Linux Foundation's Latest Open-Source Project: OpenPubkey

The newest open-source project hosted by the Linux Foundation is OpenPubkey, which is a collaboration with Docker and BastionZero and will be available for Docker container signing with zero-trust passwordless authentication.

OpenPubkey is born out of BastionZero's secure infrastructure access product and comes down to being a protocol to securely and accurately bind cryptographic keys to users and workloads by creating a CA out of an OpenID Connect Identity Provider. The hope is OpenPubkey can help secure the software supply chain for Docker and other software projects.

OpenPubkey is intended to augment OpenID Connect. The OpenPubkey GitHub further explains:

"OpenPubkey adds user generated cryptographic signatures to OpenID Connect (OIDC) to enable users to sign messages or artifacts under their OpenID identity. Verifiers can check that these signatures are valid and associated with the signing OpenID identity. OpenPubkey does not add any new trusted parties beyond what is required for OpenID Connect and is fully compatible with existing OpenID Providers (Google, Azure/Microsoft, Okta, OneLogin, Keycloak) without any changes to the OpenID Provider."

More details on the OpenPubkey project via LinuxFoundation.org.