IETF Logo Mail Archive

[Wimse] Request for Agenda Item: Workload identity authenticator levels

Pieter Kasselman <pieter.kasselman@microsoft.com> Mon, 08 July 2024 15:05 UTC

Return-Path: <pieter.kasselman@microsoft.com>
X-Original-To: wimse@ietfa.amsl.com
Delivered-To: wimse@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A170FC14F6AD for <wimse@ietfa.amsl.com>; Mon, 8 Jul 2024 08:05:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.254
X-Spam-Level:
X-Spam-Status: No, score=-2.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lqcpzD3adwst for <wimse@ietfa.amsl.com>; Mon, 8 Jul 2024 08:05:41 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2104.outbound.protection.outlook.com [40.107.21.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BD4AC0708DA for <wimse@ietf.org>; Mon, 8 Jul 2024 08:04:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=AmkgVQKI0CRW3BwJT3J7jbjx6LhpeKNCxeWbAk+2AS8jnNn5HdnIE0Q4PsM1DxUsOGIQNGmuB3pVceBx4a6EjSJRWA4P7gbDiruPhse82UAsSZkTPJgf6Ujus2jGUhf2eBs28TXIxJQLmdilJdJWvRt1/zKKmfPX8ceYnXD9NXHumdLnJv19UB7BlxZmrTorJTcFpy79Z2JN0tDhYvn7nvhaZdXf/5uBg4D9Ya2bFgdH4Hdfbzx8mENqpXjUV9oAakQp+tLn3BnQGv+QQI7AdKFy+CJkk9twdKWJSPggTlKrGDb86Q+p/9JsOW6+77BzKCDf7KD5kk4Kf40+Gb5uIw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AaY5nMavEPcEmJZxVeny3dqBkQgvXg1LtLsFSNdZip0=; b=sHErv750vVsKZjFDsX6qfmIOOeguN6fgwvGoBi51t0dQRDZ6SbbafUpSOcm3HhlTkTkY4PcDPd17RVa9by+YgPHTbPnvTkMt9jdltPG+oKWuhU0oxhyCNXNz0wsAPDwUtaw/czXjxKXG13UyU8rgoAmm3KpCmMfJhjEv2Ai56ml5EU0hq1zXZW2AaMoojQRvaqsdHMpunZwjDkrDyyfECwd3qUdXen3Lm+6F2fw1cEC+XBKmjM4Wdwc3RV2HKsZ1T5CJ4E2WkuQqWXc/fRhwAHrlrxs/m2fGuNwxK1dK1eSqSNwhJMYXlsbhdRy4xkjmvw49DNc50cPKnT34R0N0XQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AaY5nMavEPcEmJZxVeny3dqBkQgvXg1LtLsFSNdZip0=; b=Sf3pLWjscKoXaRzucQ8v1CDZRhdXl8s90BTEDg3oAHYHPk/wb24IVph6mZ3snawKvDiyeoyX5mTxNhn+BxGbox4T8p2c7hzqHaEEdixHzuWZpXzHwjzKAJsMOEVUZC55AZkZTL1aShNQSkydTq9IsPN+sfaF4yJeezRkVaQyn1I=
Received: from DBAPR83MB0437.EURPRD83.prod.outlook.com (2603:10a6:10:19e::6) by PA1PR83MB0663.EURPRD83.prod.outlook.com (2603:10a6:102:452::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.3; Mon, 8 Jul 2024 15:04:34 +0000
Received: from DBAPR83MB0437.EURPRD83.prod.outlook.com ([fe80::9ee1:305:cfd7:dded]) by DBAPR83MB0437.EURPRD83.prod.outlook.com ([fe80::9ee1:305:cfd7:dded%3]) with mapi id 15.20.7784.001; Mon, 8 Jul 2024 15:04:34 +0000
From: Pieter Kasselman <pieter.kasselman@microsoft.com>
To: "wimse@ietf.org" <wimse@ietf.org>
Thread-Topic: Request for Agenda Item: Workload identity authenticator levels
Thread-Index: AdrRRtypWMkjLki2Q/mH2vk9AMsC9A==
Date: Mon, 08 Jul 2024 15:04:34 +0000
Message-ID: <DBAPR83MB043778953C0CBEE5AF93CFD991DA2@DBAPR83MB0437.EURPRD83.prod.outlook.com>
