// Technology / Federation
Federate across authority boundaries.
QHx federation lets workloads in separate clusters, regions, trust domains, and operating environments authenticate one another through SPIFFE trust bundle exchange.
// Mechanism
Trust domains stay distinct.
Each cluster can maintain its own trust domain while exposing a bundle endpoint for other approved clusters. Workloads verify peers from federated domains without requiring one shared control plane.
- Trust domainA boundary of authority for SPIFFE identities.
- Trust bundleThe CA material needed to verify SVIDs from another domain.
- Bundle endpointAn HTTPS endpoint that publishes trust bundle data for synchronization.
- Multi-site operationsSupports patterns such as multi-region, hybrid cloud, cross-border, and disaster recovery deployments.
Independent authorities. Explicit recognition.