Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Identity Provider implementation #723

Open
kevinpollet opened this issue Sep 7, 2020 · 0 comments
Open

Identity Provider implementation #723

kevinpollet opened this issue Sep 7, 2020 · 0 comments
Labels
area/controller area/mtls area/traefik kind/enhancement a new or improved feature.
Milestone
next

Comments

@kevinpollet
Copy link
Member

Feature Request

Proposal

In order to implement end-to-end encryption between nodes, Maesh should implement an Identity Provider. This IdP will be responsible to issue trusted certificates for proxies to allow mTLS communications The IdP should at least:

  • Issue trusted certificates compliant with the SPIFFE spec.
  • Provide a Trust Bundle needed to secure communications.
  • Attest mesh proxies to only issue certificates for trusted proxies.

To negotiate a certificate, a proxy should also have a sidecar which will implement the negotiation and the renewal routine needed for mTLS communications between nodes.

Those features will be provided as separate commands which will be used by Helm resources.
@kevinpollet kevinpollet added this to the next milestone Sep 28, 2020
@kevinpollet kevinpollet self-assigned this Sep 29, 2020
@kevinpollet kevinpollet removed their assignment May 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/controller area/mtls area/traefik kind/enhancement a new or improved feature.
Projects
None yet
Milestone
next
Development

No branches or pull requests
1 participant
@kevinpollet