Paul Howard

icon indicating a website link https://www.arm.com

icon company Arm icon location Cambridge, UK icon location Solutions Architect in the architecture and technology group at Arm.

Results 4 comments of Paul Howard

Support Cryptographic Tokens

You may wish to consider the CNCF [Parsec](https://github.com/parallaxsecond/parsec) project for this use case. Parsec has a Go client library, and it's designed to be simpler to consume than PKCS11. Parsec...

Could a SVID be verified by a client process that is not itself a workload?

Thanks for responding, Spike. The storage service was a somewhat hypothetical case. I work on the [Parsec](https://github.com/parallaxsecond/parsec) project (recently adopted in CNCF Sandbox). Parsec provides a uniform software abstraction over...

Could a SVID be verified by a client process that is not itself a workload?

Just to clarify one important point: Parsec is explicitly a host-local service. It is a software agent that represents the secure back-end of a single host device. There is an...

Could a SVID be verified by a client process that is not itself a workload?

On the point of the bootstrapping issue above, I would not expect SPIRE itself to be authenticating to Parsec using a SPIFFE ID. Only general client applications would do this...