[Initiative]: Identity and Access Management

[y-tabata]

Name

Identity and Access Management

Short description

Writing Identity and Access Management Whitepaper.

Responsible group

TAG Security and Compliance

Does the initiative belong to a subproject?

No

Subproject name

Identity and Access Management

Primary contact

@y-tabata

Additional contacts

@eddie-knight

Initiative description

This is an initiative to write the Identity and Access Management Whitepaper, which we have been carrying out at TAG Security since last year.
cncf/tag-security#1332

Description:
Authentication and authorization are the most important security considerations in the cloud-native ecosystem, as evidenced by their high ranking in the OWASP Top 10 and OWASP Top 10 API Security Risks.
On the other hand, authentication and authorization frameworks have a wide range of related specifications, including OAuth and OpenID Connect, and it can be difficult for implementers to implement the frameworks, so it would be beneficial to publish best practices for identity and access management.

Deliverable(s) or exit criteria

The deliverable is the Identity and Access Management whitepaper.

[angellk]

thanks @y-tabata ! Is it possible to breakdown this white paper into shorter deliverables that take 1 to 3 months to complete?

Please add a timeline to measure progress against.

[y-tabata]

@angellk This white paper is being divided into Part 1, the design section, and Part 2, the implementation section. Our team is currently working towards completing the draft of Part 1 between the middle and end of May, with the goal of publishing it around the end of June.

[eddie-knight]

This effort is currently undergoing extended review and polish while awaiting further guidance from the TOC regarding next steps.

[angellk]

hi @y-tabata -- please open one initiative per white paper section. Vote is opening soon.

[angellk]

@riaankleinhans ready to open vote once @y-tabata splits the work into multiple initiatives.

[riaankleinhans]

@y-tabata reach out to me when you are done. Thank you.

[eddie-knight]

@angellk The current issue is for the "part 1" that Yoshiyuki mentioned above. We have not done any detailed planning around the second part yet.

[angellk]

Thanks for clarifying @eddie-knight

Gtg @riaankleinhans