IETF Logo Mail Archive

[Wimse] Comments on draft-ietf-wimse-arch-01

"Flemming Andreasen (fandreas)" <fandreas@cisco.com> Fri, 19 July 2024 00:40 UTC

Return-Path: <fandreas@cisco.com>
X-Original-To: wimse@ietfa.amsl.com
Delivered-To: wimse@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8689C180B63 for <wimse@ietfa.amsl.com>; Thu, 18 Jul 2024 17:40:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.741
X-Spam-Level:
X-Spam-Status: No, score=-9.741 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2jjXAxi89lYv for <wimse@ietfa.amsl.com>; Thu, 18 Jul 2024 17:40:53 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87179C169430 for <wimse@ietf.org>; Thu, 18 Jul 2024 17:40:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=8199; q=dns/txt; s=iport; t=1721349653; x=1722559253; h=from:to:subject:date:message-id:mime-version; bh=tU+8xQ5gmEELy+DnJbWISH/ZkHno6JCttHdvNCfPfM8=; b=X6ofC8+z8lag6euNKE6e00i/M+Cl8waYehV3zCBPK3SvrYOYxeWfJxrh oEWWyTJi9sFDdqwsgYm9OAROFPcpI9Bb2YIPUQP3+1rTFhQi1tPlzh9W6 lZ1KfnoozdSXK4T1FRvil1OfLUn2eII6zjA2zZAO/Kpludqm1TaVMD8K1 s=;
X-CSE-ConnectionGUID: NO1/LVcdTKO+kHxrc+J40w==
X-CSE-MsgGUID: HFWXVF85QaWVeKnd4/N8JA==
X-IPAS-Result: A0DVAABvtZlmmJpdJa1RCYEugSqBciooegKBHIUdg0wDhS2IQS2XPYZUFIFqDwEBAQ0BATsJBAEBghKDDIkZAiY0CQ4BAgQBAQEBAwIDAQEBAQEBAQEBBQEBBQEBAQIBBwUUAQEBAQEBAQE3BQ47hXUBDIZ2EWgBDA4wAgQvFxAEFQEBHoJeAYIcSAMBEKImAYFAAoooeoEygQGCGAWCXdsdBoFIgleCG4NAASSBMQIChCCEQycbgUlEgTwLhhcCgSISFINzgmkEgWSDH4xBQYESOgKCJEaCcgQFBg+CIIEMhAVQgwZnFiYLjV2BSSIDJjMhAhEBVRMXCz4dAhYDGxQEMA8JCyYpBjkCEgwGBgZZMgkEIwMIBANCAyBxEQMEGgQLB3eDJQQTR4E3iWGCBIEtghqBDIMOgUqDaYFrDGGHe4FxgT6BYUqBGoFlSoR0eR1AAgELbT01CQsbBqolBDmEOCYEMhEQeyQuDWMrllSLNKIagT0KhBQFjAyVKAYPBC+pWGSYayCNWJprAgQCBAUCDwEBBoFnOi0bgRNwFYJuAQEzURkPjjqBFQEJh1bHCYEzAgcLAQEDCYpqAQE
IronPort-PHdr: A9a23:bQyvgxAptV4LoG2AHJdXUyQVpBdPi9zP1kY98JErjfdJaqu8us+kN 03E7vIrh1jMDs3X6PNB3vLfqLuoGXcB7pCIrG0YfdRSWgUEh8Qbk01oAMOMBUDhav+/Ryc7B 89FElRi+iLzKlBbTf73fEaauXiu9XgXExT7OxByI7H7E4jelcm+zMi5+obYZENDgz/uKb93J Q+9+B3YrdJewZM3MKszxxDV6ndJYLFQwmVlZBqfyh39/cy3upVk9kxt
