|
|
|
|
|
|
by gz5
1364 days ago
|
|
|
Looks good, Matt, and thanks for open source and SaaS flexibility. Can you add to or correct the comparisons to OpenZiti and Wireguard to help us frame the sweet spot for Ockam? OpenZiti In common: mTLS w/ built in PKI mgmt; attribute based access control; SDKs to embed in apps. Different: OpenZiti includes the network overlay as well. Ockam add-ons may target other use cases? Wireguard In common: E2E encryption; hosted SaaS avail Different: UDP hole punching; network-level segmentation; no mTLS; no app embed |
|
|
I led the design of Ockam. I am somewhat familiar with Wiregaurd and not at all familiar with OpenZiti. All tools that are helping us build application that have much much smaller vulnerability surfaces are awesome!!
Some things that you can do with Ockam:
1. Create Noise based secure channels all sorts of multi-hop, multi-protocol, network topologies - TCP <> TCP, or TCP <> TCP <> TCP, or UDP <> Kafka <> TCP, or BlueTooth <> TCP <> TCP etc.
2. Move end-to-end encrypted data through Kafka, RabbitMQ, and other messaging and streaming systems.
3. Run on small embedded devices (Rust no_std) or run on large servers.
5. Encrypted Relays through Ockam Orchestrator. UDP hole puncturing coming soon.
6. Store keys and run cryptography in hardware or in cloud KMS.
7. Plug into enterprise Identity Providers and Policy Providers and enforce Attribute based access control policies.
8. Operate very lightweight credential authorities
9. Scale Enrollment Protocols, Credentials rotation/revocation etc.
and more.