Term · 32. Workload Identity & Cloud-native
Service Mesh Identity
Definition
Identity model for microservices within service mesh — each service has cryptographic identity (SPIFFE ID, X.509 cert) automatically issued by mesh control plane. Enables mTLS between services without manual credential management. Foundation of cloud-native Zero Trust architectures.
- Synonyms
-
- Service mesh workload identity
- Mesh-based identity
- Application
- Regulatory: CNCF — SPIFFE / SPIRE specs
- Standards & regulations
-
- CNCF
- Sources
-
- Istio service mesh identity primary source
Related terms
-
Cluster Identity
Identity assigned to a Kubernetes cluster or cluster-level service — used for authentication to external services (cloud …
-
Ephemeral Credentials
Credentials with very short lifetime (minutes) issued just-in-time and revoked after use. Replaces long-lived secrets in …
-
OIDC for Cloud (Workload OIDC)
Pattern using OIDC tokens issued by cloud platforms (AWS IRSA, Azure Workload Identity, GCP Workload Identity Federation …
-
Service Account (SA)
Non-human account used by applications, services, or scheduled tasks to authenticate to other systems. Common categories …
-
SPIFFE (Secure Production Identity Framework For Everyone) (SPIFFE)
Secure Production Identity Framework For Everyone — CNCF standard for cryptographic workload identity. Defines SPIFFE ID …
-
SPIRE (SPIFFE Runtime Environment) (SPIRE)
SPIFFE Runtime Environment — open-source reference implementation of SPIFFE. Provides workload attestation (verify workl …