Standards fragmentation threatens Defakto
Defakto
Defakto’s edge comes from being the neutral layer between many identity systems, so standards fragmentation would push the market back toward cloud specific and vendor specific tooling. Today its product fits naturally into Kubernetes and service mesh workflows because SPIFFE defines a common identity format, but AWS, Azure, and Google each also steer workloads into their own identity rails for access to native services, which can shrink the value of a cross environment broker.
-
In practice, open standards matter because they decide whether one workload identity can be understood across tools. SPIFFE standardizes SPIFFE IDs and SVIDs in X.509 and JWT forms, which is what lets a certificate minted for a workload plug into shared cloud native components instead of being trapped inside one vendor stack.
-
The fragmentation risk is visible in hyperscaler designs. AWS IRSA maps Kubernetes service accounts into AWS IAM through an EKS specific OIDC setup. Google recommends Workload Identity Federation for GKE for GKE workloads. Azure ties AKS workloads into Microsoft Entra Workload ID. These are useful, but each is optimized for its own cloud control plane.
-
Large adjacent vendors can also narrow the standard’s strategic importance without rejecting it outright. Vault supports SPIFFE authentication, but uses it to map workload identities into Vault token policies. That keeps SPIFFE as an input while preserving the vendor’s own policy and control surface as the system customers actually buy.
The market is heading toward a split architecture. Open identity formats will keep winning inside cloud native infrastructure, while major platforms will keep wrapping those identities in proprietary policy, permissions, and developer workflows. Defakto’s path is to become the control plane that makes those islands work together, especially across multi cloud, pipelines, and AI agents.