Skip to content

eBay/TrustFabric

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

67 Commits

identity

identity

 
 

media

media

 
 

resources

resources

 
 

Architecture.md

Architecture.md

 
 

FAQ.md

FAQ.md

 
 

Goals.md

Goals.md

 
 

Identity.md

Identity.md

 
 

Integrations.md

Integrations.md

 
 

InterOp.md

InterOp.md

 
 

LICENSE.md

LICENSE.md

 
 

Overview.md

Overview.md

 
 

README.md

README.md

 
 

Revocation.md

Revocation.md

 
 

StrongIdentity.md

StrongIdentity.md

 
 

Terminology.md

Terminology.md

 
 

Tokens.md

Tokens.md

 
 

TrustFabric.md

TrustFabric.md

 
 

Repository files navigation

TrustFabric Identity Specification

Summary

TrustFabric is a comprehensive Cloud Native Identity Specification designed for Applications. This specification covers aspects such as Identity Representation, Authentication, Authorization, Identity Revocation, and Interoperability. It aims to address the evolving security landscape and the unique challenges posed by the adoption of micro-services and cloud-native technology.

Understanding Applications and Services

Note: This specification adopts the definitions proposed by Jacob Jenkov here

  • Applications are user-accessible and can also be accessed by other programs over a network.
  • Services are primarily accessed by programs, but can also be accessed by users over a network.
  • In the cloud-native context, both applications and services perform specialized operations.

Note: While the terms 'application' and 'service' are used interchangeably in this document, TrustFabric consistently uses 'Application' as a standard term. The specification applies to both.

About TrustFabric

TrustFabric is a flexible Cloud Native Identity Specification for Applications. The specification includes:

  • Representation and Injection of Application (also known as Service) Identity.
  • Verification of Application Identity (Authentication) and Authorization.
  • Revocation and Invalidation of Identity.
  • Interoperability and Extensibility.

The Need for a New Specification

The security landscape is rapidly evolving. The rise of micro-services and cloud-native technology has altered the threat landscape. Here are a few challenges:

  1. Applications (also known as Services) need an identity for interactions.
  2. Application impersonation has emerged as a new attack vector.
  3. Application security often relies on static credentials.
  4. The 'Confused deputy' problem has become a new dimension of attack with micro-services.
  5. A comprehensive approach to IDM/IAM for applications is lacking.
  6. The diversity of applications complicates standardization.

Navigating the Documentation

The following sections provide detailed information about the specification:

About

Specifications for TrustFabric Identity

Resources

Readme

License

View license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

11 stars

Watchers

10 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •