[Wimse] Re: Token Translation Requirements
Dean Saxe <dean.saxe@beyondidentity.com> Wed, 31 July 2024 18:36 UTC
Return-Path: <dean.saxe@beyondidentity.com>
X-Original-To: wimse@ietfa.amsl.com
Delivered-To: wimse@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4191C14F5ED for <wimse@ietfa.amsl.com>; Wed, 31 Jul 2024 11:36:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=beyondidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qQh5XgiCR9ui for <wimse@ietfa.amsl.com>; Wed, 31 Jul 2024 11:36:04 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8530C14F602 for <wimse@ietf.org>; Wed, 31 Jul 2024 11:36:04 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id 38308e7fff4ca-2ee920b0781so66952421fa.1 for <wimse@ietf.org>; Wed, 31 Jul 2024 11:36:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=beyondidentity.com; s=google-bid; t=1722450963; x=1723055763; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=BPI82MqWJq2rSHmMBr4Es6C69tVkG4L7qVncK2MTkGI=; b=bzcLeq9sSF8fI7IKKDXc1hzLBeh1Ik7cbRGI8Balfc9qXhKgEA8zlde3EXdV0v1ZgN EsSAS9dPW8wurbJjcQ5Rkzzzw7xKYaNIK69LGUB2v/bqQ/23xDWpoMprUsB3agtS7l0n m6SZAujyaA+dtmuKPsW3qhlVoG0VtH4NljUwV0W6VSoP1iktFV+CEctAHW6VL3KKALFs UHoDmPr+Nr1ZXobpozSxk2ST5ZXENi8EeDcPwBc+S4wC2X3/SyichXqO50srOSxbavjY rSe+9BzHSe0sgjRvYdb3477Z9bBztDQDNVtr083WJASb19fzduUrzmqNlpndIx0AEpS7 bMsw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722450963; x=1723055763; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=BPI82MqWJq2rSHmMBr4Es6C69tVkG4L7qVncK2MTkGI=; b=FdNpONYpoHsWDPDK5OQUSjmeMqS7WnpgSw/FxSkCRHFyBA8wroMmd1ggp3enVmxBUA kgZh1HgnHTH96y9mjHXgBO6umpa30ElEbklTVWPOGV6jrRaIqpvOKYzXLKPba0m6nSE6 0brfacMJ5mC17epEaXeTUrPzjkf2YH8BX20xM9oueZPk9irW7B7V9/hB7MnCQ5Dm5E4L tmPTtX+5RapLmczdeHxkLiSJCr13aeR+yXHG4mAaSqICML5XyiCbJEm4ElXTHQGpqydL TB027dsMrQdSd4n6NkK6odJm6fpwbAd4zO0D4ohmnkC2c8lHaopvwKlmtKTqY1Pj5A2o GFsg==
X-Forwarded-Encrypted: i=1; AJvYcCV+YQw9LcUSwYv0hmFet/IzYNaQ4PC+GKJe8oYgwxNDNLtUVp0UeyUCN7EnAh1Hie9yxsx0x4iGih3xm3kqLw==
X-Gm-Message-State: AOJu0YzOVtqH6DO+ZmxmauF6ukd1Y7Zxk4AFWAJCAjyKnZlPu+/jitOI 2CNKUt9e4yEp0BM54k4yLqtdhjWLxk8S+34/PIjmqpYOEcfLTDnwNYE5YnKIxIl55FNU9D7QF6f Igx2wnV1HzU+Ntrr6IM14QhpAInTlfuQs4lvrcg==
X-Google-Smtp-Source: AGHT+IFwleREalScrtGKUdk4/JATq1Ip7vIdKgkQs6RU4WvFObneOk9mYujp9tzOS+yr1U70cwYfnyK2ztU0KWwO/QA=
X-Received: by 2002:a2e:a0d7:0:b0:2ef:18b7:440a with SMTP id 38308e7fff4ca-2f1531095abmr2085951fa.22.1722450962393; Wed, 31 Jul 2024 11:36:02 -0700 (PDT)
Received: from 1064022179695 named unknown by gmailapi.google.com with HTTPREST; Wed, 31 Jul 2024 18:36:01 +0000
Received: from 1064022179695 named unknown by gmailapi.google.com with HTTPREST; Wed, 31 Jul 2024 18:35:59 +0000
MIME-Version: 1.0 (Mimestream 1.3.7)
References: <C9F484ED-DD76-41CB-8EBA-5A169BDB6D61@mit.edu> <7cec78e0-0f06-4fcf-97d4-86389fc80397@cisco.com>
In-Reply-To: <7cec78e0-0f06-4fcf-97d4-86389fc80397@cisco.com>
From: Dean Saxe <dean.saxe@beyondidentity.com>
Date: Wed, 31 Jul 2024 18:36:01 +0000
Message-ID: <CALH0CC3uH_V5Nbu4iQPKK-uOQLaqhemXVBZ2w6=RNmdqtsKiTg@mail.gmail.com>
To: "Flemming Andreasen (fandreas)" <fandreas=40cisco.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c1ce4c061e8f5dcf"
Message-ID-Hash: XQVW4BLGOGNCJ4X6LKUT6SJ3WTA5OTOR
X-Message-ID-Hash: XQVW4BLGOGNCJ4X6LKUT6SJ3WTA5OTOR
X-MailFrom: dean.saxe@beyondidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Justin Richer <jricher@mit.edu>, "wimse@ietf.org" <wimse@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Wimse] Re: Token Translation Requirements
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/wimse/Di0DeFfE8E5uS6ru5FHRAF8Rwvg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Owner: <mailto:wimse-owner@ietf.org>
List-Post: <mailto:wimse@ietf.org>
List-Subscribe: <mailto:wimse-join@ietf.org>
