Skip to content

A proof of concept Software Defined Perimeter (SDP) implementation using OpenSPA for service hiding

License

Notifications You must be signed in to change notification settings

greenstatic/opensdp

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

OpenSDP

A proof of concept Software Defined Perimeter (SDP) implementation using OpenSPA for service hiding.

opensdp

How It Works

Currently being a PoC, OpenSDP supports only service discovery for OpenSPA protected services.

  • Each service is protected by an OpenSPA server
  • Clients not knowing where OpenSPA hidden services are contact the OpenSDP server for service discovery over mutual TLS
  • Clients are then free to perform the OpenSPA handshake with all services that they are authorized

opensdp-detailed

Currently it's only possible to define services and the clients ACL using a series of YAML files. This is planned to change in the coming releases.

Client Usage

Currently there are two commands: services and access.

Services

Returns a list of authorized services.

Access

This command is used to acquire access to a service. You can use it by specifying the service name, eg. ./openspa-client access example-www. It is also possible to acquire access to all authorized services (returned using the services command) using the command line flag -a.

Setup

A tutorial how to setup OpenSDP with a working OpenSPA installation is available here.

TODO

  • Add logging to server
  • Add timeout if HTTP request is taking too long

License

This software is licensed under: GNU General Public License v3.0.

About

A proof of concept Software Defined Perimeter (SDP) implementation using OpenSPA for service hiding

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages