English

Identity Control Plane: The Unifying Layer for Zero Trust Infrastructure

Cryptography and Security 2025-04-25 v1 Software Engineering

Abstract

This paper introduces the Identity Control Plane (ICP), an architectural framework for enforcing identity-aware Zero Trust access across human users, workloads, and automation systems. The ICP model unifies SPIFFE-based workload identity, OIDC/SAML user identity, and scoped automation credentials via broker-issued transaction tokens. We propose a composable enforcement layer using ABAC policy engines (e.g., OPA, Cedar), aligned with IETF WIMSE drafts and OAuth transaction tokens. The paper includes architectural components, integration patterns, use cases, a comparative analysis with current models, and theorized performance metrics. A FedRAMP and SLSA compliance mapping is also presented. This is a theoretical infrastructure architecture paper intended for security researchers and platform architects. No prior version of this work has been published.

Keywords

Cite

@article{arxiv.2504.17759,
  title  = {Identity Control Plane: The Unifying Layer for Zero Trust Infrastructure},
  author = {Surya Teja Avirneni},
  journal= {arXiv preprint arXiv:2504.17759},
  year   = {2025}
}

Comments

Part of the Zero Trust Identity Foundations series. Authored Jan 2025. Introduces the Identity Control Plane (ICP) as a unifying layer for SPIFFE, brokered automation, and ABAC policy. 10 pages, 1 figure, 1 table. IEEE format. Keywords: Zero Trust, SPIFFE, WIMSE, Identity Control Plane, ABAC, CI/CD Security

R2 v1 2026-06-28T23:10:18.957Z