TrustFabric Identity specification

Navigation | [Table Of Contents]

Applications vs Services

Note: This specification follows the definition as proposed by Jacob Jenkov here

• Applications are accessed by users and may be accessed by other programs over network
• Services are accessed by programs and may be accessed by users over network
• In cloud-native world, both applications and services perform specialized operations

Note: Although the term application and service is used interchangeably in this document, TrustFabric uses Application as a standard term. The specification applies to both.

What is TrustFabric

TrustFabric is an extensible Cloud Native Identity Specification for Applications. Specification includes:

• Application (a.k.a. Service) Identity Representation and Identity Injection
• Application Identity Verification (Authentication) and Authorization
• Identity Revocation and Invalidation
• Interoperability and Extensibility

Why yet another specification?

Security landscape is changing fast. Adoption of micro-services and cloud-native technology has changed the threat landscape. Here are few challenges:

1. Applications (a.k.a. Services) require an identity when interacting with each other
2. Application impersonation is a new attack vector
3. Application security is still dependent on static credentials
4. Confused deputy is new attack dimension with micro-services
5. Holistic approach of IDM/IAM does not exist for applications
6. Diversity of applications make it harder to standardize

Navigating the Documentation

Following sections provide a details for the specification:

• Terminology
• Goals
• Overview
• Fabric of Trusted Applications
• Interactions and Protocol
• Architecture
• Identity Representation
• Tokens and Validations
• Integration - gRPC, Envoy, Service Mesh, Generics and more
• Identity Protection - MitM, Confused deputy, replay attacks
• FAQ