mesh icon indicating copy to clipboard operation
mesh copied to clipboard
verified publisher icon traefik

Identity Provider implementation

Open kevinpollet opened this issue 5 years ago • 0 comments

Feature Request

Proposal

In order to implement end-to-end encryption between nodes, Maesh should implement an Identity Provider. This IdP will be responsible to issue trusted certificates for proxies to allow mTLS communications The IdP should at least:

  • Issue trusted certificates compliant with the SPIFFE spec.
  • Provide a Trust Bundle needed to secure communications.
  • Attest mesh proxies to only issue certificates for trusted proxies.

To negotiate a certificate, a proxy should also have a sidecar which will implement the negotiation and the renewal routine needed for mTLS communications between nodes.

Those features will be provided as separate commands which will be used by Helm resources.

kevinpollet avatar Sep 07 '20 15:09 kevinpollet