<p>By <a href="https://www.linkedin.com/in/penick/">James Penick</a>, Architect Director, Verizon Media<b><br/></b></p><p>At Verizon Media, we’ve developed and open sourced a platform for X.509 certificate-based service authentication and fine-grained access control in dynamic infrastructures called <a href="http://www.athenz.io/">Athenz</a>. Athenz addresses zero trust principles, including situations where authenticated clients require explicit authorization to be allowed to perform actions, and authorization needs to always be limited to the least privilege required.</p><p>During the <a href="https://www.openstack.org/summit/berlin-2018/">OpenStack Summit in Berlin</a>, I discussed Athenz and its integration with OpenStack for fully automated role-based authorization and identity provisioning.</p><figure class="tmblr-embed tmblr-full" data-provider="youtube" data-orig-width="540" data-orig-height="304" data-url="https%3A%2F%2Fyoutu.be%2FOHqWur20Sok"><iframe width="540" height="304" id="youtube_iframe" src="https://www.youtube.com/embed/OHqWur20Sok?feature=oembed&amp;enablejsapi=1&amp;origin=https://safe.txmblr.com&amp;wmode=opaque" frameborder="0" allowfullscreen=""></iframe></figure><p><br/>We are using Athenz to bootstrap our instances deployed in both private and public clouds with service identities in the form of short-lived X.509 certificates that allow one service to securely communicate with another. Our OpenStack instances are powered by Athenz identities at scale.<br/></p><p>To learn more about Athenz, give feedback, or contribute, please <a href="https://github.com/yahoo/athenz">visit our Github</a> and <a href="https://athenz.slack.com/">chat with us on Slack</a>.<br/></p>