Open standards like SPIFFE and SPIRE provide strong isolation guarantees, building a foundation for zero trust.

The New Stack is a publication covering trends and technologies in cloud-native development, DevOps, and software delivery. Developers can learn about containerization, Kubernetes, and cloud computing, as well as explore topics such as microservices architecture, serverless computing, and continuous integration/continuous delivery (CI/CD) pipelines.

The New Stack

SPIFFE and SPIRE provide workload identity and attestation capabilities that enable zero trust architectures without requiring specialized hardware. By establishing cryptographic identities for workloads and verifying their execution context, these open standards deliver many confidential computing benefits on commodity infrastructure. Systems like Edera combine hypervisor-based isolation with SPIFFE/SPIRE to create strong security boundaries where workloads receive identities only when running in verified isolated environments, offering an incremental path to zero trust for enterprises.

How open standards enable zero trust on commodity hardware

SPIFFE and the meaning of workload identity