logo-green.png

Janssen Project is a Digital Public Good

The Janssen Project has been included in the Digital Public Goods Alliance (DPG) Registry. The goal of the DPG Registry is to promote digital public goods and contribute to creating a more equitable world.

“Workload Identity”: It’s SPIFFY, but Central Policy Management?

Graphic depicting the concept of SPIFFY Mutual TLS (mTLS) securing workload identity and communication in a distributed system using SPIFFE and SPIRE standards. SPIFFE stands for Secure Production Identity Framework for Everyone, and SPIRE stands for SPIFFE Runtime Environment. The image illustrates the process of enforcing policies based on workload identities derived from X.509 client certificates within an East-West service mesh like Istio or Cilium. It also mentions the use of policy languages such as Cilium YAML and CEL, as well as the suggestion of using OPA or other Policy Decision Points (PDP) for managing enterprise policies. Additionally, the image highlights the overlap between mTLS workload identity and OAuth clients, mentioning RFC 8705 and RFC 9449 as potential mechanisms for binding OAuth access tokens to mutual-TLS certificates

SPIFFY Mutual TLS (mTLS) is a way to secure workload identity and communication in a distributed system using the SPIFFE and SPIRE standards. (see also: https://spiffe.io/) SPIFFE stands for Secure Production Identity Framework for Everyone, and SPIRE stands for SPIFFE Runtime Environment.

4 Learnings: DPGA Meeting 2023

I attended the DPGA annual meeting in Addis Ababa, Ethiopia. It was my first time meeting in person many of the people in that community and learning about the laudable goals of the DPG Alliance initiatives. The meeting was opened by Yodahe Zemichael , who leads the National ID Program Office in Ethiopia, and shared his insights based on their recent successful rollout. The plenary was followed by tracks on digital public infrastructure, global challenges, sustainability, and safeguards.

Roadmap for KeyCloak integration in Janssen Project and Gluu Flex

by Michael Schwartz, CEO of Gluu The recent announcement that Keycloak is joining the CNCF as an incubating project was welcome news!!! It resolved two important questions. How would Red Hat transfer governance of the project? Who owns the Keycloak trademark? Consequently, Gluu is working to integrate Keycloak into both the Janssen Project and the commercial Gluu […]