Comments (1)
evan2645
commented on May 17, 2024
From the slack conversation on the same question
Evan Gilman [3 days ago]
IMO they are complimentary... just because you have security groups doesn't mean you shouldn't use SPIFFE, and vice versa. That said, I personally view security mechanisms like SPIFFE as primary protection mechanisms, which can be shored up through the use of L3/L4 network controls.
Savankumar Gudaas [3 days ago]
@evan2645 yeah it makes sense.
What do mean by SPIFFE as primary protection mechanism? Can you plz expand.
Apart from Authentication, it’s possible to use for Authorization. If authorization pushed to SPIFFE, then SPIFFE can be a primary mechanism. What’s your opinion?
Evan Gilman [2 days ago]
When I said "mechanisms like SPIFFE", what I meant was pervasive authentication and authorization. SPIFFE itself doesn't provide authorization, but it provides a great place to
Going to close this issue out
from spiffe.
Related Issues (20)
- SPIFFE JWT spec does not match SPIRE HOT 6
- JWT-SVID additional properties: doc vs. schema HOT 2
- 2021 H2 SSC Election HOT 11
- SVID vs DID: Secure Production Identity Framework for Everyone (SPIFFE) Verifiable Identity Document (SVID) vs Decentralized Identity (DID from DIF) HOT 2
- 2022 H1 SSC Election HOT 5
- Allow Other non-SPIFFE ID URI SANs HOT 6
- Both id-kp-serverAuth and id-kp-clientAuth MUST be set HOT 5
- Proposal: File Format for SPIFFE Trust Map File HOT 3
- Add additional information into the specification to justify choices HOT 2
- X509-SVID with a CA/B Forum EV Certificate HOT 1
- Bring CLOMonitor Score to 100% HOT 1
- Test with later versions of Kubernetes and update quickstart accordingly
- Add Frederick to list of volunteers
- Add `x509-svid` and `jwt-svid` to IANA registry for RFC 7517 HOT 1
- 2023 H1 SSC Election HOT 2
- 2023H2 SSC Election HOT 5
- Extend JWT-SVID spec and Workload API profile to support OAuth DPoP HOT 7
- png versions of the maturity badges
- Stale Twitter Icon HOT 2
- Feature Request - Community Tab with Sub-Tabs (Blog, Events, Forum, FAQs)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spiffe.