You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi all, I'm back working with the EdgeX Foundry team to integrate OpenZiti into EdgeX Foundry. OpenZiti has been adopted to secure the communication between core edgex services. OpenZiti is a a secure, zero trust overlay network. It allows zero trust connectivity from one identity to another.
A key feature of OpenZiti is that it's just an SDK that needs to be adopted into the program to enable the additional security and it actually eliminates processes from listening on the IP-based, underlay network at all, basically making the program unattackable by traditional network-based attacks from unauthenticated applications.
I'll be putting a PR up for ekuiper to act as a client to other OpenZiti-enabled services (like the EdgeX core services). If you'd like, I could also look to add OpenZiti to the two ports endpoints kuiper exposes to the underlay by default (CLI port and REST service port).
(i posted this in to the slack too, dunno which is the best place to have the discussion)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi all, I'm back working with the EdgeX Foundry team to integrate OpenZiti into EdgeX Foundry. OpenZiti has been adopted to secure the communication between core edgex services. OpenZiti is a a secure, zero trust overlay network. It allows zero trust connectivity from one identity to another.
A key feature of OpenZiti is that it's just an SDK that needs to be adopted into the program to enable the additional security and it actually eliminates processes from listening on the IP-based, underlay network at all, basically making the program unattackable by traditional network-based attacks from unauthenticated applications.
I'll be putting a PR up for ekuiper to act as a client to other OpenZiti-enabled services (like the EdgeX core services). If you'd like, I could also look to add OpenZiti to the two ports endpoints kuiper exposes to the underlay by default (CLI port and REST service port).
(i posted this in to the slack too, dunno which is the best place to have the discussion)
Beta Was this translation helpful? Give feedback.
All reactions