ReplicaSets); stacked — projecting one principal into another (e.g. managed cache); and asserted — collective resources reduced into an individual (e.g. object storage). By defining our infrastructure, we reduced the scope and number of distributed credentials, better capture customer intention of infrastructure interaction, and produce a more precise and actionable audit logs.

Enter your details to receive email updates from Identiverse