ARTICLE

Atsign’s Zero Trust Planes: Policy Plane

 

Policy Plane

The policy plane consists of rules to be followed by the actors that exist within the plane (the actors that exist within the other planes will be detailed later). An example of this idea can be seen in the banking industry. Bank policies that exist, exist within their own policy plane.

Consider a scenario where a small company has four employees: Alice, Bob, Chuck, and Dan. All four employees have access to a thousand devices. If a new employee, Eva, joins, all devices will need to be updated to accommodate her access.

Similarly, if Dan were to leave the company, all devices would need to be updated again. This demonstrates that the current system does not scale well.

Furthermore, the employees who have access to the devices can set the policies for those devices. In an ideal situation, this is not what an administrator would want. Policies should be separated and enforced so that individuals cannot change their own policies within the environment.

The diagram above illustrates the Atsign policy plane in action. From this diagram, we can interpret the following:

The first step on the policy plane involves having a manager, or a list of managers, who can act as an authorizing atSign (referred to as the “policy atSign” for simplicity).

If this atSign is set within an environment, the daemon in any session receiving a new request will communicate with it to determine if the requester can speak to the daemon in the first place.

In many cases, simple files such as config files are sufficient to enhance the scalability of architectures using the Atsign policy plane. Using atSigns creates an extremely user-friendly environment.

Instead of updating 1,000 individual devices, all devices can be updated in one place. If a new team member joins the company, the config file can be easily modified to add the new team member’s, in this case Eva’s, atSign. The same applies if Dan were to leave the company, his atSign could simply be removed from the file.

In the next post, we’ll explain more about the control plane.

For more on Atsign’s unique architecture, take a look at Co-founder and CTO Colin’s post on Accountability on the Internet.

Atsign’s Zero Trust Planes

Learn how Atsign’s innovative use of control, data, and policy planes revolutionizes data transmission, eliminating vulnerabilities associated with VPNs and firewalls.

read more
Share This