Date
1 - 11 of 11
landscape, spiffe, opa, vault
|
alexis richardson
anyone else want to chip in? On Wed, Nov 15, 2017 at 8:11 PM, Sunil James <sunil@...> wrote:
|
|
|
|
Sunil James <sunil@...>
I've been reading it this morning. I think SPIFFE/SPIRE, OPA, and Vault fit nicely within that framing. Frankly, I think proxies fit within the AAA category, too. Maybe we're even talking about "AAA" being a new horizontal layer below "Orchestration & Management," within which include the following four (4) categories: 1) Authentication 2) Authorization 3) Key Management 4) Proxies That said, I'm happy to defer to more thoughtful evaluations :) On Wed, Nov 15, 2017 at 11:55 AM, Alexis Richardson <alexis@...> wrote:
|
|
|
|
alexis richardson
On Wed, Nov 15, 2017 at 7:52 PM, Sunil James <sunil@...> wrote:
I am ok with that. Wonder what others think?
Is that an offer? ;-) a
|
|
|
|
Sunil James <sunil@...>
Tough one, but I'd say "yes." FWIW, we should probably read through RFC 2989 (specifically the agreed-upon terminology) for historical context. On Wed, Nov 15, 2017 at 11:32 AM, Alexis Richardson <alexis@...> wrote:
|
|
|
|
alexis richardson
would you suggest moving key management to AAA? On Wed, Nov 15, 2017 at 6:09 PM, Sunil James via cncf-toc <cncf-toc@...> wrote:
|
|
|
|
Sunil James <sunil@...>
+1 to this framing, particularly to its cross-cutting nature. While I agree 'security' is a natural starting bucket, the value propositions these (and other) projects address go beyond this (over time). Visually, perhaps the TOC should consider a "AAA" box (or something more elegantly worded) to the right (or left) of 'Service Management'? On Wed, Nov 15, 2017 at 8:13 AM, Tim Hinrichs via cncf-toc <cncf-toc@...> wrote:
|
|
|
|
Tim Hinrichs
+1 to the Authentication (SPIFFE, spire), Authorization (OPA), Audit (?). Classically these are part of Security, but there's no box for that. AAA is typically cross-cutting. OPA, for example, has integrations with Kube (orchestration), Istio (app), Terraform (provisioning), AWS (cloud). Tim On Wed, Nov 15, 2017 at 7:33 AM Guru Chahal via cncf-toc <cncf-toc@...> wrote:
|
|
|
|
Guru Chahal <guru@...>
Similar functions have often been classified as "AAA" in traditional systems (Authentication, Authorization, Accounting). I agree that no box really captures these well today - the closest are likely 'coordination and service discover' or perhaps 'service management'. I'd imagine 'service management' is the the likely best current home... Istio is listed there as well today (most adjacent to these projects today). -Guru On Wed, Nov 15, 2017 at 6:59 AM, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
|
|
|
|
alexis richardson
That was where I was going... Do others agree? On Wed, Nov 15, 2017 at 2:58 PM, Nick Chase <nchase@...> wrote: I think OPA belongs in the top layer but I don't think it fits in any of the existing subcategories. In fact I feel that way about all three. |
|
|
|
Nick Chase
I think OPA belongs in the top layer but I don't think it fits in any of the existing subcategories. In fact I feel that way about all three.
toggle quoted message
Show quoted text
---- Nick On Wednesday, November 15, 2017, Alexis Richardson via cncf-toc <cncf-toc@...> wrote:
|
|
|
|
alexis richardson
All, Question about the landscape. - do we want to put OPA in the top layer, either inside, or next to App Def? - what about identity - spiffe and spire? - do we think key management should move to top layer? a |
|
|
