In this talk given at the DevSecOps and Zero Trust Architecture (ZTA) for Multi-Cloud Environments conference held at NIST, I am showing how the process of provisioning runtime identities to the workloads of a Service Mesh works. The demo covers in detail how the istio proxy works internally and how it uses the Envoy SDS API to continuously provision certificates to the workloads to be used in mTLS connections.
Identity Provisioning in a Service Mesh
DevSecOps and Zero Trust Architecture (ZTA) for Multi-Cloud Environments, NIST 2021 — January 2021