[Wimse] Authentication Levels for Workloads

Justin Richer <jricher@mit.edu> Mon, 29 July 2024 14:02 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: wimse@ietfa.amsl.com
Delivered-To: wimse@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AA0FC169421 for <wimse@ietfa.amsl.com>; Mon, 29 Jul 2024 07:02:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ezxWNwXK32LW for <wimse@ietfa.amsl.com>; Mon, 29 Jul 2024 07:02:08 -0700 (PDT)
Received: from CH1PR05CU001.outbound.protection.outlook.com (mail-northcentralusazon11020130.outbound.protection.outlook.com [52.101.193.130]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E00FC1840DC for <wimse@ietf.org>; Mon, 29 Jul 2024 07:02:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=VUjvoalWZPeoFBWjz4XlUCzcdLgvv7rPkmVFxLKEM+xT+N9vZ0bkr61+DNiOf8ZJAxn2tXkttClQRavC7CmQ+QB/XAX3HCPjq6YTaa828cHoPFPY8wgkZdjKGB6IScmqMfanXXPTKsp8p19MqG3uNeAhcaoihePcJwfTt6KMov6lOPRfYeqBQi2qsgIn6883w7Q97/KrcNCHmE0nh108BIGdIC8HUyKExJa2dTAsCzvwQeJ0WsOv4t4Sge7ZlSeaMjKueCSoh1yE1cuS63VGmWsUutxpxC4b+AJQG5BfcEHomcQU68+BoFNrwaAUb1fH2bkGFao9q0qtafGRkmQAEg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JKfe74Jx9bQ2BYS+AsypccrYC2G4BrnMkMBEZRJJhI8=; b=Qn4slGzzokYP4Ot2w5bcGTDxg0Oz8MJE3Qx5+jSgKbgpSjRwixKpVaEbDQsWX/pzhj3utehZeyh7cFetuz03q2RFl2dbR6PX7TnfeFzpm1wL22uv3zBlk3FkrR8P+iQempMRDZmgk1UG+33U59fmx6+ApECoZkzaU7brmYcMjPLdSOB+5QO6JV0eCSDakle1STYQ/vvM14JmCX/h72U8nUkE/jF6eRKxfxE7ZLRvVzEop3ZF3ZC+HM4X2Glu7OEIqIYhPpkKhMbn1BE9/aAs9Kvxalc3kNNojHEE90bd+zrEMqbGBRET9SSUeXB2Gmj0q1FGUv+ilumd6SF2KXmUEA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mit.edu; dmarc=pass action=none header.from=mit.edu; dkim=pass header.d=mit.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JKfe74Jx9bQ2BYS+AsypccrYC2G4BrnMkMBEZRJJhI8=; b=amT5c+YgHXbpeABRatZ5OXajbAyCOJshVzxhpuzqN4JnwgNd+PsE8h2E5oma9wyIKbIVJuIYm/ImppY+M2Twrhvac4oqY8SIl4ON+4urtdcv88LDKNqbpursvRMU2QGwqwRmyg06dRILDtPBQ0j0F+x8Z8teYeNbGGPXIOqel/4=
Received: from LV8PR01MB8677.prod.exchangelabs.com (2603:10b6:408:1e8::20) by CH3PR01MB8687.prod.exchangelabs.com (2603:10b6:610:20c::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7807.27; Mon, 29 Jul 2024 12:27:47 +0000
Received: from LV8PR01MB8677.prod.exchangelabs.com ([fe80::e7d6:999:270f:a820]) by LV8PR01MB8677.prod.exchangelabs.com ([fe80::e7d6:999:270f:a820%6]) with mapi id 15.20.7807.026; Mon, 29 Jul 2024 12:27:47 +0000
From: Justin Richer <jricher@mit.edu>
To: "wimse@ietf.org" <wimse@ietf.org>
Thread-Topic: Authentication Levels for Workloads
Thread-Index: AQHa4bK4T9dP7/fDFE+iaUlCVa6wZg==
Date: Mon, 29 Jul 2024 12:27:47 +0000