IronPort-Data: A9a23:n6vDB6y91I0I4e+vdyV6t+c9xirEfRIJ4+MujC+fZmUNrF6WrkUFy 2FKXDiCO/+OZGDxe9Enbom+8UsFusLWxtdnTwA4+FhgHilAwSbn6Xt1DatR0we6dJCroJdPt p1GAjX4BJlpCCKa/1H1b+WJQUBUjcmgXqD7BPPPJhd/TAplTDZJoR94kobVuKYw6TSCK13L4 YKaT/H3Ygf/h2YrazJMtspvlTs21BjMkGJA1rABTagjUG/2zxE9EJ8ZLKetGHr0KqE8NvK6X evK0Iai9Wrf+Ro3Yvv9+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+vpT2M4nVKtio27hc+adZ zl6ncfYpQ8BZsUgkQmGOvVSO3kW0aZuoNcrLZUj2CCe5xWuTpfi/xlhJGcRZMo8xO17PUJpt v84OCoGLTLf3/3jldpXSsE07igiBNPgMIVasXZ6wHSCS/0nWpvEBa7N4Le03h9p2ZsIRqmYN pFfMGczBPjDS0Un1lM/Bps4kP2lj2LXeDxDo1XTrq0yi4TW5Fcojei1bYaEJbRmQ+11sHmom EyWol3wPS8XF9qTlX2jolCF07qncSTTA99KS+biqZaGmma72W0WExA+VFanr7++kEHWZj5EA 1Yf9ixrpq8o+QnwCNL8RBa/5nWDu3bwRua8DcUcz1jK7pTf7zq6ISsHbi5bY58E6JcpEGlCO kCyo/vlAjlmsbuwQH2b96uJoT7aBcTzBTFZDcPjZVVei+QPsL0OYgTzosGP+ZNZY/XvEj32h juNtiV73PMYjNUA0OOw+lWvb9OQSnrhEFNdCub/Bz7NAuZFiGiNPNfABb/ztq0oEWphZgPd1 EXoYuDHhAz0MbmDlTaWXMIGF6yz6vCOPVX02AE1RsJ5rG/9pib/Jei8BQ2Swm80bK7onhe0P yfuVf95vc470IaCNPUuOtngUazGM4C7RYS9C5g4keaikrAqKVfYp3sxDaJh92vsi0Mr2bouI ouWdN3kDHART8xaIMmeGY8gPUsQ7nlmnwv7HMmjpzz+iOb2TCDOE98tbgDRBt3VGYvZ+m05B f4FaZvTo/ieOcWjChTqHXk7dwtVdSBnWcCt96S6tIere2JbJY3oMNeIqZsJcI1+lKMTneDNl kxRkGcCoLYjrRUr8Tm3V00=
IronPort-HdrOrdr: A9a23:FIw5gqgCn9gKSXCwF/5XTRuUW3BQX4d23DAbv31ZSRFFG/FwyP re/8jzhCWVtN9OYhAdcIi7SdS9qBPnmaKdkrNhQYtKPTOW8ldAQ7sSlrcKrweQfxEWldQtmJ uIEZIOcuEYZGIS5a2VkWvIdurIq+P3lpxA8N2ut0uFOjsaEp2IgT0JbTqzIwldfiUDL5w/E5 aX+8pAoBSdWVl/VK6GL0hAddLu4/nQmrzbQTNuPXMaAQ+14g+A2frfKVy1zx0eWzRAzfMJ6m 7eiTH04a2lrrWS1gLc/3W71eUYpPLRjv94QOCcgMkcLTvhziyyYp56ZrGEtDcp5Mmy9VcRls XWqRtIBbU815qRRBD1nfLe4Xii7N8c0Q6h9bZeuwqnnSXNfkN7NyOGv/McTvKW0TtmgDg26t M144vQjesoMfqHplWw2zANPCsaz3ZdZhEZ4KguZzY0a/puVJZB6YMY509bC5EGAWbz750mCv BnCIXG6O9Rak7yVQGRgoBD+q3aYp0IJGbxfmES/siOlzRGlnFwyEUVgMQZg3cb7Zo4D51J/f 7NPKhknKxHCpZ+V9M3OM4RBc+sTmDdSxPFN2yfZVzhCaEcInrI75r6+q886u2mcIEBiJEyhJ PCWlVFsnNaQTOnNeSemJlQthzdSmS0WjrgjslY+phio7X5AKHmNCWSIWpe5/dIY89vd/Ezd8 zDSq6+WcWTXVcGMbw5rDHDZw==
X-Talos-CUID: 9a23:GohI8WitGViADNv5X6l6EJILWTJuVFqEi1PuKEOEKkEqS52FU1TT2v88jJ87
X-Talos-MUID: 9a23:7sef8Q2jNZUg88sdSzDHnjhPCjUjw4qROH4jwcg/sva6OA92N2vaqmSVa9py
X-IronPort-Anti-Spam-Filtered: true
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-2.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Jul 2024 00:40:52 +0000
Received: from rcdn-opgw-3.cisco.com (rcdn-opgw-3.cisco.com [72.163.7.164]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 46J0eq5T031746 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <wimse@ietf.org>; Fri, 19 Jul 2024 00:40:52 GMT
