[Wimse] Re: Authentication Levels for Workloads
Pieter Kasselman <pieter.kasselman@microsoft.com> Mon, 29 July 2024 14:33 UTC
Return-Path: <pieter.kasselman@microsoft.com>
X-Original-To: wimse@ietfa.amsl.com
Delivered-To: wimse@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F022C15107A for <wimse@ietfa.amsl.com>; Mon, 29 Jul 2024 07:33:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.254
X-Spam-Level:
X-Spam-Status: No, score=-2.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5LabNlgTP6CR for <wimse@ietfa.amsl.com>; Mon, 29 Jul 2024 07:33:32 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2104.outbound.protection.outlook.com [40.107.22.104]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49C4DC151532 for <wimse@ietf.org>; Mon, 29 Jul 2024 07:33:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Luau4BN3hYirpdOdMxmRSF4tu7o7R2zbZALQZ8Kc9beKD41TrhOlUhFJEtf+69D3eTGehX8J2BP3cw1PdZp6CYHds+hScq4GrJtwt9QAhMgBaJ6WjDnUECHHLagRXtZ6uREIMekpOPOOFOEm+gv+Q0VftLFA/TlfnfXQEQTR+2vWNl6lSfXQXpTvqUgPEZf/ZHKfgUHPyvpmfaul4Ysa/xHpEJ0c/tN1LfagKSIn4vYFwRd1gf27LxBekD9XALoAVf6a9bG7ZX4MqSRoDxk5Gli9vdTfPG26LZzDHrpm7DkpHCXca1pwZz2VM7VnPWJFUlzivQRL+f04Ghj/b/wACQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dlr78QjSbzYKm1Q0d2gtkSift894oZ65hhdmDrcdZ0s=; b=UnpfmObYFLvAAN0foWqHAjp6xrHuIphCugwMCldbUo/Gq6Ct7DSyjjCGyXe5bNsuOBEbNw8afwLbgxuyKzxC5/CUdHW0uJh5kkJc130SHisFv88fmn1zMGmeXSFKgPLaHNEwPKstICTW5QqQn+LsF5p6yHmt9Ciwl/LCNos0jGmELvETs8VagUl1jY209DHEgrYvVhNHbO6x6MwO9NZpRHUZuo98XFoPWYfhk/wVcxkg9W7J4EXl4XNs33weMNDKwsQ4DMBI9WZa/+sI77YxxVWi83ILi3ujm00RPD4Lo6yYERkfDdSdsDSDO3euWW/tkeV5RA+DaHw0KJCFx/jTNw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dlr78QjSbzYKm1Q0d2gtkSift894oZ65hhdmDrcdZ0s=; b=OeOJbe1ZdaEa5fV3NkpnqndNvwTnH6iPV+xOvaKbkNgEQnxLTeCK09wUwEMkanfuqZhzXNUAbm9WJyoSB7zbVehAG3I0/U4Wd2pzD4NBbEMioq/tfaAnbWmxApvK+ozIoWDtu7VYQrsZG03d5I+7d9fGzHDAVU+OvQ2JK6FBAdg=
Received: from DBAPR83MB0437.EURPRD83.prod.outlook.com (2603:10a6:10:19e::6) by GV1PR83MB0573.EURPRD83.prod.outlook.com (2603:10a6:150:164::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7807.7; Mon, 29 Jul 2024 14:33:28 +0000
Received: from DBAPR83MB0437.EURPRD83.prod.outlook.com ([fe80::9ee1:305:cfd7:dded]) by DBAPR83MB0437.EURPRD83.prod.outlook.com ([fe80::9ee1:305:cfd7:dded%3]) with mapi id 15.20.7807.005; Mon, 29 Jul 2024 14:33:28 +0000
From: Pieter Kasselman <pieter.kasselman@microsoft.com>
