Abstract
Techniques described herein provide for an approach in which an agent provisions a workload with initial credentials based on a workload profile that is learned using a controller. During runtime, when the workload requests a new token using its initial token to interact with peer workloads, an authorization server coordinates with the controller to learn the upstream/downstream peer workloads that will be in the path for the flows the workload will handle. Based on the security posture of those workloads, an appropriate scoped token is returned. This ensures malicious / untrusted workloads in the path cannot re-use or proxy the token.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
R, Ram Mohan and I V, Rajesh, "WORKLOAD IDENTITY MANAGEMENT USING AGENT AND CONTROLLER", Technical Disclosure Commons, (June 20, 2024)
https://www.tdcommons.org/dpubs_series/7116