SPIFFE/SPIRE could work for the identity layer. The risk engine concept is cool. Would love to see that applied to machine identities that are working "on-behalf-of" humans.