Comments (2)
I'm imagining this leads to a hypothetical where some routers do not require pre configuration with a YAML file (out of band config), favoring an in band configuration managed centrally via client or ctrl plane, kicked off by enrollment.
For example,
1. Router finds client API via token issuer claim and verifies signature with server cert pubkey 2. Router finds ctrl plane in enrollment response and saves in local endpoints file 3. Router saves identity files in its working directory with default filenames, optionally configured by standard ziti env vars implemented in the create config subcommands
The config here is service configurations, not router configuration. There is a desire for controller-provided router configuration, but that's not being addressed here.
from ziti.
I'm imagining this leads to a hypothetical where some routers do not require pre configuration with a YAML file (out of band config), favoring an in band configuration managed centrally via client or ctrl plane, kicked off by enrollment.
For example,
- Router finds client API via token issuer claim and verifies signature with server cert pubkey
- Router finds ctrl plane in enrollment response and saves in local endpoints file
- Router saves identity files in its working directory with default filenames, optionally configured by standard ziti env vars implemented in the create config subcommands
from ziti.
Related Issues (20)
- Add `ctrls` property to non-ha router enrollment
- Add Edge Management Read Only Capability
- Enable 3rd Party CA Router Enrollment
- Add Ext JWT Auto Entrollment
- Add internal PKI CRL/OCSP support
- Add JWKS info to authentication JWTs
- Investigate OAuth support for 3rd party access
- Update C SDKs to support External IdP Options
- Update Go SDKs to support External IdP Options
- Update Java SDKs to support External IdP Options
- Bug: Router enrollment extension does not check if it can set cert first
- Add authentication events
- Add posture system events
- React to loss of service access in routers without session mechanism
- Make Posture Data work in HA
- api session certs should be deleted when related api sessions are deleted
- Router circuit guardrails
- Continue DTLS for links work
- Fix OIDC Standalone JWT Verification
- Fix OIDC RTR Handling
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ziti.