1. posterid:556998
  2. landscape, spiffe, opa, vault

Re: landscape, spiffe, opa, vault

Tim Hinrichs
 

+1 to the Authentication (SPIFFE, spire), Authorization (OPA), Audit (?).  Classically these are part of Security, but there's no box for that.  

AAA is typically cross-cutting.  OPA, for example, has integrations with Kube (orchestration), Istio (app), Terraform (provisioning), AWS (cloud).

Tim


On Wed, Nov 15, 2017 at 7:33 AM Guru Chahal via cncf-toc <cncf-toc@...> wrote:
Similar functions have often been classified as "AAA" in traditional systems (Authentication, Authorization, Accounting). I agree that no box really captures these well today - the closest are likely 'coordination and service discover' or perhaps 'service management'. I'd imagine 'service management' is the the likely best current home... Istio is listed there as well today (most adjacent to these projects today). 

-Guru


On Wed, Nov 15, 2017 at 6:59 AM, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
That was where I was going...

Do others agree?


On Wed, Nov 15, 2017 at 2:58 PM, Nick Chase <nchase@...> wrote:
I think OPA belongs in the top layer but I don't think it fits in any of the existing subcategories.  In fact I feel that way about all three.

---- Nick


On Wednesday, November 15, 2017, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
All,

Question about the landscape.


- do we want to put OPA in the top layer, either inside, or next to App Def?
- what about identity - spiffe and spire?
- do we think key management should move to top layer?

a




_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc


_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc
Join {cncf-toc@lists.cncf.io to automatically receive all group messages.