Accept-Language: en-IE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=6bc54974-ca23-49bb-bcc2-80c469526270;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2024-07-08T14:48:53Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DBAPR83MB0437:EE_|PA1PR83MB0663:EE_
x-ms-office365-filtering-correlation-id: 7119aebf-f182-4ef3-dbcb-08dc9f5f472f
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|38070700018;
x-microsoft-antispam-message-info: VWjUVU4aEw77RHq76p257gz50gb4Qi4YYw6Pk8TCDTB39VMVms1ZHyGqvHs52CApc1mBkUBumo1lDhPcYF/yq1vk4TPe1BwxVdUlhdDRBgwvpTvhPmC9gHi9/69QI/CxW2kLAFMf8GfaO50bNhjRYNor5MxINQBt62yNjOp9sXWa21K6/umz9r9zPwxj6DTvsUA1B7wF3yK4DLQuurb/uP8t94Qqg73NYmS/wMy1Z3WrvzA7HoZHK68p26keKhvIBdSz15CBV7GKTqB7NhmtNA/mCQiRwLLeziM30fr8EmzBiQNnqdY7MZ2J3I4z4pKxhiPHnHckBmQH+DO1AGRbzn5/dNcgtdfTsHkgwSiw6uVdZ+0jMtKpDXdj++QFt1RwifKg9hNbHpu3tqycwc7To/AQbHvSsr0CMkhHKfj4sRvZTYmIQc9xYnTKCatZ8meXv+fL8kFRWGkj0hItKc7ByE2v9iGaf4FPldHJr4RZP42kcmi9fPFEd+2tcRXP6BnrCDbfXScff4+oM4ukXComn6bIcwB06/IMAJ/vyO+4q+OXeQIF0Fkz0MUjJCBebTtbYm0xLBknQ17oeiI1e4K2y/K7Nwy1yK4UhtBrzrXKxfLnNvcT61H4yv/HLuqfykx7GpX7wYK9I9Igu0Dc7WX4s7zIUuL7dGdTUInnG0B7yVgwyzyARQYff72bc0UTfdWLDLreVKkoyI73Wr1zYhSpmW9ERr64g3dcguBI/C+w9qDTS6R0/O+1N/vffiPLdpmHO+AAB5ayecxqQC/iHrGdAzN+pkXvbUhjqW34MS4Z8uMc1KwEDtLyEnPigF/TMz6/YogysX1Mh9GlC3B0zpioZ2HJF99jnBhdeT2mT/frTd1oqxdNDGxM7f8EK9j+CLL+XQpVyQVyEn2n8p4FJ38cBoHc6LRoM/AxsvpUJ5z0K/16HEZn1C73vQy0R3bJ12hXbsShsSdmpsOO3PwbMKtsQtiVHhEr7Dn4MWkrVOWuWSSXHB57R7ervnmyAzbDHI7lZ2wJgWWbSaJ7r5bgzOei93pNLtg9pr0tEN1u9p7GZrdKh6zsLP9yjK98HvbI2LO0KRgJ77+HMm9d6WQmZ+S81W3N/FVI5UufCWGtCuHjlPzeEYxPjJZhPZJ3JuSlOoHWovkb4hjCiTMjHpd2K9DWpmPI/hSIlL4QzaTjroymHqZcy9w8wpFKT3jG7vkSRA6fKiWO16oK58fc8c+wMuCCtB813VyKB82p9/PvnOA8xMaPwpMjKTTCPY4uD8AdRwAqzX/NhkL71w+Iain1eLYpOr+iN81yz1UGrSdKhdUocGfEGx9buwBwNX7e0wcmKFp8L+msDwdqwdb3VQSDvEsUYJQ000gJQpXwLt6dRTokaVY=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DBAPR83MB0437.EURPRD83.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: yCg0/ofa8ldyfei2L18EC3DsTcuGsEOIdJ6bhfThvUti38l3s5Ks66KE8fH/oDDJDqqDeThyR/bGS3C539HWRqGWTAYDi/iduGcok4eTCUvFy1rQAvh/b/HLpX05p9JnSb9ENVcko8pRPLA6qcLeBXTvR76dqJb2Lg3zuUd8x8e8kZAS2a7swyGTUQLlBMe+l8/TDdoFls/smMi0/78Gs5oMnzuM0DO4n5Mgo+kGVszvlZt3r0rnRvtnbdOijzj3xRzJ2ISAhMLintqVu2w0MfY/tGgsS2fAUplc08XhZHxSw8diFelqYJaDuMm0WDDR0bbgba8zddzbiRVWRYLQhqPYA1nqJdhNDsZzLMYZLMefbT0mHhjcdR/9CwcA2i8BcruwW0I55Y9m5TSXQNGsMt8fG4BXsz+WdpTj4G/xSbeQ+bOFI+pV6qER4W/s2IJfRxko8fFrJ9qAganoxtSq8Evl/q0Z+gEosijFpbZanuvPl3eKQ3LsMjrlnBbXf3kPSJHJXdhjqiZRgLgRo9uvYLi0ts6G8BDh6qUkk6PX29kZRdpvetXpH3kuPOVFgm06X7P6ia863WPC1zj9mG57WEcoNc/NlvtHVKOZZjD0L/dDSZxWx5hu/0k0yZTHdbQllVqOF5lRJGR0I4u19YojZn/1yH3lIV+riAeUPTQdINFr0B59aZzfUguKKXXtSm+YOCmmzNY2SRQO+sUhzaWdRx1ljNJQ4mHAdLHn97LUHRbp7ViApaQS/nmxc7LS3gko2UGkpYjy7aMSZRHCz60KdCDZxEdJD6zIBbsJCIDGA9flZJgkX5uen4Dew3bhE6RqF58AWstmHR87G+inph0nULVy0E/hoa/FFu0vFu1WWuIaA6wDl+IACnOLvrA6E+16luDBXWIpd1kh0OC7e8Lls8cnp3Kqjj/h5yUNIALzyuZYXi5bPtekuCYHwXphog3a8l8iUHmWdnbLFhrKaq32wW5jMveP9+el9P/c0sdA+VICpDM6RnqL/M4oSLH07438iJuH0WI5PBe6qiZBOWLx8TBZKHT26oTxUvz3/wBe/MaXVrGMhE2Xi2o73bWrKGQ8lpCIHCyycYygfiBWR8GRwEV4wZErkMa+THfxGNWOmYNgAKYSynAd1aktxHDIQTl1gZsTAPDGl68n6VNqp1Jege7l9AmZeq8kpqf7dBhwgkKi2ZhcsVW8xnOVtscvzOh23uFdoZCIhctQXF6gdttjDCBZCge3fZ/gASTOKxZcEDznIUzEBvAsqlbUYvxSJoXv4qReLbo5YnoRKF2e/hPtJT0dY/ELIA8ttaoSFJ6gkugmcvKdmJse130LYLf6g/mdDWVTSVw//kHx5ebR73KHLVtAdt7sfBSvuB4sWR1HynB/wf/TLjC75k9HYUfa2Q7ZMRLbS0fqbX/CDvnSrPZO/NjrUIjwBm35vQWUgFMMeMRwfC3qteTFrRBskLYP87FYlXDJQLslA7MuqrQ+awjDPLuNMhKCFvYo0O7d5yzkGjA=
Content-Type: multipart/alternative; boundary="_000_DBAPR83MB043778953C0CBEE5AF93CFD991DA2DBAPR83MB0437EURP_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DBAPR83MB0437.EURPRD83.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7119aebf-f182-4ef3-dbcb-08dc9f5f472f
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Jul 2024 15:04:34.4201 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: uzPhs8JfdyF8ixP6933iaO9q9Rr8lkZ17G1S+yCVXh/zliD4MFU8uL7mda3S2obctq5tEMSpmfaJgECzEweR6tpWDgdvxV7m/UJ6naslte0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA1PR83MB0663
Message-ID-Hash: JHAMUZO65VSSDFZTLGHAJSO7OETLWW6F
X-Message-ID-Hash: JHAMUZO65VSSDFZTLGHAJSO7OETLWW6F
X-MailFrom: pieter.kasselman@microsoft.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Wimse] Request for Agenda Item: Workload identity authenticator levels
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/wimse/2oErfz1-dnHWY679tg_lw4qOWp8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Owner: <mailto:wimse-owner@ietf.org>
List-Post: <mailto:wimse@ietf.org>
List-Subscribe: <mailto:wimse-join@ietf.org>
List-Unsubscribe: <mailto:wimse-leave@ietf.org>

WIMSE co-chair hat off, identity enthusiast hat on.

Hi folks,

For user authentication, the industry has well established concepts around different levels of user authentication. For example NIST Special Publication 800-63-3 defines Authenticator Assurance Levels [1]. This raises the question of whether we (workload identity practitioners) would benefit from a similar set of definitions for workload identities.

Consequently, I would like to request a short 10 minutes slot on the agenda at IETF 120 to discuss this topic, see if there are existing work we can leverage and see if there is interest in pursuing establishing some form of Workload Identity Authentication Levels.

Cheers

Pieter

[1] https://pages.nist.gov/800-63-3/sp800-63-3.html

v2.30.2 | Report a Bug | By Email | System Status