Within the current PoC, the remote attestation capability enables remote users (applications) to verify Apocryph Node provider on Base Protocol Level. The purpose of this spike is to investigate the options for remote users (applications) to perform a remote verification of a specficic application running in a verified cluster.
The spike investigates an implementation approach in which the Base Protocol and provides code signature information about a running application (pod). The code signature information for the application can be based on using exisiting sigstore infrastructure that can be enforced during pod deployment based on policy and then relayed to the remote users at request. This relaying process should be closely linked with Ingress Controller. The remote users (applications) should receive the code signature information paired with ingress endpoint / path that corresponds to the application (pod) - essentially relying on the Base Protocol's Ingress (attested) to connect the remote users (applications) with the application.
Within the current PoC, the remote attestation capability enables remote users (applications) to verify Apocryph Node provider on Base Protocol Level. The purpose of this spike is to investigate the options for remote users (applications) to perform a remote verification of a specficic application running in a verified cluster.
The spike investigates an implementation approach in which the Base Protocol and provides code signature information about a running application (pod). The code signature information for the application can be based on using exisiting sigstore infrastructure that can be enforced during pod deployment based on policy and then relayed to the remote users at request. This relaying process should be closely linked with Ingress Controller. The remote users (applications) should receive the code signature information paired with ingress endpoint / path that corresponds to the application (pod) - essentially relying on the Base Protocol's Ingress (attested) to connect the remote users (applications) with the application.
Important constraints:
References:
Note: This spike is part of the Autoscaler autonomous application effort.