Security

• Threat model
  • Confidentiality, integrity and availability
  • Data and control plane
  • Core and extensions
• TLS
  • Underlying implementation
  • FIPS 140-2
  • Enabling certificate verification
  • Certificate selection
  • Secret discovery service (SDS)
  • Authentication filter
  • Trouble shooting
• JSON Web Token (JWT) Authentication
• External Authorization
  • Service Definition
• Role Based Access Control
  • Policy
  • Shadow Policy
  • Condition