{"ID":2853885,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2510.16067","arxiv_id":"2510.16067","title":"A Multi-Cloud Framework for Zero-Trust Workload Authentication","abstract":"Static, long-lived credentials for workload authentication create untenable security risks that violate Zero-Trust principles. This paper presents a multi-cloud framework using Workload Identity Federation (WIF) and OpenID Connect (OIDC) for secretless authentication. Our approach uses cryptographically-verified, ephemeral tokens, allowing workloads to authenticate without persistent private keys and mitigating credential theft. We validate this framework in an enterprise-scale Kubernetes environment, which significantly reduces the attack surface. The model offers a unified solution to manage workload identities across disparate clouds, enabling future implementation of robust, attribute-based access control.","short_abstract":"Static, long-lived credentials for workload authentication create untenable security risks that violate Zero-Trust principles. This paper presents a multi-cloud framework using Workload Identity Federation (WIF) and OpenID Connect (OIDC) for secretless authentication. Our approach uses cryptographically-verified, ephem...","url_abs":"https://arxiv.org/abs/2510.16067","url_pdf":"https://arxiv.org/pdf/2510.16067v1","authors":"[\"Saurabh Deochake\",\"Ryan Murphy\",\"Jeremiah Gearheart\"]","published":"2025-10-17T04:11:31Z","proceeding":"cs.CR","tasks":"[\"cs.CR\",\"cs.DC\",\"cs.NI\"]","methods":"[]","has_code":false}