To: "A.J. Stein" <ajstein.standards@gmail.com>, Justin Richer <jricher@mit.edu>, "wimse@ietf.org" <wimse@ietf.org>
Thread-Topic: [Wimse] Re: Authentication Levels for Workloads
Thread-Index: AQHa4bK4T9dP7/fDFE+iaUlCVa6wZrINwteAgAABXQA=
Date: Mon, 29 Jul 2024 14:33:28 +0000
Message-ID: <DBAPR83MB04374828D370755D268AF23391B72@DBAPR83MB0437.EURPRD83.prod.outlook.com>
References: <9F066930-20F3-4273-8E2A-8D42B087E668@mit.edu> <CAMvBLPK9xwivYV27fqYrJE1zxjxQ-KdT=1wCHEsybGh26HgptQ@mail.gmail.com>
In-Reply-To: <CAMvBLPK9xwivYV27fqYrJE1zxjxQ-KdT=1wCHEsybGh26HgptQ@mail.gmail.com>
Accept-Language: en-IE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=0a6bc674-4f8f-4377-9741-d9037a918f5f;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2024-07-29T14:30:03Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DBAPR83MB0437:EE_|GV1PR83MB0573:EE_
x-ms-office365-filtering-correlation-id: 10504bf7-0ead-421f-441c-08dcafdb69ca
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|4022899009|366016|38070700018;
x-microsoft-antispam-message-info: GEQlT8o/E3mZG8BdgTGUSU2kZU0S/0l39vA7d0jFMTCi0MnDhYV20IDwKnIO4lGFhjHM/+sEe5yhv4VUwDwYFRSf5RfxEzPP/n9e/fY+UEgsofxIAbfmfH5KlD4UKP3BNENgfuZjYUOePD6xlB8Tk850G7WcBEdzNZ8ED6f6jtwIR7Rx8e1MJ6I/ytFzPcGxpRZHaYUY0AD4YnmOyuJuZSkRFCg0idQbHh/xg6GsifjadVC5bT0ZUvJnJcT5RbA5JMo/QHuHgV08ECiQ8HKA19eusPpoUYhEDt8eLGcB7/9mQeURGW09ZhGegm7XnJa9yNOS3hU+Lp9h3s9B/U90+bIVkUDb8h8GTfdEOtHZ5nHnhZiEu+y0V/yeDn3xbm3jcNFXZXjh0rCLTq05VMeTGjBNCk2bFfLDK3kj0CxMdafMGOR3ZZdugXtVRq2aT5ii0iVUiwPt6M9FvIlBw0Qw01P/9AC9vSgtShkZRr4YLYlAhx4YPbqu2FRm8ub521ulNMA1TdLNcI0zIV8aacesEbXGRW4FY6LnXxoItUV4aq3jwPGCIQMZvr4I7leVg/6pHs+G/3lMmM9ftfH0TFzxSzdt0y1MoDjV4Ab4f6hHgN57SKZnBJuOJWW6EHsCNLhWg6ev5s9yAijVueeIwLt7ybsFBKIhm7A6Mi93PGGQ1IRO2T5YqOsmlxBJkudvfpOQw+IFUkPG/DPv0nk0SW73SLXR7rdlWKSWrsS6F8WJXgKteIMJHilNf1cr+hazmmNMxEh/LbR45IhCEDlC+vk1v9W30U8ZkoymvQzQHyqrjMsCtB/jGxFqNtppTWw5YVFgSFmZMxpVirbGmJ45/Xa6mu/cPCUSL70iVcqeI2SchbOe03cZ7pI01EmuQ23RrL/LkeSojhybG9r4vwSL02GMOMt3iLxpo/CFc+K36gkqkKLxMpUSEj/vR1izds8GFac2kS2316RMn323FunINDXFX4TuULatoNX1cGjF8d9JujA3dgkhTrD9J53mRKfSIG4gPN7kwcgfcjZRg8907mROPnz3edET8uC84oKqNLAqeWQjC0D+bKNluQA7FCy1RSAolsBqXg4AzcfUfaA2jvX8gPuXpsicj/bROMz2QQueNHIcewtcvKHAZxYHVH0XOGzz1wIs73yM2xQTMEWKGMWaNfoEOP9l4BreGKne+epA7aVo8TO7Pv0q3i3pJzpgWXz4b/gBPctPxKBbzBQYlyM/OiIZbycQnstCDtKvcRB9E2HbTrBSePyRasdyNW/SszlTNGz5S8pX+skyfKnplI6abySGpcprRmCJzjUuRsZNpbyErxsBaS+Z8ROTAK5TiKEdhFvCM9Hyae7KKsrcQdbt7lb/JKGAW18q3ZfRTKf0OXA=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DBAPR83MB0437.EURPRD83.