Does the SPIFFE is replacement for Security Groups? Or it's a compliment?

[savankumargudaas]

Hello Awesome Spiffies!

What is the stand of Spiffe, on using of Security Groups/Firewall rules? Does SPIFFE wanna eliminate these concepts(eventually)? Or SPIFFE complements existence of Firewall rules?

I had checked a talk at KubeCon NA '17. It looks that SPIFFE addressing limitations of Firewall rules. I created this issue, so that community gets aware of SPIFFE stand.

[evan2645]

From the slack conversation on the same question

Evan Gilman [3 days ago]
IMO they are complimentary... just because you have security groups doesn't mean you shouldn't use SPIFFE, and vice versa. That said, I personally view security mechanisms like SPIFFE as primary protection mechanisms, which can be shored up through the use of L3/L4 network controls.

Savankumar Gudaas [3 days ago]
@evan2645 yeah it makes sense.
What do mean by SPIFFE as primary protection mechanism? Can you plz expand.
Apart from Authentication, it’s possible to use for Authorization. If authorization pushed to SPIFFE, then SPIFFE can be a primary mechanism. What’s your opinion?

Evan Gilman [2 days ago]
When I said "mechanisms like SPIFFE", what I meant was pervasive authentication and authorization. SPIFFE itself doesn't provide authorization, but it provides a great place to

Going to close this issue out