Closed knowlengr closed 4 weeks ago
Could be relevant to #950 @achetal01 @mrsabath
This issue has been automatically marked as inactive because it has not had recent activity.
Closing as this issue has been inactive for over a year. Please feel free to open if there is renewed interest. The scope here could be a great addition to the Zero Trust paper.
Description: Add and integrate certificate management best practices, principles with other recommendations
Impact: Improve security posture for selected use cases, Enhance productivity where automation support can be added. Potentially add an additional trust layer for zero trust.
Scope: Minimally, a day of research, reading, a day of drafting with a second day to edit. A deeper, more opinionated / influential review would embed certificate recommendations into other CNCF Security TAG artifacts.
Suggested Subtopics | Selected References SDLC, for cloud native, particularly as integrated with CI/CD but also IaC
Identify best practices for three recognized categories of SSL certificate authentication types:
Protocol Support
Asset management: Protecting digital and non-digital assets; e.g., ServiceNow ITOM
Zero trust. See AppviewX post. E.g., cert revocation offers a trust layer
Where SPIFFE fits in
Certificate Discovery
Tool stack interop: e.g., ServiceNow, Collibra
Support for metadata management
How DevOps tools leverage PKI (suggested by Appviewx)
Identity & Identity Access Management: tie to certificate LCM
Service as Orchestrated, Identified Asset (See INCOSE service metamodels)
From Venafi: Figure 6: The Blueprint for a Modern Machine Identity Management Architecture
TLS in Kubernetes https://kubernetes.io/docs/tasks/tls/ and https://snyk.io/blog/setting-up-ssl-tls-for-kubernetes-ingress/
Indirectly related topics:
Related IEEE/ISO Standards
Less useful, except as applied to IoT