pre { background: #333; white-space: pre; word-wrap: break-word; overflow: auto; }

Machine Alias Identity (MAID)

A Machine Alias Identity (MAID) is a workload credential that is managed by a Hopr sidecar and whose chain-of-trust is based on the workload itself and not on an external third party, such as a certificates authority. This article explains the MAID feature present in XTRA and K4C.

NAME                        READY   STATUS    RESTARTS   AGEhopr-p2p-6d4687599c-w9p9b   4/4     Running   0          60s
Chat icon
Transcript

Sidecars contain a patented Machine Alias Identity (MAID) credential for each workload. The MAID is a verifiable, rotating identity credential that resides with and is managed by a deployed and initialized Hopr sidecar. It does not rely on automated PKI certificates whose chain of trust end with the certificate authority and not with the workload. A MAID is issued by Hopr to each sidecar/workload when it first operates after deployment. After that, the MAID is rotated within each sidecar at a high frequency, but the rotations are recognized by Hopr and create a chain that Hopr uses to independently verify workload trust at each session. This verification process prevents impersonation attempts (spoofing) by an imposter workload (Adversary in the Middle) and helps ensure that only trusted workloads connect with each other. Sidecars manage MAID rotation and Hopr SaaS manages trust verification. MAID rotation occurs on an interval determined by an organization's security requirements and threat model. This ensures an optimal balance between security and performance.

Still need help?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Mauris eget urna nisi. Etiam vehicula scelerisque pretium.
Contact support