DVID: Adding Delegated Authentication to SPIFFE Trusted Domains

Jessup, Andrew; Cochak, Henrique Z.; Koslovski, Guilherme P.; Pillon, Mauricio A.; Miers, Charles C.; Correia, Pedro H. B.; Marques, Marco A.; Simplicio, Marcos A., Jr.

Full text
Author(s):	Jessup, Andrew ; Cochak, Henrique Z. ; Koslovski, Guilherme P. ; Pillon, Mauricio A. ; Miers, Charles C. ; Correia, Pedro H. B. ; Marques, Marco A. ; Simplicio, Marcos A., Jr. Total Authors: 8
Document type:	Journal article
Source:	ADVANCED INFORMATION NETWORKING AND APPLICATIONS, VOL 4, AINA 2024; v. 202, p. 12-pg., 2024-01-01.
Abstract
One of the challenges of cloud computing is ensuring secure access to data and resources. Identity Management Systems (IMS), which enable organizations to handle user identities, authentication, and authorization, are commonly employed for tackling this issue. Whilst OAuth 2.0, SAML, and OpenID Connect are typically used in web applications, the Secure Production Identity Framework for Everyone (SPIFFE) is today among one of the many open source IMS for cloud environments. The reason is that SPIFFE provides a secure and standardized attestation framework for authenticating cloud workloads from the moment they are instantiated. Our work extends SPIFFE's capabilities, allowing the identification not only of the workload making a request, but also of the user behind that request. For this purpose, we design a new credential called Delegated Assertion SVID (DVID), describe a proof-of-concept implementation, and benchmark some baseline scenarios. (AU)

FAPESP's process:	20/09850-0 - Applied Artificial Intelligence Research Center: accelerating the evolution of industries toward standard 5.0
Grantee:	Jefferson de Oliveira Gomes
Support Opportunities:	Research Grants - Research Centers in Engineering Program

Short URL