X-CSE-ConnectionGUID: qDqo+uICRsitKEvllcPhKA==
X-CSE-MsgGUID: GihaW3dgSFC0+kM7AQr4zw==
Authentication-Results: rcdn-opgw-3.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=fandreas@cisco.com; dmarc=pass (p=reject dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.09,219,1716249600"; d="scan'208,217";a="24032522"
Received: from mail-mw2nam12lp2043.outbound.protection.outlook.com (HELO NAM12-MW2-obe.outbound.protection.outlook.com) ([104.47.66.43]) by rcdn-opgw-3.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Jul 2024 00:40:52 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=oQXhIYoivmDVVSUtzje3qO1Bs5qqEf1CqQLmkqElWCmqQKiUoWkDI4McHxuUvMh/EDibGhjhg4HYYyH2qQ81wreWn6VnOvqWXoIvQPA5UJWPdMvqUyh6BX0FDJEvGxS2g8GW4Zm19fmNqUqaQvctrJliSvKRrQu6TiqLv5tUUpbAPxDh0vbDMMeivb9HIG8xRvPV2QaLxBCsdw8i2imP47Yjpv8I59qhpLyodKMzHCcWwpUtvZ/9hWL5MLgwRyt8vreiKvUZKiZwHRrjhdUzxpolIYU1KW1ROTUtN8iaR+c6X3wSU0Imd8BReKTPeycAWZd4ycKNRKIzE5UlG8Ks1A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tU+8xQ5gmEELy+DnJbWISH/ZkHno6JCttHdvNCfPfM8=; b=LtVaP8Iai1ZUiLVVrvYSsiD5kg+ZbH+z9kYBOBKecAIVIIb5Upf18l+AYB5g0kd3Bv3DlJ3X2SYD6oRGq6MDuNZm6Ptwb5cfwLMTiBPc9MOMkgMcF5qOb42dTLg3UTS6BA2jQFqc1N0j+TWJlEr+MmKMdxqW2ZmwtwFBmYfvD4LnfskVbbYXpXcVSVtm2w+28U/Z972yor6OYG6uP0VLQutJ+11tUeQetBr1Ld1WB1y2gT+EsQrN9Jm5Wf/uQBKTcR+1cAdiCRzdMZTcgC5e80sUzHlkfPkurXy6Uu9PXr3/M6LMDl7+/QgeeXw4lm/TSSE1aT4It5Tgj8F7CYw4Rw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
Received: from MN2PR11MB4760.namprd11.prod.outlook.com (2603:10b6:208:266::22) by MW4PR11MB6982.namprd11.prod.outlook.com (2603:10b6:303:228::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.18; Fri, 19 Jul 2024 00:40:50 +0000
Received: from MN2PR11MB4760.namprd11.prod.outlook.com ([fe80::c0c3:62b9:7fc2:b66a]) by MN2PR11MB4760.namprd11.prod.outlook.com ([fe80::c0c3:62b9:7fc2:b66a%4]) with mapi id 15.20.7784.013; Fri, 19 Jul 2024 00:40:50 +0000
From: "Flemming Andreasen (fandreas)" <fandreas@cisco.com>
To: "wimse@ietf.org" <wimse@ietf.org>
Thread-Topic: Comments on draft-ietf-wimse-arch-01
Thread-Index: AQHa2XRNNHGqFwxhtUOel7s5QIWm5g==
Date: Fri, 19 Jul 2024 00:40:49 +0000
Message-ID: <478af17a-4993-462e-90d0-7990aaf6a957@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla Thunderbird
