IETF Logo Mail Archive

[Wimse] Re: New Version Notification for draft-sheffer-wimse-s2s-protocol-00.txt

Yaron Sheffer <yaronf.ietf@gmail.com> Wed, 03 July 2024 18:23 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: wimse@ietfa.amsl.com
Delivered-To: wimse@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6183AC14F712 for <wimse@ietfa.amsl.com>; Wed, 3 Jul 2024 11:23:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.006
X-Spam-Level:
X-Spam-Status: No, score=-2.006 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b69UGR__Afoy for <wimse@ietfa.amsl.com>; Wed, 3 Jul 2024 11:23:53 -0700 (PDT)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 973A9C180B4F for <wimse@ietf.org>; Wed, 3 Jul 2024 11:23:53 -0700 (PDT)
Received: by mail-lf1-x12a.google.com with SMTP id 2adb3069b0e04-52e94eaf5efso1627867e87.2 for <wimse@ietf.org>; Wed, 03 Jul 2024 11:23:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1720031031; x=1720635831; darn=ietf.org; h=content-transfer-encoding:to:references:message-id:in-reply-to :thread-topic:subject:from:date:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=5qm75KFXNf3ni2min1TsXipjo1fFBRyIAu/zLoU6OLw=; b=DyQQRZyIsTaCQg6eUdoHfHUA28fcIcYahu1NCt2Tyu1PDrC6m5kdrK+CI89Tp1qtDL eMTaupdcdbDmpBIHVmWAG7My9hdNG7O5NzzVNAr4llgs+RpOC9RgWeV5wAjtvfZvwhr0 uaHS5T6LWEKq9AZq4pYUeOnVF7UOj+4Rwc0QxK4L9fvxpX2WY+BaefECXFKVlW8+w7vQ Frzyi/skDYiF2MP/bQSqnejXeoC/Wr33Ue/DABZY9cjJJFUhPRiRGKaCqBlN5ku/xy6W 8/7V6x2QZY4EGA5O0bMFrsDQvVU3tv3SPpbyzQHcCbmQ0FLjNXrVHF2wOMdm8bVZtHcw Lchg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720031031; x=1720635831; h=content-transfer-encoding:to:references:message-id:in-reply-to :thread-topic:subject:from:date:mime-version:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=5qm75KFXNf3ni2min1TsXipjo1fFBRyIAu/zLoU6OLw=; b=WJVHswa3SfGP6KiwyddoFHjgUmtRPMwN5PNEwAxe/Q6Dx3pcuDTMJAQ9l5DFSCJzYP JXqNa/6KlKpjSGB3FbJn47Gq/lYDrSGSYJHTgaUHmO8WaFIza4hk/yyVEf8/CkwUrXlF yvtet2d0qaYS0DmF0SCZEOrkF+Nk8iDtc5Rr5kibMjKMAQYkFCbRTHToLDhnzndhJ5Ae eu2Jzxvp37mBS9CWjGgGibvag6xLbEtQV46lNw7nf13gisAOmvEcaj2jWRkkRVaQcc3h SSAGgmaGHnPryfBjA6/8nLw5opCSFvIFm6TmFdooSQBHX6QvKLkoHqD+6wNR2fIMt9s5 6Dhg==
X-Gm-Message-State: AOJu0YxJ503aPJNzIJ9Yg7MpGAsX42HevB78b8t4Yc68Ltyf7P32hShz r1XXIOnR1TcCeBBg2fKlGLElOSb/9j47H97/ec5c6nZ9k8KTHVf16Cikxcvh
X-Google-Smtp-Source: AGHT+IESuXry1Sb01gsdujCGFep0/De4l9dCdITZZFoWpIEqbO+Tr8T4Xi0YJkoonlDec5lGhJV9Ew==
X-Received: by 2002:a05:6512:1285:b0:52c:9f9e:d8e3 with SMTP id 2adb3069b0e04-52e82687f12mr8586546e87.31.1720031029765; Wed, 03 Jul 2024 11:23:49 -0700 (PDT)
Received: from macos-F7LQR2FV6V (IGLD-84-229-146-123.inter.net.il. [84.229.146.123]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4257a2f7451sm192586835e9.0.2024.07.03.11.23.48 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 03 Jul 2024 11:23:49 -0700 (PDT)
MIME-Version: 1.0
Date: Wed, 03 Jul 2024 21:23:46 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
Thread-Topic: Re: New Version Notification for draft-sheffer-wimse-s2s-protocol-00.txt
In-Reply-To: <172002996152.1005451.5563247643902230109@dt-datatracker-5f88556585-g8gwj>
Message-ID: <FC6C1517-AE13-AC40-BCF5-77B77226BCE1@hxcore.ol>
References: <172002996152.1005451.5563247643902230109@dt-datatracker-5f88556585-g8gwj>
To: "wimse@ietf.org" <wimse@ietf.org>, Arndt Schwenkschuster <arndts.ietf@gmail.com>, Brian Campbell <bcampbell@pingidentity.com>, Daniel Feldman <dfeldman.mn@gmail.com>, Joe Salowey <joe.salowey@gmail.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
Message-ID-Hash: S6OH5B4TYCWKKU4OUJ7VH3NRQ7EOHFJQ
X-Message-ID-Hash: S6OH5B4TYCWKKU4OUJ7VH3NRQ7EOHFJQ
X-MailFrom: yaronf.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Wimse] Re: New Version Notification for draft-sheffer-wimse-s2s-protocol-00.txt
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/wimse/EmoxsAzLSAe4NIrC-an4ouFe7o0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Owner: <mailto:wimse-owner@ietf.org>
List-Post: <mailto:wimse@ietf.org>
List-Subscribe: <mailto:wimse-join@ietf.org>
List-Unsubscribe: <mailto:wimse-leave@ietf.org>

