TrustFabric Identity specification
Navigation | [Table Of Contents]
Applications vs Services
Note: This specification follows the definition as proposed by Jacob Jenkov here
- Applications are accessed by users and may be accessed by other programs over network
- Services are accessed by programs and may be accessed by users over network
- In cloud-native world, both applications and services perform specialized operations
Note: Although the term application and service is used interchangeably in this document, TrustFabric uses Application as a standard term. The specification applies to both.
What is TrustFabric
TrustFabric is an extensible Cloud Native Identity Specification for Applications. Specification includes:
- Application (a.k.a. Service) Identity Representation and Identity Injection
- Application Identity Verification (Authentication) and Authorization
- Identity Revocation and Invalidation
- Interoperability and Extensibility
Why yet another specification?
Security landscape is changing fast. Adoption of micro-services and cloud-native technology has changed the threat landscape. Here are few challenges:
- Applications (a.k.a. Services) require an identity when interacting with each other
- Application impersonation is a new attack vector
- Application security is still dependent on static credentials
- Confused deputy is new attack dimension with micro-services
- Holistic approach of IDM/IAM does not exist for applications
- Diversity of applications make it harder to standardize
Navigating the Documentation
Following sections provide a details for the specification:
- Terminology
- Goals
- Overview
- Fabric of Trusted Applications
- Interactions and Protocol
- Architecture
- Identity Representation
- Tokens and Validations
- Integration - gRPC, Envoy, Service Mesh, Generics and more
- Identity Protection - MitM, Confused deputy, replay attacks
- FAQ