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR11MB4760:EE_|MW4PR11MB6982:EE_
x-ms-office365-filtering-correlation-id: 59736aaa-dc6c-4b9a-198d-08dca78b6fff
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|38070700018;
x-microsoft-antispam-message-info: y2rcbHVaj2ihvK1/oquv0t9ITlqbH1O8a+krZv1qvZbCmy+j4774otCHQFLi9sgNBzWWt+Yh6i8IOPejAsD2DLX8c1YxZOxVaFd+bnmwjjtBz57xcbeiAcc18+0ZMze+KihTFsmWCEGbMDWuxuVfWXpGtEIJjCb6Vp7r9FOyfuj6WmmNRcFByr4e6ajnnT9qRAy27vpWKqYnYoznMOX9ARsDauXCdyWe3XXC67k1a1opu+aKbJpzbzxghrfpQDc5QPM2YPYajltpZmp71KRQZD1SC5nCiif1URcMpdsSS4BhC5UXIGyVGtrU6IaO98XnjgJaVT4iHInemlJ8CWX1aYJTAzzYxzHLx+NDw7zwCizDR+14bNOhoCpPvh+Ko91WVASgsI6E/gmqmXz8b1xsPxXWCnEBAwEctzwuZljdUaQEGSjaQS1wjPRtk1bfPWZxFIrxrnEfoBYaxRkYDaV5cZJfHPGPIlT32zZ2Vg7Toz1rHNyGs6PL0a0W1IKoqw3kBOmD/FdNP2Q6hjx7LA3cmwSl6IOe+OV9WxrNmU/8GmCpxglWXWAe+YFQ7+FuTct00VtoJNfHwidH0p1qUxFG2n8ABbnDMaHYptxWoYgYH127pNMxkRvziYSsKWlVcHelenewKjM32EIIymsMl0MUB9MP4H/pDMy8UK/tDkvGJsPhtebQGyMMPhpXLtuGZGELDY2ywo50QUgGfe92qxq4fAwn+/yeSrNdlALKPI9UBpWip3JRVqQMZfog/OCrDTu0yzl8hlo+rHcNYyt25jNr5On2VjfAvTQ/h+MFEWcZJE/y6XgV9N3heagP4jYF9cCslZ9fsdl3Bt5CKcqZ67YsVJFX2/e0AhzM3Mb0CJM7/f9vealX03C8RXevc5Vyrzua+Qw8q5NEJzxs6dAr0i2h7S8BhAQFIP2CKYoId+3QKEI1enQJzWvZwBTqQs2t4Eu0MO+02m8NNa+77sW5awJnNaPUZJS2/bn2znk804WlX2xGtN8gR0e59SAz8pOTp6O43SbxJ5qmtqC5LHRnMJF5pcW4sKmzxNceXay6gMOrmjrUyWifNn3tVqebQeLHThc5jHw+0mg91DYBUjSCkgK89l8NVNksKHYizbcCBoG0q7K21/t1T85wZYSutRbrDIsTMaBokvkK2KGfRHwUuHeAYRbOcqztwdMSzj99bB9x5ATRS5QpVqkmEQ5+PNkqWTJtJm9MQw60fgK63MnffYF+yv7ROlmK87jnQIJ7S8mJAZm8+sPq3oIuQs7uzRCgWEqK1Y1NkLMJ885hjj1b8/ian0ekMx/3GvdwK6pocXexXUhBbrkQzAbgkUsItpQVlOu6GWlHh4dgAIDPY5ubJxwaGySD6k5j6B7/JmDQfgxaNmg=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN2PR11MB4760.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 131Gn50UKUB/YE+XR+Rshu4YXtY57pYqkTbH5cP5kTStsaW9r0zyCL6lhcMgMH5uCa91a2D59/3vmAyexGgtSe9KPx60XCi2w37XTPxpY4PmQQIi4yd5/WNRPGbEEYkXwqSbupphNiAenGdnbItHFh04XcM+bHBx2UUMKdV9tQTtjnPF2yMKlNdtUae2g5y1QO/XrzENql6J86BubQc/Z4LIF6c4EPL8Kpt+qNoZJpktQpl11GSCP3tFr2KJWzXw2+2vIZF43osyRCkNAio2KiLPXmSuTTNIt+WFP9mIHlKP+F6huQy6YwcYB1sSgmAezu/4NhUCMqiRazvwYdoYAEN5FptV58LjYkN/Tu7oQgszEEpj6Y0Tv4s84I003A/bkjYxnoExKuyCw3c2x0TdsYxLd6St8Zzl/hFBnwQYhYxtuShMvkmEPlKAviHZGTmpfh+sNAOI7U0LmCWF5roCzi+RwyWkl6ksO3