Related papers: Identity Control Plane: The Unifying Layer for Zer…
This paper introduces intent-aware authorization for Zero Trust CI/CD systems. Identity establishes who is making the request, but additional signals are required to decide whether access should be granted. We describe a control loop…
CI/CD systems have become privileged automation agents in modern infrastructure, but their identity is still based on secrets or temporary credentials passed between systems. In enterprise environments, these platforms are centralized and…
The microservice bombshells that have been linked with the microservice expansion have altered the application architectures, offered agility and scalability in terms of complexity in security trade-offs. Feeble legacy-based perimeter-based…
Credential brokers offer a way to separate identity from access in CI/CD systems. This paper shows how verifiable identities issued at runtime, such as those from SPIFFE, can be used with brokers to enable short-lived, policy-driven…
IPv6 dependability is increasingly inseparable from IPv6 security: Neighbor Discovery (ND), Router Advertisements (RA), and ICMPv6 are essential for correct operation yet expose a broad attack surface for spoofing and flooding. Meanwhile,…
This paper presents a Unified Security Architecture that fortifies the Agentic Web through a Zero-Trust IAM framework. This architecture is built on a foundation of rich, verifiable agent identities using Decentralized Identifiers (DIDs)…
This paper presents a comprehensive classification of identity management approaches. The classification makes use of three axes: topology, type of user, and type of environment. The analysis of existing approaches using the resulting…
Customer Identity and Access Management (CIAM) systems play a pivotal role in securing enterprise infrastructures. However, the complexity of implementing these systems requires careful architectural planning to ensure positive Return on…
"Distributed Identity" refers to the transition from centralized identity systems using Decentralized Identifiers (DID) and Verifiable Credentials (VC) for secure and privacy-preserving authentications. With distributed identity, control of…
The abilities of traditional perimeter-based security architectures are rapidly decreasing as more enterprise assets are moved toward the cloud environment. From a security viewpoint, the Zero Trust framework can better track and block…
Cyber threats have become highly sophisticated, prompting a heightened concern for endpoint security, especially in critical infrastructure, to new heights. A security model, such as Zero Trust Architecture (ZTA), is required to overcome…
While more organizations have been trying to move their infrastructure to the cloud in recent years, there have been significant challenges in how identities and access are managed in a hybrid cloud setting. This paper showcases a novel…
Misconfiguration, excessive privilege, and fragmented controls remain major causes of cloud-infrastructure incidents. This paper proposes an open-source framework that contributes a cross-platform identity-resource graph for Kubernetes and…
The convergence of Artificial Intelligence (AI) inference pipelines with cloud infrastructure creates a dual attack surface where cloud security standards and AI governance frameworks intersect without unified enforcement mechanisms. AI…
Digital identities are increasingly important for mediating not only digital but also physical service transactions. Managing such identities through centralized providers can cause both availability and privacy concerns: single points of…
A single vendor cannot provide complete IIoT end-to-end solutions because cooperation is required from multiple parties. Interoperability is a key architectural quality. Composability of capabilities, information and configuration is the…
The modern enterprise is facing an unprecedented surge in digital identities, with machine identities now significantly outnumbering human identities. This paper examines the cybersecurity risks emerging from what we define as the…
Mobile networks evolve on a regular basis to meet the requirements of a rapidly changing application ecosystem; hence, a future-proof design is key to getting the most out of their lifecycle. In comparison to other access networks, one…
Self-Sovereign Identity is a transformative paradigm in digital identity management, empowering individuals with full control over their credentials. However, the coexistence of diverse SSI ecosystems, such as the European Digital Identity…
Zero Trust Architecture (ZTA) has become a widely adopted model for securing enterprise environments, promoting continuous verification and minimal trust across systems. However, its application in mobile contexts remains limited, despite…