{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T16:57:53Z","timestamp":1771520273943,"version":"3.50.1"},"publisher-location":"Cham","reference-count":44,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031471971","type":"print"},{"value":"9783031471988","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-47198-8_3","type":"book-chapter","created":{"date-parts":[[2023,10,29]],"date-time":"2023-10-29T10:01:17Z","timestamp":1698573677000},"page":"42-61","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["\u2018State of the Union\u2019: Evaluating Open Source Zero Trust Components"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2904-4758","authenticated-orcid":false,"given":"Tobias","family":"Hilbig","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8960-6986","authenticated-orcid":false,"given":"Thomas","family":"Schreck","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8904-0620","authenticated-orcid":false,"given":"Tobias","family":"Limmer","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,10,30]]},"reference":[{"key":"3_CR1","unstructured":"National Institute of Standards and Technology: [NIST SP 800\u2013207] Zero Trust Architecture. NIST Special Publication - 800 series (2020)"},{"key":"3_CR2","unstructured":"Jericho Forum \u2122 Commandments (2007). https:\/\/collaboration.opengroup.org\/jericho\/commandments_v1.2.pdf"},{"key":"3_CR3","unstructured":"Ward, R., Beyer, B.: BeyondCorp : a new approach to enterprise security. Login Mag. USENIX & SAGE 39(6), 6\u201311 (2014)"},{"key":"3_CR4","unstructured":"Zimmer, B.: LISA: a practical zero trust architecture. In: Enigma 2018 (Enigma 2018). USENIX Association, Santa Clara, CA (2018)"},{"key":"3_CR5","unstructured":"Microsoft Corporation: Zero Trust Model - Modern Security Architecture|Microsoft Security (2022). https:\/\/www.microsoft.com\/en-us\/security\/business\/zero-trust. Visited 13 Apr 2023"},{"key":"3_CR6","unstructured":"Microsoft and Hypothesis Group: Zero Trust Adoption Report (2021)"},{"key":"3_CR7","unstructured":"Kindervag, J.: No More Chewy Centers: Introducing the Zero Trust Model of Information Security (2010)"},{"key":"3_CR8","unstructured":"The Open Group: Zero Trust Core Principles (2021). https:\/\/publications.opengroup.org\/w210"},{"key":"3_CR9","doi-asserted-by":"crossref","unstructured":"Rose, S.: Planning for a Zero Trust Architecture: A Planning Guide for Federal Administrators (2022)","DOI":"10.6028\/NIST.CSWP.20"},{"key":"3_CR10","doi-asserted-by":"publisher","first-page":"1169","DOI":"10.1007\/s11277-021-09055-1","volume":"121","author":"GM K\u00f8ien","year":"2021","unstructured":"K\u00f8ien, G.M.: Zero-trust principles for legacy components: 12 rules for legacy devices: an antidote to chaos. Wireless Pers. Commun. 121, 1169\u20131186 (2021). https:\/\/doi.org\/10.1007\/s11277-021-09055-1","journal-title":"Wireless Pers. Commun."},{"key":"3_CR11","first-page":"1","volume":"2022","author":"Y He","year":"2022","unstructured":"He, Y., Huang, D., Chen, L., Ni, Y., Ma, X.: A survey on zero trust architecture: challenges and future trends. Wirel. Commun. Mobile Computing 2022, 1\u201313 (2022)","journal-title":"Wirel. Commun. Mobile Computing"},{"key":"3_CR12","doi-asserted-by":"publisher","first-page":"102436","DOI":"10.1016\/j.cose.2021.102436","volume":"110","author":"C Buck","year":"2021","unstructured":"Buck, C., Olenberger, C., Schweizer, A., V\u00f6lter, F., Eymann, T.: Never trust, always verify: a multivocal literature review on current knowledge and research gaps of zero-trust. Comput. Secur. 110, 102436 (2021). https:\/\/doi.org\/10.1016\/j.cose.2021.102436","journal-title":"Comput. Secur."