zlQDKUlnd4DvFXPBcWV2vusBR4lqstKFUg+K9EVeZlx6q1OA8gO5H1XHenYZgdlFejVbMoY3O2n6upLrp0t3xVkVgjd9/9gOsO5dGDbm8RuI5KoFWGGsQXUnB1MRyOICfLWKj5qOQyZ76ob+9ug7guDyTGRNxMQpvDHzO8ig1iD0gcVL5bI5v2RUP9AoKg4bXv/e3tRd8jlqB86XRvy3oX1grfeOJ73A6muVuPL829IqB/lf0l1DdfZOfNW2kY67kKfaNbdIptp9MRIaQnJM6p97k02lNa2iL03NdTzmZVhCcgLG/c1pw81WxADL9qTD9QSmfa0cJjhNY16DieJqHfGzd4BAKDtK+5eMa5798OOqpact93sU/HSeODUuN7QeKG+hutjG6VuVKmJY884ZyCTBD9closmrD7Jt0GYPrJLz/B4I3CbUSDR6QQZYCilVoZEhbICKmJco5u5L20LNMRmtZqxNFgYcC7gkiv3Wt1Qm3LzVuLxnmoH1oMBklLNyhJqH3xp7dsGqNBehtoGeY+Y9zLgq9YtfG+Y+4eQimSFCAPcqbdGy8CpoI9/3rbh9I/e3M+DUu8XZeeISk0lhx382ULs4CnaoDrYdIOlIaU9nejNc4wv5UBw5HBcLncunotAbMMCzeLZ1EBWtERytj7cOQLjqJEL7osxiriwuKc1lde+EYR2gk5sRttDsj/O1/wNZv5orNw8OSleJibelD4I4FIHzWNrNjBJsjn96ECnujpixd4qr1X49f/nUVYO23nRCB7NaBmm5Q7UNSNj7wbix8HtYco5b9fWnx4FSU3bkliPFuUDZ0nLK1bWpkuqHc438OYk7FxHZhOlxeDjRjRsihqsSXvzXt9KwK0jHpp60G4vNX9Lw16+czc48ZeL6cpxI0ITbVa5fBIXNCg2+EeC1gOIbRfpvVBS8kBZFRGfdO8iznDmmcP8H46wu6YR713mz+5QogjMDhyIdXya5SgdT7x8V+zlo7h677xEnwnXecYrYnwnMdwki6kw66pNrJ79HlJRsmRGmhwkAqPFL0ACAC9IWj3vTgegqtYmkovEqU6kNQ5LfQ+Pxhkla7B5yHKRwyYPxg5Uw/YIJpk2oogLso+q2Gt
Content-Type: multipart/alternative; boundary="_000_478af17a4993462e90d07990aaf6a957ciscocom_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB4760.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 59736aaa-dc6c-4b9a-198d-08dca78b6fff
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jul 2024 00:40:50.0737 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MtYQmQOMk6RbeIKjgE9W7fvMqOqxy3KX1yjcSIiIZLi3HTX/Q4gaHToRJyv/v0T+IP3R2/qqi+Db2cQ4hEwH7Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR11MB6982
X-Outbound-SMTP-Client: 72.163.7.164, rcdn-opgw-3.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Message-ID-Hash: P3DG5MJQA7JNMJEATWKRRPT2FAEJHAWO
X-Message-ID-Hash: P3DG5MJQA7JNMJEATWKRRPT2FAEJHAWO
X-MailFrom: fandreas@cisco.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Wimse] Comments on draft-ietf-wimse-arch-01
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/wimse/Jm9epoQko7QTO8KxjzeyJuvb9KM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Owner: <mailto:wimse-owner@ietf.org>
List-Post: <mailto:wimse@ietf.org>
List-Subscribe: <mailto:wimse-join@ietf.org>
List-Unsubscribe: <mailto:wimse-leave@ietf.org>

