Norka Lucena

Principal Member of the Technical Staff; Oracle Corporation
Norka Lucena is a Principal Member of the Technical Staff at Oracle. Prior joining the Oracle Cloud Infrastructure (OCI) Identity team, she developed several Azure services at Microsoft, leading the authentication and authorization implementation for a SPA that managed datacenter operations world-wide serving users from public and private clouds (both federated and not) and a backend authorization service, also supporting multiple clouds. She holds a Ph.D. in Computer Science from Syracuse University with focused on protocol steganography and covert channels for private communications.

Norka's Session


Thursday, June 27
2:35 - 3:00 pm
Ballroom
Identities for Everything
As a growing cloud service provider, we faced a problem when building our robust multi-tenancy identity system. The implementation for authorizing advanced services composed of basic infrastructure was safe, but getting too complicated to easily reason about. We solved it by creating a new type of principal actor called resource principal that abstracts both, physical and logical resources, and self-identifies when communicating with infrastructure services. Resource principals represent a novel mechanism for distributing trust at scale. We have found four patterns of resource principals that can be mixed to define all of our cloud resources to date: infrastructure — using physical identifiers (e.g. compute instances); ephemeral — using injected identifiers (e.g. Kubernetes ReplicaSets); stacked — projecting one principal into another (e.g. managed cache); and asserted — collective resources reduced into an individual (e.g. object storage). By defining our infrastructure, we reduced the scope and number of distributed credentials, better capture customer intention of infrastructure interaction, and produce a more precise and actionable audit logs.

Enter your details to receive email updates from Identiverse