List-Unsubscribe: <mailto:wimse-leave@ietf.org>
Thanks for the feedback, Flemming. After hearing the discussion about use cases in WIMSE and later in SPICE, I agree that this is unlikely to become a RFC, but there is good information in this draft to help us guide the work moving forward. Chairs, I’m at B on this doc - we need to continue developing the doc while recognizing it’s not destined to be an RFC. I’m supportive of this being an I-D and later being codified into a wiki or similar artifact. -dhs -- Dean H. Saxe, CIDPRO <https://idpro.org/cidpro/> Principal Engineer, Office of the CTO Beyond Identity dean.saxe@beyondidentity.com On Jul 30, 2024 at 2:28:09 PM, Flemming Andreasen (fandreas) <fandreas= 40cisco.com@dmarc.ietf.org> wrote: > My preference would be Option A, but as noted below, I do not see the > document becoming an RFC. > > A few considerations wrt. the current document that I would like to see > addressed going forward: > - The requirements are fairly high-level and generic in nature. It would > be helpful to focus on specific token formats we want to support and > requirements associated with those. > - Requirements around when and how token translation should be done. > - Requirements around how to deal with token translation with information > loss. > > I will note that some of the above is addressed in the corresponding > protocol document ( > https://www.ietf.org/archive/id/draft-saxe-wimse-token-exchange-and-translation-00.html) > but if we want to do requirements, then we should consider them in the > requirements document as well. > > Cheers > > -- Flemming > > > > On 7/29/24 08:26, Justin Richer wrote: > > Following discussion in Vancouver, the chairs would like to begin > discussion on what the next steps should be for the Token Translation > Requirements document [1], an output of the Token Exchange Design Team. > This is not a call for adoption as there was a clear indication in the room > that the document was not yet ready for this stage. > > As this is a requirements document, and it is unusual for a requirements > document to be codified as an RFC, the chairs would like the group to > discuss what the intended direction of this document should be. Please > reply to the list to indicate that: > > > A: You believe this document should be developed into a state that the WG > can adopt it. (Please discuss what you believe would be required changes > for this. Please keep in mind that a call for adoption is a starting point > for a document, not a finished document.) > > B: You believe this document should be developed by the WG as something > other than a WG / RFC-track document. (Please discuss what you think the > right format or forum would be - a wiki page, a web page, an eternal I-D, a > blog post, etc) > > C: You believe this document should NOT be developed further by the WG. > (Please indicate why if possible) > > D: You need more information before making this decision. (Please indicate > what information you’d need) > > D: You don’t give a flying rat about this document (i.e., this is not a > topic you care strongly about) > > > Please reply to the list by August 12th, 2024. > > > > — Justin and Pieter > > [1] > https://datatracker.ietf.org/doc/draft-rosomakho-wimse-tokentranslation-reqs/ > > > -- > Wimse mailing list -- wimse@ietf.org > To unsubscribe send an email to wimse-leave@ietf.org >
- [Wimse] Re: Token Translation Requirements McAdams, Darin
- [Wimse] Token Translation Requirements Justin Richer
- [Wimse] Re: Token Translation Requirements Flemming Andreasen (fandreas)
- [Wimse] Re: Token Translation Requirements Dean Saxe
- [Wimse] Re: Token Translation Requirements Dmitry Izumskiy
- [Wimse] Re: Token Translation Requirements Joseph Salowey