A proof of concept Software Defined Perimeter (SDP) implementation using OpenSPA for service hiding.
How It Works
Currently being a PoC, OpenSDP supports only service discovery for OpenSPA protected services.
- Each service is protected by an OpenSPA server
- Clients not knowing where OpenSPA hidden services are contact the OpenSDP server for service discovery over mutual TLS
- Clients are then free to perform the OpenSPA handshake with all services that they are authorized
Currently it's only possible to define services and the clients ACL using a series of YAML files. This is planned to change in the coming releases.
Currently there are two commands: services and access.
Returns a list of authorized services.
This command is used to acquire access to a service.
You can use it by specifying the service name, eg.
./openspa-client access example-www.
It is also possible to acquire access to all authorized services (returned using the
services command) using the command line flag
A tutorial how to setup OpenSDP with a working OpenSPA installation is available here.
- Add logging to server
- Add timeout if HTTP request is taking too long
This software is licensed under: GNU General Public License v3.0.