Message-ID: <9F066930-20F3-4273-8E2A-8D42B087E668@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LV8PR01MB8677:EE_|CH3PR01MB8687:EE_
x-ms-office365-filtering-correlation-id: e2633aee-a353-4f11-d546-08dcafc9dae9
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018;
x-microsoft-antispam-message-info: PZWUo1FPlwec0Ra05h2bIPQgP2ou5J6TyvHNpiehrtDCmkHMd3IqTDvhudYev7jbI8BeGvNWrKW7eNPbhJ5JX4v3zW6G1UeBlSiXOocghgNM6suiwjFdu2h6wF7By08Qu5Bh1yzqLseqFoY0/1TLXvq/zGbfwpF+enNyQBZpoSuIBQIEWjB+WhRlhnci1TnT6qN9YdE0f1vlvNAS1fNbu1/ivWEn659a1sIs07LD+cElf/x/WncKKsHkyrIQvgNkirTp1yyBcfXyS9BTqTabnsMDfb26D8Z75IvzCGQmPdMkegPRfcPgx9fE7b4iwsuEi8RgKe90QYbxO8qLoiE0rNQqi/qAhaCBtN79VZmwzkx6AWOHnalF1tQSqbNPuhCs1249W8Ugvi6waukNYkCtu2XTzau9skOjIvTk8XvD1SQeJ9oK1tTPi6SrE1dOKtP6E3+SmGOdfrQXGFO+QsChJYuYHdSdUSCmmESao2OYsEIC/O7e2gF8QDMFcvcIf/iC3pmbstSOp0dmCZwV5h7sSNTtKkAijnGqHq7Kgc30Z9zmAYSmMibAAj1IkuLQGbemtyVlItTFTeNcIMw2Q6ZdDGuBuFKY1n3YHm52z1ARaZRAwKvcUYkwe2pCPf/cDQX1ppUiRnqYT26Z3r/iKR8WjDDSXSt37cpOs9YHFQCcPJ0lefAZxS99XYKsoneXvm3kLctS7101anq9CWsg1NIl1BVc1Rg9FY1oerh9tF6LIlM023fDoPePFY83EBUfY5xkpfvrIHzIBTUR6hrL8HltHx3hMiIc763OCSw5kAsbD+zI0tWbK7eO7558n7palXAHcq5VljLxwqyAeccwFHdFvDrx+o30X4BiSYvt53D592rL2+plEfEog0UmzpYPAnSamv+jMeanlWG/c6ES0h0dRwmQtI7iaoTTpbVSNlsn1XahyJkfadXNusjnxeQeyFRpWWc+IJGV3ofxHfEMRdq05vEh3deeX+33RdGOw5T75IgdG1OwryVF5Xu0GML49GOMJbeRX3/Z1ut5zgT7/hF5fYcPpCwzaeEzszi84M5519wR6JbCoykJr81KHTq2ve5BAfLoIAwpnGO7ccCEOaLa5v7Rs9IqA5eylCgqn7zjuOtxePhyvko0sZoV6Mnibr2ywAxbWb9qEAgo6RpKOP1uao4D2sy061kcDSMTkV/KkuJw222bt45VW5eIOzTfJw4KMUxBH6ETVcRRNkd277P+gN+pEkUZrPjZFvkKr5HlQ9SwEYcL3IssoZ272k3TWE4naoXC9oUnulwg0y65OfRa5wMuVxR7GF2PiD+JBkU+X3dlymEEWaBAWs7KMV2P2g9ulHY3EQBUqS1D5t/+oMoueFm30uePnmVKir4qhBpxtLY=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LV8PR01MB8677.prod.exchangelabs.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 4IQYQyaIpIEGFH+BNbnjDV02+f2GEIlzcdb3znMSzhLSLmcDFXFl/zy0Mj2Z+8+c9bCYW63HUwMosEdtCRXMnPI+dV3QSXjHhoqDaYCBVpkhrSjYr5lN84jObmncf5czaGoimhHVLrjBqOEfJCckMgi6Af48+51lmo9q/aAm8xSOMJVWmkccTnVILGLwcM/Ed0vbSjJx/5rMkxmXKlJdDv2m6MdylbhbHl+cvi/ECExdqWamDDnHWaHXi/XNhh6LtAPXNvokQRUlLjjF3eQAEaMy6VFXf/78lO8rLWoPvkQVzhhCvb/P88R3UHa7iaCXGe08WuTkqJF0q2EfTQyGbMjI1LPjGJ6e2aBiGU1k2ut+NMwTGBvOmDqLEFVnAzEpPgrY6eQ8up47P8p5fzS+MY3gRXcfNHR60cAfEdlYaQEqR9y1O22zh2eWKcDBGcjAnMjua4UgOJ5eJRrEMKmEMF27mvkHWQTR8JmY5or+4h8cQKO0CjgnwJJfho/wCLJKPRQNs99EU18mIm6/dIC0UNeBD6FB3PKdTQM8uKdpnunQ8M2ZgXS/C7KW1oiWmjsUN0CyqdWFvyRxbOFjbJgzrh/IC/bGewN8lJZifWoeUMX6GFftC1NVl1wSfNF8AxrPcSnX+dO8ChsSWPt4WQpaStmjzOvWjMHKFcqSWT/t3vkLnbu4+INZginGjXfng2EdrEYvjdZWuWUCd8+jeC7LcZvwqqW2bpuG4dnvSRgj0BDJguggKa8PVn8xFwM31VJyElmEaoYjebihmm8VNrijuHIbfZ+JxaDwbvVLrRsuoM97981xGcYDA4+oYWhxcOcOyde5+Wo6dq7mMBeF2IeVK2Ro6yeM8hVjbvf3yoXKrBh27ae7r7tLowsQW8oswdghFq1ABmk3l0VuaDEz0uQKCHOVK6Cn0Ed+jd52fZT9PkeLtwK0LJd6WglA4S/b3800Ok5bpJGipOuRgg0ZVvY9DT3Y9HraiJpTzT31Y9lOhE2NPJiMzqT2347tQO7kDJIsP6dDzDmm61ypSaEFwdTG8DGvg6kdGsmjpH/zHCbQMLf7x98DowEbzdafWl50FNeU19PyIu4EX7/9MJoakxpdxGVG+d9hOAWYRrY2vJueQGZaE4QZUS/lL+UnOqX4ey+oV6NJf4TAAnYpIqjZpqcB1HktvG6mY144jrxLw/SVzQbIiHdGUZOhe3AdG1l5DvPY6tEY9jN+oVrAWTdRmoSiLXBPnz1YEK+HjwC/fpFzD8o0YG2YeG2mXhHhGBVYs/FLZh9GySnT2Ab8mBrzU4o2HBbcns3m74w3BOqP+mNAqY/rteDCYlIAmt791Gc2e5vzs7wO9/O3aYo0zMu5gDn5B6y9awdZthFv6rJ0Lk8jJv54upga31iKr62jciTDdLvWFfKoa+0YRaaJURWc7W8pOKOTfa5yXjN6mWkyOFWLaETXS191LEbC66lClcOHQ+9eEi/ZsMwzi0iPbyky9EqVjZjOmst47mAmvEprRMiZjtAM8D4F/vAVUJj3SnJhtDZvwFHEWabfKQfaaByRxnIHcMB8vnyfoUOcSqO6Vr/DGiFCIWXsaYWFQJ2eHqbLVMsl
Content-Type: multipart/alternative; boundary="_000_9F06693020F342738E2A8D42B087E668mitedu_"
MIME-Version: 1.0
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LV8PR01MB8677.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e2633aee-a353-4f11-d546-08dcafc9dae9
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jul 2024 12:27:47.5533 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: E2D4B0EtknZnNGfErumF6BbLA8KOvEWA6C3Z90eK3eFf0/JQc1tCOYR1tD/WARNn
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR01MB8687
Message-ID-Hash: RO24QIBF43BAGGO3PLUDW7XDRL7USYMT
X-Message-ID-Hash: RO24QIBF43BAGGO3PLUDW7XDRL7USYMT
X-MailFrom: jricher@mit.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Wimse] Authentication Levels for Workloads
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/wimse/-VFn_SwInu-cZFe1sWCJt0T8X9E>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Owner: <mailto:wimse-owner@ietf.org>
List-Post: <mailto:wimse@ietf.org>
List-Subscribe: <mailto:wimse-join@ietf.org>
List-Unsubscribe: <mailto:wimse-leave@ietf.org>

In the Vancouver meeting, there was a presentation from Ryan Hurst on Authentication Levels for Workloads. While this is not a current WG charter item, the energy in the room indicated that it is a topic of interest. As such, the chairs would like to encourage conversation on this topic. Please see the presentation slides [1] and recording [2] for more information.

I would also like to encourage the presenters to create an I-D to capture their thoughts on this topic to encourage further discussion.

— Justin and Pieter

[1] https://datatracker.ietf.org/meeting/120/materials/minutes-120-wimse-202407241630-00
[2] https://www.youtube.com/watch?v=-BVTXj94wbw