logo-green.png
Contact

Day: February 8, 2024

“Workload Identity”: It’s SPIFFY, but Central Policy Management?

Graphic depicting the concept of SPIFFY Mutual TLS (mTLS) securing workload identity and communication in a distributed system using SPIFFE and SPIRE standards. SPIFFE stands for Secure Production Identity Framework for Everyone, and SPIRE stands for SPIFFE Runtime Environment. The image illustrates the process of enforcing policies based on workload identities derived from X.509 client certificates within an East-West service mesh like Istio or Cilium. It also mentions the use of policy languages such as Cilium YAML and CEL, as well as the suggestion of using OPA or other Policy Decision Points (PDP) for managing enterprise policies. Additionally, the image highlights the overlap between mTLS workload identity and OAuth clients, mentioning RFC 8705 and RFC 9449 as potential mechanisms for binding OAuth access tokens to mutual-TLS certificates

SPIFFY Mutual TLS (mTLS) is a way to secure workload identity and communication in a distributed system using the SPIFFE and SPIRE standards. (see also: https://spiffe.io/) SPIFFE stands for Secure Production Identity Framework for Everyone, and SPIRE stands for SPIFFE Runtime Environment. SPIFFE defines a platform-agnostic identity format and API for workloads, and SPIRE provides […]

4 Learnings: DPGA Meeting 2023

I attended the DPGA annual meeting in Addis Ababa, Ethiopia. It was my first time meeting in person many of the people in that community and learning about the laudable goals of the DPG Alliance initiatives. The meeting was opened by Yodahe Zemichael , who leads the National ID Program Office in Ethiopia, and shared […]

Learn Gluu
Offering
Company
More Info

Gluu, Inc.
600 Congress Avenue
14th Floor
Austin TX 78701
USA

Linkedin Github Android Apple Youtube

© Gluu Inc. All Rights Reserved.