Related papers: Identity Control Plane: The Unifying Layer for Zero Trust Infrastructure

Identity Control Plane: The Unifying Layer for Zero Trust Infrastructure

URL: http://arxiv.org/abs/2504.17759v1
Date: Thu, 24 Apr 2025 17:21:00 GMT
Title: Identity Control Plane: The Unifying Layer for Zero Trust Infrastructure
Authors: Surya Teja Avirneni,
Abstract summary: Identity Control Plane (ICP) is an architectural framework for enforcing identity-aware Zero Trust access.<n>ICP model unifies SPIFFE-based workload identity, OIDC/SAML user identity, and scoped automation credentials via broker-issued transaction tokens.
Score: 0.0
License: http://creativecommons.org/licenses/by/4.0/
Abstract: This paper introduces the Identity Control Plane (ICP), an architectural framework for enforcing identity-aware Zero Trust access across human users, workloads, and automation systems. The ICP model unifies SPIFFE-based workload identity, OIDC/SAML user identity, and scoped automation credentials via broker-issued transaction tokens. We propose a composable enforcement layer using ABAC policy engines (e.g., OPA, Cedar), aligned with IETF WIMSE drafts and OAuth transaction tokens. The paper includes architectural components, integration patterns, use cases, a comparative analysis with current models, and theorized performance metrics. A FedRAMP and SLSA compliance mapping is also presented. This is a theoretical infrastructure architecture paper intended for security researchers and platform architects. No prior version of this work has been published.

Related papers

Decoupling Identity from Access: Credential Broker Patterns for Secure CI/CD [0.0]
Credential brokers offer a way to separate identity from access in CI/CD systems.<n>This paper shows how verifiable identities issued at runtime, such as those from SPE, can be used with brokers to enable short-lived, policy-driven credentials for pipelines and workloads.
arXiv Detail & Related papers (2025-04-20T23:08:17Z)
Establishing Workload Identity for Zero Trust CI/CD: From Secrets to SPIFFE-Based Authentication [0.0]
CI/CD systems have become privileged automation agents in modern infrastructure, but their identity is still based on secrets or temporary credentials passed between systems.<n>This paper describes the shift from static credentials to OpenID Connect (OIDC) federation, and introduces SPIFFE as a platform-neutral identity model for non-human actors.
arXiv Detail & Related papers (2025-04-20T23:06:03Z)
Trusted Identities for AI Agents: Leveraging Telco-Hosted eSIM Infrastructure [0.0]
We propose a conceptual architecture that leverages telecom-grade eSIM infrastructure.<n>Rather than embedding SIM credentials in hardware devices, we envision a model where telcos host secure, certified hardware modules.<n>This paper is intended as a conceptual framework to open discussion around standardization, security architecture, and the role of telecom infrastructure in the evolving agent economy.
arXiv Detail & Related papers (2025-04-17T15:36:26Z)
DocMIA: Document-Level Membership Inference Attacks against DocVQA Models [52.13818827581981]
We introduce two novel membership inference attacks tailored specifically to DocVQA models.<n>Our methods outperform existing state-of-the-art membership inference attacks across a variety of DocVQA models and datasets.
arXiv Detail & Related papers (2025-02-06T00:58:21Z)
HDT: Hierarchical Document Transformer [70.2271469410557]
HDT exploits document structure by introducing auxiliary anchor tokens and redesigning the attention mechanism into a sparse multi-level hierarchy. We develop a novel sparse attention kernel that considers the hierarchical structure of documents.
arXiv Detail & Related papers (2024-07-11T09:28:04Z)
Towards Responsible Generative AI: A Reference Architecture for Designing Foundation Model based Agents [28.406492378232695]
Foundation model based agents derive their autonomy from the capabilities of foundation models. This paper presents a pattern-oriented reference architecture that serves as guidance when designing foundation model based agents.
arXiv Detail & Related papers (2023-11-22T04:21:47Z)
Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks [44.99833362998488]
The paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain. The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set.
arXiv Detail & Related papers (2023-10-12T09:33:50Z)
Enhancing Architecture Frameworks by Including Modern Stakeholders and their Views/Viewpoints [48.87872564630711]
The stakeholders with data science and Machine Learning related concerns, such as data scientists and data engineers, are yet to be included in existing architecture frameworks.<n>We surveyed 61 subject matter experts from over 25 organizations in 10 countries.
arXiv Detail & Related papers (2023-08-09T21:54:34Z)
Camera-Incremental Object Re-Identification with Identity Knowledge Evolution [82.64836424135886]
Object Re-identification (ReID) aims to retrieve the probe object from many gallery images by associating and collecting the identities across all camera views. When deploying the ReID algorithm in real-world scenarios, the aspect of storage, privacy constraints, and dynamic changes of cameras would degrade its generalizability and applicability. Treating each camera's data independently, we introduce a novel ReID task named Camera-Incremental Object Re-identification (CIOR) by continually optimizing the ReID mode from the incoming stream of the camera dataset.
arXiv Detail & Related papers (2023-05-25T10:15:29Z)
FedSOV: Federated Model Secure Ownership Verification with Unforgeable Signature [60.99054146321459]
Federated learning allows multiple parties to collaborate in learning a global model without revealing private data. We propose a cryptographic signature-based federated learning model ownership verification scheme named FedSOV.
arXiv Detail & Related papers (2023-05-10T12:10:02Z)

This list is automatically generated from the titles and abstracts of the papers in this site.