mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
16 lines
1.2 KiB
Plaintext
16 lines
1.2 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/zero_trust_workload_identity_manageer/zero-trust-manager-overview.adoc
|
|
|
|
:_mod-docs-content-type: CONCEPT
|
|
[id="zero-trust-manager-about-attestation_{context}"]
|
|
= Attestation
|
|
|
|
|
|
Attestation is the process by which the identity of nodes and workloads are verified before SPIFFE IDs and SVIDs are issued. The SPIRE Server gathers attributes of both the workload and node that the SPIRE Agent runs on, and then compares them to a set of selectors defined when the workload was registered. If the comparison is successful, the entities are provided with credentials. This ensures that only legitimate and expected entities within the trust domain receive cryptographic identities. The two main types of attestation in SPIFFE/SPIRE are:
|
|
|
|
* Node attestation: verifies the identity of a machine or a node on a system, before a SPIRE Agent running on that node can be trusted to request identities for workloads.
|
|
|
|
* Workload attestation: verifies the identity of an application or service running on an attested node before the SPIRE Agent on that node can provide it with a SPIFFE ID and SVID.
|
|
|
|
For more information, see link:https://spiffe.io/docs/latest/spire-about/spire-concepts/#attestation[Attestation]. |