Advances in Zero Trust Access Control

The field of access control is moving towards a Zero Trust architecture, with a focus on decoupling identity from access and enabling fine-grained, policy-driven authorization. This shift is driven by the need for more secure and trusted data exchange, particularly in CI/CD systems. Researchers are exploring innovative solutions, such as credential brokers, SPIFFE-based authentication, and intent-aware authorization, to address the challenges of access control in modern infrastructure. Notable papers in this area include:

  • Establishing Workload Identity for Zero Trust CI/CD, which introduces SPIFFE as a runtime-issued, platform-neutral identity model for non-human actors.
  • Intent-Aware Authorization for Zero Trust CI/CD, which describes a control loop architecture for evaluating runtime context and justification before issuing access credentials.
  • Identity Control Plane, which proposes a unifying architectural framework for enforcing identity-aware Zero Trust access across human users, workloads, and automation systems.

Sources

Access control for Data Spaces

Establishing Workload Identity for Zero Trust CI/CD: From Secrets to SPIFFE-Based Authentication

Decoupling Identity from Access: Credential Broker Patterns for Secure CI/CD

Intent-Aware Authorization for Zero Trust CI/CD

Identity Control Plane: The Unifying Layer for Zero Trust Infrastructure

Built with on top of