We celebrate “Solving the Bottom Turtle: a SPIFFE Way to Establish Trust in Your Infrastructure via Universal Identity”. The SPIFFE/SPIRE book is now available online and being printed. It was written in 10 days during a virtual Book Sprint in September and October. Guided by the facilitation of Book Sprints Ltd, a team of experts collaboratively conceptualized, wrote and revised the 200-page book. It is the latest of a series of virtual Book Sprints for technical books, after a recent book with Cisco and two books with Red Hat.
How the SPIFFE/SPIRE Book Sprint happened
The SPIFFE/SPIRE project is open source and part of the Cloud Native Computing Foundation (CNCF). Hewlett Packard Enterprises (HPE) initiated and sponsored the Book Sprint as a contribution to the open source community. The sprint brought together committed experts from HPE, VMWare, Netflix, Doc.ai/Anthem, IBM, Cohesity, ByteDance, TikTok and CNCF SIG-Security. This group locked themselves up in a virtual room for long hours. There, they combined their knowledge to create a comprehensive, yet reader-friendly book. Facilitator Barbara Rühling led the workflow, while the Book Sprints production team copy-edited, illustrated and designed the content. In real time, ready to be published immediately.
What the book is all about
The resulting book presents the SPIFFE standard for service identity and its reference implementation SPIRE. They provide a uniform identity control plane across modern and heterogeneous infrastructure. Since software and application architectures have grown substantially, they are spread across virtual machines in public clouds and private data centers. Security models for the organizations that manage them must keep up with these infrastructure technologies. And this is where SPIFFE and SPIRE come in. With SPIFFE/SPIRE, developers and operators can build software using new infrastructure technologies, while allowing security teams to step back from time-consuming security processes.
The Book Sprint united the team of experts to provide a deep understanding of the identity problem and how to solve it. The book closes with case studies from practitioners from Uber, Pinterest, ByteDance, Anthem and Square.
The title of the book ‘Solving the Bottom Turtle’ refers to an anecdote: A woman interrupted a philosopher’s lecture to tell him the world rested on a turtle’s back. When the philosopher asked her what the turtle then rested on, she said: “It’s turtles all the way down!”. Finding the bottom turtle, the solid foundation on which all other security rests, is the goal of SPIFFE and SPIRE. Depicted on the book cover is Zero the Turtle. It represents the foundation for security, the trust and support for all the other turtles.
Spin-offs from the book and conference presentations
The topic is in demand. Even before the Book Sprint was over, the participants were already presenting the book’s content and illustrations in various meetings. More than 80 original diagrams were created during the sprint. Their almost hand-drawn sketch style differs from other technical diagrams to represent the accessible, less institutional nature of the open source project.
‘Solving the Bottom Turtle’ is launched on November 17. The authors and the Book Sprint facilitator Barbara Rühling will present it at Production Identity Day at KubeCon as part of the the Linux Foundation KubeCon and CloudNativeCon North America 2020.
Book Sprints on open source
We couldn’t be more pleased to support this important open source initiative. Open source software was where the method of Book Sprints first came to life. More than ten years ago, Book Sprints founder Adam Hyde started experimenting with rapid collaborative book production for FLOSS Manuals. Here Adam talks about why Book Sprints work.