Re: landscape, spiffe, opa, vault

Tim Hinrichs

+1 to the Authentication (SPIFFE, spire), Authorization (OPA), Audit (?).  Classically these are part of Security, but there's no box for that.  

AAA is typically cross-cutting.  OPA, for example, has integrations with Kube (orchestration), Istio (app), Terraform (provisioning), AWS (cloud).


On Wed, Nov 15, 2017 at 7:33 AM Guru Chahal via cncf-toc <cncf-toc@...> wrote:
Similar functions have often been classified as "AAA" in traditional systems (Authentication, Authorization, Accounting). I agree that no box really captures these well today - the closest are likely 'coordination and service discover' or perhaps 'service management'. I'd imagine 'service management' is the the likely best current home... Istio is listed there as well today (most adjacent to these projects today). 


On Wed, Nov 15, 2017 at 6:59 AM, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
That was where I was going...

Do others agree?

On Wed, Nov 15, 2017 at 2:58 PM, Nick Chase <nchase@...> wrote:
I think OPA belongs in the top layer but I don't think it fits in any of the existing subcategories.  In fact I feel that way about all three.

---- Nick

On Wednesday, November 15, 2017, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:

Question about the landscape.

- do we want to put OPA in the top layer, either inside, or next to App Def?
- what about identity - spiffe and spire?
- do we think key management should move to top layer?


cncf-toc mailing list

cncf-toc mailing list

Join { to automatically receive all group messages.