OpenZiti vs BoringProxy has some similarities for sure. The simplest OpenZiti deployment is similar to a boring proxy deployment. The main differences will be that the listening ports "on the network" are going to be from the OpenZiti edge-router which will authenticate before allowing any connection using a strong x509 identity (not a token) and then after that the same identity can be authorized to access one or more services. That's one killer difference to me. There are lots of other things OpenZiti is doing that boringproxy isn't trying to as well. I filed an issue to do a comparison to that some day https://github.com/openziti/ziti-doc/issues/176 thanks for the idea! :)
Boringproxy doesn't seem to me to purport to be a mesh network. OpenZiti is a mesh network (a zero trust mesh network). That means that all the components use mutual TLS (mTLS) to connect to one another. Each node has its own identity as well. We'll write it up soon, hopefully.
Thanks for the interest, I was terse here but I'd be happy to answer other questions if you have any.
-- EDIT: --
I totally forgot that OpenZiti is very different insofar as it's trying to get those zero trust principles into applications themselves. That means there's a bunch of SDKs you can use to embed into "your own" applications. I can't leave that out of any comparison - even if the comparison is terse!!! :)
I am a dev on this project and I personally think that all applications will have zero trust principles baked into them soon enough, if not with OpenZiti then with some other SDK/overlay (but clearly I'm hoping OpenZiti is the choice). I just found this sub and thought that y'all might think this is a cool project. There's a lot to the project but I think it's really cool stuff - you might too. :)
dovholuknf OP t1_iqy6tka wrote
Reply to comment by cylindrical_ in OpenZiti - *everything* you need to implement your own secure, zero trust overlay network by dovholuknf
OpenZiti vs BoringProxy has some similarities for sure. The simplest OpenZiti deployment is similar to a boring proxy deployment. The main differences will be that the listening ports "on the network" are going to be from the OpenZiti edge-router which will authenticate before allowing any connection using a strong x509 identity (not a token) and then after that the same identity can be authorized to access one or more services. That's one killer difference to me. There are lots of other things OpenZiti is doing that boringproxy isn't trying to as well. I filed an issue to do a comparison to that some day https://github.com/openziti/ziti-doc/issues/176 thanks for the idea! :)
Boringproxy doesn't seem to me to purport to be a mesh network. OpenZiti is a mesh network (a zero trust mesh network). That means that all the components use mutual TLS (mTLS) to connect to one another. Each node has its own identity as well. We'll write it up soon, hopefully.
Thanks for the interest, I was terse here but I'd be happy to answer other questions if you have any.
-- EDIT: -- I totally forgot that OpenZiti is very different insofar as it's trying to get those zero trust principles into applications themselves. That means there's a bunch of SDKs you can use to embed into "your own" applications. I can't leave that out of any comparison - even if the comparison is terse!!! :)