CNCF Accepts Open Source Hexa Project As A Sandbox Project


The Management of Multi-Cloud Access Policies is Consolidated by Open Source Identity Standard and Policy Orchestration Software.

The Hexa and IDQL (Identity Query Language) open source project, which enables organisations to apply consistent access policy across any application on multiple cloud platforms, has been accepted as a sandbox project by the Cloud Native Computing Foundation (CNCF), according to Strata Identity, the identity orchestration for multi-cloud company:

“Cloud Identity is extremely fragmented with no clear path for orchestrating policy management across different service provider platforms,” says Gary Rowe, principal consulting analyst, and CEO of TechVision Research. “IDQL represents a major step forward in providing a standards-based approach for cloud-based IAM governance.”

The Linux Foundation’s CNCF is a non-profit group devoted to overseeing open-source cloud-native initiatives. Versa Networks, S&P Global, Cummins, Kroger, MEF, and Strata Identity are among the authors and working group participants of IDQL and Hexa. More details about how to help the Project are available at

At the moment, every cloud platform (such as AWS, Google, Microsoft Azure, etc.) makes use of a unique identity system with a unique policy language that is completely incompatible with one another. Each application, however, needs to be hard-coded to function with a certain identification system. With only 25% of respondents saying they have visibility over multi-cloud access restrictions, this is a significant barrier for enterprises, according to the 2022 State of Multi-Cloud Identity survey.

Based on the company’s founders’ experience co-authoring the SAML standard for SSO Federation, Strata Identity has led the Hexa and IDQL project. The goal of this new project is to usher in a well-designed open-source policy orchestration framework that increases the likelihood that organisations, customers, and software providers will profit from the switch to a contemporary, open, and passwordless approach to identity.

Without altering the identification systems or the applications, IDQL and Hexa allow any number of identity systems to operate as a single, integrated system. Together, these open source initiatives offer the following advantages:

Discovery of policy

  • Performs an analysis and inventory of important apps, data, and policies
  • Discovers what apps are available and where they are
  • Identifies policies, users, and roles

Government translation

  • During policy discovery, converts native, imperative policies into declarative IDQL policies.
  • During policy orchestration, converts declarative IDQL policies into native, imperative policies of the destination system(s).

Orchestration of policy

  • Uses a cloud-based architecture that eliminates the need for an agent, proxy, or local code;
  • Uses a cloud-based architecture that eliminates the need for an agent, proxy, or local code;
  • Distributes rules to be enforced by identity providers (IdPs), clouds, IaaS, and network systems; – Employs an extensible, open-source paradigm that permits bespoke connector integrations



Please enter your comment!
Please enter your name here