New Identity Propagation Patterns Cheat Sheet

[dadrus]

Please make sure that for your contribution:

• In case of a new Cheat Sheet, you have used the Cheat Sheet template.
• All the markdown files do not raise any validation policy violation, see the policy.
• All the markdown files follow these format rules.
• All your assets are stored in the assets folder.
• All the images used are in the PNG format.
• Any references to websites have been formatted as [TEXT](URL)
• You verified/tested the effectiveness of your contribution (e.g., the defensive code proposed is really an effective remediation? Please verify it works!).
• The CI build of your PR pass, see the build status here.

This PR is a continuation of the work started with #1746 and includes the content from my Identity Propagation Patterns blog post with info boxes and the introduction part removed.

[jmanico]

cc @mackowski @szh

[szh]

Refer to my comment here: #1809 (comment)

[mackowski]

This is very good.
Any reason why you are making PR to cheatsheets_draft directory? I think you can move your cheatsheets to main cheatsheets directory

[dadrus]

Thank you @mackowski! There are actually multiple reasons:

• I thought, the procedure would be to have completely new cheat sheets in the drafts "folder" first, as there might be a need to iterate on the content via multiple PRs before it can be moved into the cheatsheets folder.
• There are inter-dependencies, which I don't know how to resolve yet. It is less an issue for the already filed (and accepted) PRs, but there are three more to come: part 5, part 6 and part 7 from the blog post series. There is also the part 2, which needs to be addressed as well. So, my idea was to file the contents from these posts as is and develop them further into a direction of a cheat sheet.
• @jmanico had an idea to introduce kind of a new cheat sheet format - security architecture, which is not yet reflected by the cheat sheets project. In our Slack discussion, we came up with an idea to have kind of an overarching document, which would set a scene and link to the different cheat sheets explaining the relations. This is maybe something we can create from the aforesaid part 2 of the post.
• There is also a related question: What to do with the microservice security cheat sheet and maybe some other cheat sheet, which will become obsolete once the cheat sheets resulted from the blog post series are officially available as part of the cheat sheet project?

[jmanico]

I thought, the procedure would be to have completely new cheat sheets in the drafts "folder" first, as there might be a need to iterate on the content via multiple PRs before it can be moved into the cheatsheets folder.

This is so high quality you can do live with it right away. It's your call. I like to go live early and adjust as needed when the work is high quality like this!

[dadrus]

Let us have all blog post parts as new cheet sheets then first in the draft folder. When all of them are properly linked and available, I would create a new PR, which brings all of them in the cheatsheets folder. We should have an idea until then, how to proceed with e.g. the microservice security cheat sheet, as it would partially contradict the new cheat sheets.

[AlexB1986]

Hi @dadrus, thanks for such a great contribution!
Regarding the current microservice security cheat sheet, are you planning to cover the Logging topic as well? If so, I think the current CS can be moved to the cheatsheets_excluded folder once all new CSs have been merged into the cheatsheets folder.
Another option is to put the Part 2 Core Concepts into the existing microservice security CS and provide references to the CS with detailed information.