Intent-Aware Authorization for Zero Trust CI/CD
By: Surya Teja Avirneni
Potential Business Impact:
Makes computer code safe by checking who and why.
This paper introduces intent-aware authorization for Zero Trust CI/CD systems. Identity establishes who is making the request, but additional signals are required to decide whether access should be granted. We describe a control loop architecture where policy engines such as OPA and Cedar evaluate runtime context, justification, and human approvals before issuing access credentials. The system builds on SPIFFE-based workload identity and credential brokers, and enables fine-grained, auditable authorization. This is the third paper in a series on Zero Trust CI/CD design patterns.
Similar Papers
Establishing Workload Identity for Zero Trust CI/CD: From Secrets to SPIFFE-Based Authentication
Cryptography and Security
Secures computer programs from hackers.
Decoupling Identity from Access: Credential Broker Patterns for Secure CI/CD
Cryptography and Security
Lets computers get temporary keys safely.
Identity Control Plane: The Unifying Layer for Zero Trust Infrastructure
Cryptography and Security
Secures computer access for people and programs.