Distributed privilege access management is a complex orchestration problem: access must be reliably granted and revoked across multiple environments without creating centralized points of failure. This post demonstrates how combining Temporal's durable execution and distributed Worker model with the CNCF Serverless Workflows specification solves this. The open-source tool Thand acts as a bridge, implementing the Serverless Workflows spec with Temporal extensions. It introduces a 'providers' concept that automatically routes workflow tasks to the correct Temporal Worker and Task Queue in the right environment — whether that's a user's local device (for Osquery firewall checks), an internal gRPC entitlements service, or AWS Identity Center — without workflow authors needing to manually manage Task Queue topology. The result is declarative, distributed access workflows backed by Temporal's execution guarantees.
Table of contents
Enter Temporal #Enter Serverless Workflows #Running distributed Serverless Workflows #Enter Thand #Wrapping up #Sort: