Protect your data, not your network connections (Stephan Schwichtenberg) [FOSDEM 2020]

link

When a system is reworked to be more distributed, a lot of interconnections are created. The data interactions become the driving factor. The trust perimeter changes drastically. The fragmented information and information flows needs protection. Authentication and authorisation must be possible everywhere. TLS is not suitable to provide authentication of data.

Also the network-centric model no longer works. We used to use the IP address as the abstraction layer. But for a data-centric approach, this is not sufficient. 90% of the data has one sender and multiple receivers. So instead we access data by resource name. This fits nicely with security, with streaming, with ownership.