Apologies for this mess. Maybe it’s time for the IETF to standardize email…

 

This draft is the product of the service-to-service design team, and

defines the protocol between two workloads communicating over HTTP

(a.k.a. REST).

 

This is still an individual draft. We plan to present it to the WG in

Vancouver and ask the group to adopt it.

 

Comments of course are most welcome. Until the draft is adopted, it is

managed here: https://github.com/yaronf/wimse-s2s" title="https://github.com/yaronf/wimse-s2s" rel="nofollow">https://github.com/yaronf/wimse-s2s

Feel free to open PRs/issues.

 

Thanks,

     Yaron and the design team

 

 

 

On 03/07/2024, 21:06, "internet-drafts@ietf.org" <internet-drafts@ietf.org> wrote:

A new version of Internet-Draft draft-sheffer-wimse-s2s-protocol-00.txt has

been successfully submitted by Yaron Sheffer and posted to the

IETF repository.

 

Name:     draft-sheffer-wimse-s2s-protocol

Revision: 00

Title:    WIMSE Service to Service Authentication

Date:     2024-07-03

Group:    Individual Submission

Pages:    21

 

 

Abstract:

 

   The WIMSE architecture defines authentication and authorization for

   software workloads in a variety of runtime environments, from the

   most basic ones up to complex multi-service, multi-cloud, multi-

   tenant deployments.  This document defines the simplest, atomic unit

   of this architecture: the protocol between two workloads that need to

   verify each other's identity in order to communicate securely.  The

   scope of this protocol is a single HTTP request-and-response pair.

   To address the needs of different setups, we propose two protocols,

   one at the application level and one that makes use of trusted TLS

   transport.  These two protocols are compatible, in the sense that a

   single call chain can have some calls use one protocol and some use

   the other.  Service A can call Service B with mutual TLS

   authentication, while the next call from Service B to Service C would

   be authenticated at the application level.

 

 

 

The IETF Secretariat

 

 

 

v2.30.2 | Report a Bug | By Email | System Status