{"id":1771,"date":"2025-01-06T18:01:56","date_gmt":"2025-01-06T10:01:56","guid":{"rendered":"https:\/\/www.fanyamin.com\/wordpress\/?p=1771"},"modified":"2025-01-06T18:01:56","modified_gmt":"2025-01-06T10:01:56","slug":"whats-spiffe","status":"publish","type":"post","link":"https:\/\/www.fanyamin.com\/wordpress\/?p=1771","title":{"rendered":"What&#8217;s SPIFFE"},"content":{"rendered":"<h2>Overview<\/h2>\n<p>SPIFFE (Secure Production Identity Framework For Everyone) is a set of standards for securely identifying workloads.<\/p>\n<p>SPIFFE sets out:<\/p>\n<ul>\n<li>A format for uniquely specifying an identity called SPIFFE ID.<\/li>\n<li>Standards for encoding the SPIFFE ID into verifiable documents which are called SVIDs (SPIFFE Verifiable Identity Document), and which come in a JWT and X.509 format.<\/li>\n<li>Processes that workloads should use to validate a received SVID.<\/li>\n<li>A set of APIs that workloads can use to request SVIDS, the Workload API.<\/li>\n<\/ul>\n<p>The open nature and popularity of SPIFFE make it well-suited as the foundation of a full workload identity implementation. It is supported as an identity provider by a number of popular tools (such as Linkerd and Istio) and off-the-shelf SDKs exist for implementing SPIFFE directly into your own services.<\/p>\n<p>It's important to recognize that SPIFFE does not specify how to use SPIFFE IDs for authorization. This gives a high level of flexibility, allowing you to implement authorization in a way that suits you.<\/p>\n<h2>Reference<\/h2>\n<ul>\n<li><a href=\"https:\/\/goteleport.com\/docs\/enroll-resources\/workload-identity\/spiffe\/\">https:\/\/goteleport.com\/docs\/enroll-resources\/workload-identity\/spiffe\/<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Overview SPIFFE (Secure Production Identity Framework For Everyone) is a set of standards for securely identifying workloads. SPIFFE sets out: A format for uniquely specifying an identity called SPIFFE ID. Standards for encoding the SPIFFE ID into verifiable documents which are called SVIDs (SPIFFE Verifiable Identity Document), and which come in a JWT and X.509 [&hellip;] <a class=\"read-more\" href=\"https:\/\/www.fanyamin.com\/wordpress\/?p=1771\" title=\"Permanent Link to: What&#8217;s SPIFFE\">&rarr;Read&nbsp;more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-1771","post","type-post","status-publish","format-standard","hentry","category-5"],"_links":{"self":[{"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/1771"}],"collection":[{"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1771"}],"version-history":[{"count":1,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/1771\/revisions"}],"predecessor-version":[{"id":1772,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/1771\/revisions\/1772"}],"wp:attachment":[{"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1771"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1771"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1771"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}