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(4022899009)(366016)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: T65c16nghTY7bSD5bs+c29XoQqLwJT1LO6KysD0OnI46UeZUvQ78ZGrICVmHh0T/ujxpxOOS+oiAS+SBl9VuYW+w8sXR5ZRPcVMGZZZN/WHp3jL3yxragroAddQ3CEidXwV/5cEyDBSxFsqs1Y6AHcksWwr5tkC59sZjcKMWDeVt/PMb3lQY+Aaa1Mr6a8/R8gEPVtN7MljsBAVlqM3QADL/kxKQsjbKxJrvUWtWnnIFdNUdyGFLbZsniosyUxHNXcGImqsZFA79DrF+/eqDHpnaM7kVyd0QzjBUOSG0JesFBitZoFoYADLxNc1zGAO8zPxYI8YrEIkVfi4bqy2hgflU/jE9uTtBUZhFUs3/fjs4Fin4ECmm8Aer9+/a5mn08g/lRg+xwBsQ1TANDsT1UaEEHxgXmuocodTAdPZGF7L4LCeI/ZEUWu5AGcNjE1xdFMfpoi5Otzn2KGRe03/9VkqSM3sHeYM8IBzAsCVdaIlEUZLgLSBfctZUnLUDdyBVVlKmB6inz+cY+a2WLQwA9J1FxtM76Nq3Xq/ThX2ycLyLIGZT7y64s5F5nNicip2VJd7VgV0/I4MgrViFBNIDSJqbyKbkCgd1w4az8tldOqoN4Tpsid/Kv2pR1LuWHW/+aqjck40Yikjj9mWEPCMmEefs4UzKOkP6Voqxx2CNciRknhKEQd1Ve1eDfO9sZfZ8Rf4uLEtSTum+eMgZQfkVgxyBjp022wNxxIvHib+LCcoVVB7fibr30X5DtsVXOn3TgjCWk5SFzHaOsM5EwPrOU1aMZwBcJDydiGebP3DxU93KdhFazYuk/ySVYpI5mypd7IqBD2TKTITrAEGk9AVO7+6+WzmTRI6/Gfa7bFrfQDlLd2FuMECirayiSvZkzj2kbOlHgRj6XuFLfgVnszkBdMz+16774deZZHA/T3Nnu29mBXTNqPzE441SjU313OjANc6gGUk571++2Pvi7+0/H2dFYd82s1U+NRqlmshhvrRwGNFs4C7wgUe7cTD3ABKnK5DsfIdpbbvrrZ/+3fPb+5+dZPQM/qZUk7g+1a0KsI1SaniWvYhs79ZMUg05DZEu5qOy9iG9lwa6MTRthtnQr0GtCzqY6F49rLr1bR8g6crW+jA8RmYevDQi/adcI4qEsD73SarBPWxj0yrZSgDnwkswOjlvkkqbGM2LNcZYT0ZZmXD0HlliNaD1zrSMzTvPH9ZGNb6vT5irlhHTj3pLqGy5/QBJ9BFa3FnY8Sl3MZK8IDsxuOge8jgMRSwf08XXgewhx+A3BGMiuqlGJCYDkJm4jQNBx9+/mK5BrbZqRT1wnmAP2xtIb67r98sXyCmpn+kbR9ajSt2FWb+xDo5BBUixH+rD+M5nLtaX/n+jPl7odeuYXwwg8mohFjir/TGdBWwwB5EZCdud4CYLKGWtv+dAHImP1dABwgl/hLDa4MBLUkSuRnERqrfl+Rx20IBiH5eDvhHTNdbbpaw8L0Riazv+O7zAZGBksebS6m2MQOCXL/K0du4iGRNpDXDFMOb3
Content-Type: multipart/alternative; boundary="_000_DBAPR83MB04374828D370755D268AF23391B72DBAPR83MB0437EURP_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DBAPR83MB0437.EURPRD83.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 10504bf7-0ead-421f-441c-08dcafdb69ca
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jul 2024 14:33:28.7149 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: sC3xp+4e6aArrBpw88mhvVeKqK0+yS/qVhefCp8EiphPBFdKiQ1UsyFcKvuvgFSX6MOl9anSw9HkSISmwAEk5RGUXBuX5wPqUpwm3tV/8AY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1PR83MB0573
Message-ID-Hash: ELVYSPPRH2YE45EZI752Y6PLJ2HEJJ7W
X-Message-ID-Hash: ELVYSPPRH2YE45EZI752Y6PLJ2HEJJ7W
