Building a Zero Trust Federation

Zero trust is a security paradigm whose fundamental philosophy is that every access to a resource must be explicitly verified, without assuming trust based on origin or identity. In a federated environment composed of multiple domains, ensuring zero trust guarantees for accessing shared resources is a challenge, as information on requesters is generated by their originating domain, yet requires explicit verification from the domain owning the resource. This paper proposes a method for federating zero trust architectures, ensuring the preservation of zero trust guarantees when accessing federated resources. The proposed approach relies on remote attestation, enabling continuous authentication and monitoring of requesters, without requiring intrusive software installations on every device within the federation. Moreover, this paper proposes a proof-of-concept architecture that combines several open-source products, to build an architecture with advanced zero trust maturity level. The feasibility of the proposed federation method is demonstrated through this proof-of-concept, providing detailed information on the federation procedure and its implementation.