Day 1: The Workload Identity Problem Day 2: SPIFFE Spec — IDs, SVIDs, Trust Domains, Trust Bundles Day 3: X.509-SVIDs — How They Differ from Ordinary Certificates Day 4: The SPIFFE Workload API Day 5: JWT-SVIDs — Federated Identity for HTTP/API Contexts Day 6: SPIFFE Federation — Crossing Trust Domain Boundaries Day 7: Challenge — SPIFFE Spec Deep-Read + PKI Comparison
Day 8: SPIRE Architecture — Server, Agent, Workload Day 9: Node Attestation — AWS IID, k8s PSAT, TPM Day 10: Workload Attestation — Unix, Docker, Kubernetes Day 11: SPIRE Server Internals — CA, Datastore, Registration Entries Day 12: Installing and Running SPIRE Locally (Docker Compose) Day 13: Registering Workload Entries and Issuing SVIDs Day 14: Challenge — Local SPIRE Deployment with Two Workload Identities
Day 15: SPIRE on AWS — EC2, ECS, Lambda, and the OIDC Bridge Day 16: The Rust SPIFFE Ecosystem — spiffe-rs and SVID Parsing Day 17: Validating X.509-SVIDs in Rust Day 18: mTLS with SPIFFE SVIDs — Replacing Static Certs Day 19: SPIFFE + PQC — Short-Lived SVIDs and the Migration Roadmap Day 20: Fit Analysis — Where SPIRE Helps and Hurts Your Provisioning Service Day 21: Phase 4 Final Challenge — spiffe-demo + Written Fit Analysis