X-MailFrom: pieter.kasselman@microsoft.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Wimse] Re: Authentication Levels for Workloads
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/wimse/31ITA-twE4mqzypIYridNDNWiPE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Owner: <mailto:wimse-owner@ietf.org>
List-Post: <mailto:wimse@ietf.org>
List-Subscribe: <mailto:wimse-join@ietf.org>
List-Unsubscribe: <mailto:wimse-leave@ietf.org>
Thanks A.J. Can you say a little more on how you would benefit if such a draft exists? Cheers Pieter From: A.J. Stein <ajstein.standards@gmail.com> Sent: Monday, July 29, 2024 3:25 PM To: Justin Richer <jricher@mit.edu> Cc: wimse@ietf.org Subject: [Wimse] Re: Authentication Levels for Workloads You don't often get email from ajstein.standards@gmail.com<mailto:ajstein.standards@gmail.com>. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> On Mon, Jul 29, 2024 at 10:03 AM Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu>> wrote: In the Vancouver meeting, there was a presentation from Ryan Hurst on Authentication Levels for Workloads. While this is not a current WG charter item, the energy in the room indicated that it is a topic of interest. As such, the chairs would like to encourage conversation on this topic. Please see the presentation slides [1] and recording [2] for more information. I had missed the WIMSE session and not reviewed the agenda. This presentation is informative to me based on the first few minutes, so thanks for bringing it up.I will now watch the full session later. I would also like to encourage the presenters to create an I-D to capture their thoughts on this topic to encourage further discussion. As one lurker and hardly active contributor, I would benefit from this I-D if they move forward with it. — Justin and Pieter [1] https://datatracker.ietf.org/meeting/120/materials/minutes-120-wimse-202407241630-00 [2] https://www.youtube.com/watch?v=-BVTXj94wbw -- Wimse mailing list -- wimse@ietf.org<mailto:wimse@ietf.org> To unsubscribe send an email to wimse-leave@ietf.org<mailto:wimse-leave@ietf.org>
- [Wimse] Authentication Levels for Workloads Justin Richer
- [Wimse] Re: Authentication Levels for Workloads A.J. Stein
- [Wimse] Re: Authentication Levels for Workloads Pieter Kasselman
- [Wimse] Re: Authentication Levels for Workloads A.J. Stein
- [Wimse] Re: Authentication Levels for Workloads Ryan Hurst
- [Wimse] Re: Authentication Levels for Workloads Pieter Kasselman