ALVES, B. L. M.; http://lattes.cnpq.br/2960030172402811; ALVES, Brenda Louisy Morais.
Resumen:
In the context of the SmartCampus project at the Federal University of Campina Grande (UFCG), the implementation of APIs providing access to energy efficiency information presents challenges related to security and access control. Stakeholders, including developers, end users, and production operators, need to interact with these APIs in various environments, creating the need to effectively differentiate and control access. This work explores strategies based on the Zero Trust model, which advocates continuous authentication and granular authorization, ensuring that each access is verified and authenticated. By adopting SPIRE (SPIFFE Runtime Environment) in conjunction with proxy services, the aim is to ensure secure authentication through cryptographic identities provided by SPIRE, as well as to implement a customized authorization service according to user profiles. The goal is to prevent unauthorized access, data leakage, and improper manipulations, ensuring a safe and reliable environment for the project deployment.