},{"key":"3_CR13","doi-asserted-by":"publisher","first-page":"57143","DOI":"10.1109\/ACCESS.2022.3174679","volume":"10","author":"NF Syed","year":"2022","unstructured":"Syed, N.F., Shah, S.W., Shaghaghi, A., Anwar, A., Baig, Z., Doss, R.: Zero Trust Architecture (ZTA): a comprehensive survey. IEEE Access 10, 57143\u201357179 (2022). https:\/\/doi.org\/10.1109\/ACCESS.2022.3174679","journal-title":"IEEE Access"},{"key":"3_CR14","doi-asserted-by":"publisher","unstructured":"Olson, K., Keller, E.: Federating trust: network orchestration for cross-boundary zero trust. In: Proceedings of the 2021 SIGCOMM 2021 Poster and Demo Sessions, Part of SIGCOMM 2021 (2021). https:\/\/doi.org\/10.1145\/3472716.3472865","DOI":"10.1145\/3472716.3472865"},{"key":"3_CR15","doi-asserted-by":"publisher","unstructured":"Hatakeyama, K., Kotani, D., Okabe, Y.: Zero trust federation: sharing context under user control towards zero trust in identity federation. In: 2021 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events, PerCom Workshops 2021 (2021). https:\/\/doi.org\/10.1109\/PerComWorkshops51409.2021.9431116","DOI":"10.1109\/PerComWorkshops51409.2021.9431116"},{"key":"3_CR16","unstructured":"Tulshibagwale, A.: Re-thinking federated identity with the Continuous Access Evaluation Protocol$$|$$Google Cloud Blog (2019). https:\/\/cloud.google.com\/blog\/products\/identity-security\/re-thinking-federated-identity-with-thecontinuous-access-evaluation-protocol. Visited 13 Apr 2023"},{"key":"3_CR17","unstructured":"Maler, E., Machulak, M., Richer, J., Hardjono, T.: User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 authorization. Technical report (2019)"},{"key":"3_CR18","doi-asserted-by":"crossref","unstructured":"Hardt, D.: The OAuth 2.0 Authorization Framework. RFC 6749, RFC Editor (2012)","DOI":"10.17487\/rfc6749"},{"key":"3_CR19","doi-asserted-by":"crossref","unstructured":"Wohlin, C.: Guidelines for snowballing in systematic literature studies and a replication in software engineering. In: Proceedings of the 18th International Conference on Evaluation and Assessment in Software Engineering, pp. 1\u201310 (2014)","DOI":"10.1145\/2601248.2601268"},{"key":"3_CR20","unstructured":"Anderson, A., et al.: eXtensible Access Control Markup Language (XACML) Version 2.0. Oasis (2004)"},{"key":"3_CR21","unstructured":"Envoy Project Authors: envoyproxy\/envoy: Cloud-native high-performance edge\/middle\/service proxy (2016). https:\/\/github.com\/envoyproxy\/envoy. Visited 13 Apr 2023"},{"key":"3_CR22","unstructured":"Styra Inc.: OpenZiti: programmable network overlay and associated edge components for application-embedded, zero-trust networking (2019). https:\/\/github.com\/openziti\/. Visited 13 Apr 2023"},{"key":"3_CR23","unstructured":"Fond, J.: Juanfont\/Headscale: An Open Source, Self-Hosted Implementation of the TAILSCALE Control Server (2020). https:\/\/github.com\/juanfont\/headscale. Visited 13 Apr 2023"},{"key":"3_CR24","unstructured":"Tailscale Inc.: Tailscale is a WireGuard-based app that makes secure, private networks easy for teams of any scale (2020). https:\/\/github.com\/tailscale. Visited 13 Apr 2023"},{"key":"3_CR25","doi-asserted-by":"crossref","unstructured":"Donenfeld, J.A.: Wireguard: next generation kernel network tunnel. In: NDSS 2017, pp. 1\u201312. The Internet Society (2017)","DOI":"10.14722\/ndss.2017.23160"},{"key":"3_CR26","unstructured":"Pomerium Inc.: pomerium\/pomerium: Pomerium is an identity-aware access proxy (2019). https:\/\/github.com\/pomerium\/pomerium. Visited 13 Apr 2023"},{"key":"3_CR27","unstructured":"HashiCorp Inc: hashicorp\/boundary: Boundary enables identity-based access management for dynamic infrastructure (2020). https:\/\/github.com\/hashicorp\/boundary. Visited 13 Apr 2023"},{"key":"3_CR28","unstructured":"Ockam Inc.: build-trust\/ockam: Orchestrate end-to-end encryption, mutual authentication, key management, credential management & authorization policy enforcement - at scale (2018). https:\/\/github.com\/build-trust\/ockam. Visited 13 Apr 2023"},{"key":"3_CR29","first-page":"10","volume":"283","author":"M Marlinspike","year":"2016","unstructured":"Marlinspike, M., Perrin, T.: The X3DH key agreement protocol. Open Whisper Syst. 283, 10 (2016)","journal-title":"Open Whisper Syst."