Ockam is a zero-trust networking framework designed to secure data transit between distributed applications using an identity-based network overlay. It provides the primitives necessary to establish mutually authenticated and end-to-end encrypted connections, removing the reliance on traditional network-layer security. The project is distinguished by its use of attribute-based access control and verifiable credentials to manage trust at scale. It implements cryptographic identity rotation to maintain identity continuity and integrates with hardware-backed key management systems to secure priv
Octelium is a zero-trust network access platform and identity-aware proxy designed to secure private HTTP, SSH, and SQL resources. It functions as a secure gateway that validates human and workload identities using OIDC, SAML, and FIDO2 passkeys before granting access to internal applications and SaaS APIs. The system is distinguished by its secretless access broker, which injects credentials—such as API keys, passwords, and AWS Sigv4 signatures—at the gateway level so users can access databases and cloud resources without managing secrets. It further specializes in AI gateway administration,
Ziti is a zero-trust network overlay and identity-based mesh network. It provides a software-defined perimeter that replaces traditional IP-based routing and VPNs by mapping network services to cryptographically verified identities, effectively cloaking applications from the public internet. The project distinguishes itself through an outbound-only connection model that eliminates open listening ports and a Zero Trust SDK that allows developers to embed encryption and identity-based access control directly into application source code. It also provides transparent tunneling proxies to extend
Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes n