The Cloud Native Computing Foundation has announced it’s taking three new open-source projects under its protective wing.

The new projects include the Secure Production Identity Framework For Everyone, or “SPIFFE,” and the SPIFFE Runtime Environment, known simply as “SPIRE.” The other new project is called the Open Policy Agent or OPA.

All three are said to have similar goals in that they’re trying to extend the security capabilities of workloads for the cloud and for containers, which are software capsules that allow applications to run on different kinds of computers and operating software.

The CNCF is a nonprofit organization that promotes the development of the cloud-native software stack, where applications are deployed as microservices that are packaged into containers. The main benefit of using cloud-native technologies is that developers can build projects faster and more easily, and run them on any platform. The CNCF houses a number of open-source projects, the most famous being the container orchestration platform Kubernetes.

SPIFFE is an open-source workload identity framework developed by a startup called Scytale that’s used to support distributed systems deployed in public and private clouds and on-premises environments. Scytale Chief Executive Officer Sunil James said it’s modeled on similar systems used by web giants such as Google LLC and Netflix Inc.

More specifically, SPIFFE is focused on something called “service identity,” which means understanding what applications are running where and defining what different components are allowed to do in a distributed environment.

“The SPIFFE community believes that aligning on a common, flexible representation of workload identity, and prescribing best practices for identity issuance and management are critical for widespread adoption of cloud-native architectures,” James said.

The framework has already been deployed by the social media site Pinterest, which uses it to “manage secrets in multi-tenant environments like Kubernetes,” according to a blog post by Pinterest software engineer Jeremy Krach.

As for SPIRE, it’s an open-source SPIFFE implementation that’s used to provision, deploy and manage identities. Using SPIRE, organizations can connect, authenticate and secure workloads running in distributed environments, James said.

Meanwhile, the OPA project is designed to provide a container-based mechanism for deploying security policies into Kubernetes deployments. It gives developers an easy way to enable unified, context-aware policy enforcement across the entire stack.

“As cloud-native technology matures and enterprise adoption increases, the need for policy-based control has become vital,” said Torin Sandall, a software engineer at a startup called Styra who serves as the technical lead for OPA. “OPA provides a purpose-built language and runtime that can be used to author and enforce authorization policy.”

Holger Mueller, principal analyst and vice president of Constellation Research Inc., said the new projects could all play a key role in helping adoption of key identity and security constructs that enterprises need to build next-generation software applications. “It’s good to see the initiative, the startups supporting each and early adopters like Pinterest, but now the CNCF has to nurture and grow the uptake of these new offerings,” Mueller said. “In a few quarters we will know how truly successful these initiatives are.”

All three new projects join the CNCF as “Sandbox” projects, which means they’re at the earliest stage of their development. From there, the projects will progress to the “Incubation” stage, and finally to “Graduation,” which means the software is finally considered to be production-ready for large-scale deployments.

Main image: distel2610/pixabay