},{"key":"3_CR30","unstructured":"Ory Corp: ory\/oathkeeper: a cloud native Identity & Access Proxy\/API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests (2017). https:\/\/github.com\/ory\/oathkeeper. Visited 13 Apr 2023"},{"key":"3_CR31","unstructured":"Ory Corp: ory\/keto: Open Source (Go) implementation of \u201cZanzibar: Google\u2019s Consistent, Global Authorization System\u201d (2018). https:\/\/github.com\/ory\/keto. Visited 13 Apr 2023"},{"key":"3_CR32","unstructured":"Pang, R., et al.: Zanzibar: Google\u2019s consistent, global authorization system. In: 2019 USENIX Annual Technical Conference (USENIX ATC 2019), Renton, WA (2019)"},{"key":"3_CR33","unstructured":"Styra Inc.: open-policy-agent\/opa: An open source, general-purpose policy engine (2015). https:\/\/github.com\/open-policy-agent\/opa. Visited 13 Apr 2023"},{"key":"3_CR34","unstructured":"The SPIFFE authors: SPIFFE: Secure Production Identity Framework for Everyone (2017). https:\/\/spiffe.io. Visited 13 Apr 2023"},{"key":"3_CR35","unstructured":"OpenID Foundation: Shared Signals - A Secure Webhooks Framework$$|$$OpenID (2017). https:\/\/openid.net\/wg\/sharedsignals\/. Visited 13 Apr 2023"},{"key":"3_CR36","doi-asserted-by":"crossref","unstructured":"Hunt, P., Jones, M., Denniss, W., Ansari, M.: Security Event Token (SET). RFC 8417, RFC Editor (2018)","DOI":"10.17487\/RFC8417"},{"key":"3_CR37","doi-asserted-by":"crossref","unstructured":"Jones, M., Bradley, J., Sakimura, N.: JSON Web Signature (JWS). RFC 7515, RFC Editor (2015)","DOI":"10.17487\/RFC7515"},{"key":"3_CR38","unstructured":"cogolabs contributers: cogolabs\/beyond: BeyondCorp-inspired HTTPS\/SSO Access Proxy. Secure internal services outside your VPN\/perimeter network during a zero-trust transition (2017). https:\/\/github.com\/cogolabs\/beyond. Visited 13 Apr 2023"},{"key":"3_CR39","unstructured":"Yakimov, C.: cyakimov\/helios: Identity-Aware Proxy (2019). https:\/\/github.com\/cyakimov\/helios. Visited 13 Apr 2023"},{"key":"3_CR40","unstructured":"Seknox Pte. Ltd.: seknox\/trasa: Zero Trust Service Access (2020). https:\/\/github.com\/seknox\/trasa. Visited 13 Apr 2023"},{"key":"3_CR41","unstructured":"Pritunl Inc: pritunl\/pritunl-zero: Zero trust system (2017). https:\/\/github.com\/pritunl\/pritunl-zero. Visited 13 Apr 2023"},{"key":"3_CR42","unstructured":"Kerman, A., Souppaya, M., Grayeli, P., Symington, S.: Implementing a zero trust architecture (Preliminary Draft), Technical report, National Institute of Standards and Technology (2022)"},{"key":"3_CR43","unstructured":"Sakimura, N., Bradley, J., Jones, M., De Medeiros, B., Mortimore, C.: OpenID Connect Core 1.0. The OpenID Foundation (2014)"},{"key":"3_CR44","unstructured":"Hilbig, T.: hm-seclab\/paper-th-zta-components-materials: Supporting materials for STM 2023 (2023). https:\/\/github.com\/hm-seclab\/paper-th-zta-componentsmaterials. Visited 19 Aug 2023"}],"container-title":["Lecture Notes in Computer Science","Security and Trust Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-47198-8_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,7]],"date-time":"2024-03-07T16:33:59Z","timestamp":1709829239000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-47198-8_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031471971","9783031471988"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-47198-8_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"30 October 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The full results of the evaluation, i.e., a table listing the components together with our assessment of fulfilled requirements, is available online [].","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Data Availability"}},{"value":"All authors declare that they have no conflicts of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}},{"value":"STM","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Security and Trust Management","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Hague","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Netherlands","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 September 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 September 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"stm2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.nics.uma.es\/stm2023\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"15","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"33% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}