Zero Trust

Zero Trust seems quite up to the task of creating a decentralized trust system whereby people have direct control over what services (what they are sharing) can be accessed (used or viewed). The central idea of this security design is that it spreads out authority among an unknown number of details (device, user, system and level of authentication…) to create a score wereby any individual request can be levied.

So consider, you have different things you may want to access in your data at any given point in time, from any particular devce, or any particular person (parent, child, friend…). These are independent variables when it comes to accessing any particular piece of data (bank account, family photos, professional resume).

Zero Trust solves the problem by placing scores on the former variables (person,time,place) and requiring them for latter (private, protected, public information). This allows for some interesting possibilities.

The second important thing about Zero Trust design is that it separates these concerns from the services provided. It does this by separating what it calls the “Control Plane” from the “Data Plane”. The former being all that security crap, the latter being whatever you want to provide to the “public” (anyone outside the current computer). It does this through the use of sidecar proxys that inject a point of control between the service and the world that the control plane can direct, allow, forward, sever…whatever.

There’s much more, but that’s all for now. For now we are convinced this direction has merit.