Open
Conversation
Post: control plane / data plane split, trust zones, protocol break and re-origination, bounded session TTL with cert revocation, context-aware policy, and provider-agnostic SSO abstraction at the proxy. SVGs: hero-part-two, trust-zones, control-plane-arch, session-lifecycle, sso-abstraction Resources: trust-bridge-slides.pdf and trust-bridge-paper.pdf moved to .claude/resources/ for Part 3 reference (RSAC 2026 + IEEE ICCST 2025) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
All three proxy instances now show 'reverse proxy instance' rather than Envoy/HAProxy labels that implied different proxy types per instance. TrustBridge is one proxy implementation — instances are identical. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
All three proxy instances now receive the red revocation broadcast simultaneously, with identical 'cert #A9F2 → DENIED' state. Removes the incorrect implication that only one instance gets the update. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Circle was overlapping the caption line (cy=315, r=36, bottom=351 vs line at y=348). Moved to cy=300, bottom now at y=336. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…dits session-lifecycle.svg: replaced the confusing horizontal timeline layout (where the 'revoked' outcome appeared far left of its source box) with a clean 4-panel storyboard. Panels flow left-to-right: mTLS Handshake → Session Active (with amber callout showing cert is NOT re-checked per request) → TTL → FIN → New Handshake. A fork below Panel 4 leads to two clearly adjacent outcomes (✗ Cert Revoked / ✓ Still Valid). Exposure window bracket spans panels 1–3. sso-abstraction.svg: incorporate manual edits to layout. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The proxy sees every authentication event across the entire internal fleet, which makes it uniquely positioned to detect impossible travel: the same identity authenticating from geographically incompatible locations within a physically impossible time window. Added as a distinct bullet with a concrete policy example (max_speed_kmh threshold, deny + invalidate existing session). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Will add the conference reference in Part 3 once RSAC is completed. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…lets Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Triggers on pull_request targeting main. Builds the Jekyll site and runs the full test suite (tests/run_all.rb) — same steps as the deploy workflow but without the Pages upload/deploy. Used as the required status check for branch protection. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The posts_test enforces a limit of 3 em dashes per post. The Part 2 post had 30. Replaced all using context-appropriate alternatives: - colons for clauses that elaborate on what precedes them - parentheses for inline asides and enumerations - semicolons for closely related independent clauses - commas where the pause is light Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Box was 128px wide; bold text with lightning emoji overflows it. Widened to 200px (x=300 to x=500), still centered at x=400 and well within the control plane bounds. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2 tasks
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
hero-part-two,trust-zones,control-plane-arch,session-lifecycle,sso-abstraction.claude/resources/for Part 3 referencelearnings.mdupdated with Part 3 scope and new post entryTesting Done