Identity Control Plane: The Unifying Layer for Zero Trust Infrastructure
By: Surya Teja Avirneni
Potential Business Impact:
Secures computer access for people and programs.
This paper introduces the Identity Control Plane (ICP), an architectural framework for enforcing identity-aware Zero Trust access across human users, workloads, and automation systems. The ICP model unifies SPIFFE-based workload identity, OIDC/SAML user identity, and scoped automation credentials via broker-issued transaction tokens. We propose a composable enforcement layer using ABAC policy engines (e.g., OPA, Cedar), aligned with IETF WIMSE drafts and OAuth transaction tokens. The paper includes architectural components, integration patterns, use cases, a comparative analysis with current models, and theorized performance metrics. A FedRAMP and SLSA compliance mapping is also presented. This is a theoretical infrastructure architecture paper intended for security researchers and platform architects. No prior version of this work has been published.
Similar Papers
Establishing Workload Identity for Zero Trust CI/CD: From Secrets to SPIFFE-Based Authentication
Cryptography and Security
Secures computer programs from hackers.
Intent-Aware Authorization for Zero Trust CI/CD
Cryptography and Security
Makes computer code safe by checking who and why.
Identity and Access Management for the Computing Continuum
Cryptography and Security
Secures computer networks using trusted digital IDs.