standards icon indicating copy to clipboard operation
standards copied to clipboard
verified publisher icon SovereignCloudStack

Add Draft of "Machine Identity" Decision Record

Open joshmue opened this issue 3 years ago • 7 comments

Signed-off-by: Joshua Mühlfort [email protected]

joshmue avatar Sep 23 '22 10:09 joshmue

@JuanPTM @reqa Would you mind to take a look? We could further discuss in the next ops/iam meetings.

joshmue avatar Sep 26 '22 13:09 joshmue

Looks good to me.

JuanPTM avatar Sep 26 '22 14:09 JuanPTM

@horazont I adjusted this document to #143, please feel free to give feedback.

(I also "fixed" the need to spell out SPIFFE by omitting it)

joshmue avatar Sep 30 '22 13:09 joshmue

Is this still relevant? I will close this PR if nothing happens by July 31st.

mbuechse avatar Jun 25 '24 12:06 mbuechse

It's still very relevant to the cloud's user experience and general security as outlined in the document itself.

Whether it's feasible for the SCS project to achieve in the short/medium term, is uncertain.

Two factors that could make it more easy:

  1. K8s clusters offer OIDC federation of ServiceAccounts
  2. The "Central API" may be configured to accept tokens from a central IdP

joshmue avatar Jun 26 '24 07:06 joshmue

So the topic is relevant, but what I meant was this PR. Can it be salvaged and merged, or do we expect it to lie dormant for the next months? In the latter case, it should probably be closed. Unfortunately, it doesn't mention any issue.

mbuechse avatar Jun 26 '24 13:06 mbuechse

The content is not outdated in some way, as it is very high level. So, it is ok to be discussed and merged, IMHO. I cannot say anything about prioritization/planning across weeks/months/years/project-phases, though.

joshmue avatar Jun 27 '24 09:06 joshmue

@garloff @matofeder @jschoone what is your take on this? Should this be merged or closed?

fkr avatar Feb 16 '25 19:02 fkr

I'll close this for now.

fkr avatar Feb 19 '25 14:02 fkr