My goal is to accomplish Zero Trust Conformance[1]. You cannot do that using web technologies in their current form unless you internalize the centralized aspects of those technologies or validate them under contract.
That is the Microsoft definition. The US Army is forming its own definition because aside from reliance upon cloud vendors as service providers the military owns its own infrastructure and services (OSI layers 1-7). Nobody else can claim that, so the US Army can take Zero Trust to a different level than others are afforded.
My goal is to conform to the more demanding military definition for OSI layers 5, 6, and 7. The business case is two-fold: privacy as a mandate and mitigating disruption via logic redundancy. I have an application that is 98% of the way there. I only accomplished this by either internalizing some technologies and abandoning those I could not.
As for certificates that is something you can internalize. You can create your own self-signed certificate and corresponding certificate chain necessary to make your OS and browser happy. If you don't need certificates for their actual purpose, trust authority, then all you need them for is facilitating TLS traffic. I am exchanging trust for authentication via identity and key exchange.
[1] https://learn.microsoft.com/en-us/security/zero-trust/zero-t...
That is the Microsoft definition. The US Army is forming its own definition because aside from reliance upon cloud vendors as service providers the military owns its own infrastructure and services (OSI layers 1-7). Nobody else can claim that, so the US Army can take Zero Trust to a different level than others are afforded.
My goal is to conform to the more demanding military definition for OSI layers 5, 6, and 7. The business case is two-fold: privacy as a mandate and mitigating disruption via logic redundancy. I have an application that is 98% of the way there. I only accomplished this by either internalizing some technologies and abandoning those I could not.
As for certificates that is something you can internalize. You can create your own self-signed certificate and corresponding certificate chain necessary to make your OS and browser happy. If you don't need certificates for their actual purpose, trust authority, then all you need them for is facilitating TLS traffic. I am exchanging trust for authentication via identity and key exchange.