Hi

I took a look at the latest architecture draft (draft-ietf-wimse-arch-01) and I have some comments.

Major comments:
===========
1) Definition of Workload
The current definition is "a running instance of software", which I think is overly restrictive. Most definitions I have seen allow for a lot of different form factors ranging from a single process to multiple nodes in different geographies and they also allow for workloads to consist of other workloads. From an identity point of view, I think we want to support all of these variations and in particular recognize that workloads can be made up of other workloads, and we may very well want to allow for separate identifiers for those. For example, consider a geographically redundant 3-tier web app; we may want an authenticated identifier for each process, each database, each app, and each web-server as well as the combination of all of them (the "web app"). We may also want to allow for workloads to assume the identity of another party (per OAuth) - I'm guessing this is what Section 3.2.4 (Delegation and Impersonation) is a placeholder for (?).


2) Workload Identity
I find the whole Identity notion problematic the way it's currently written and I would argue against using that term to begin with. The Identifier part is fine, but when we get into talking about attributes, context, etc. and how they are part of identity it quickly gets both confusing and inconsistent. Section 3.2.3 for example implies that all identity information is authenticated whereas Section 3.1 does not. There was a good thread on this topic ("What is an identity...." https://mailarchive.ietf.org/arch/msg/wimse/lkBh5AS63J8gXxtgHqo5X4RxN6A/) where Justin and Pieter argued for breaking it up into more distinct and better defined concepts. I am very much in favor of that too.



Minor comments:
===========
1) Section 2 - Attestation
As noted in the document, the definition needs to be updated. I would also note that the terms "task" and "separate workload" (as opposed to a "not separate workload" ?) are not well defined.

2) Section 3.1 - Workload Identity
Do we want to support IPv4 and IPv6 addresses as trust domains too, or only domain names ? Note that SPIFFE allows for IPv4 addresses in the Trust Domain (but not IPv6).

3) Section 3.2.6
It's not clear what "communication across trust boundaries" means. If this is referring to "Trust Domains", then we should use that terminology instead for consistency.


I also have some editorial comments/nit fixes, which I'll provide separately.


Cheers

-- Flemming

v2.35.0 | Report a Bug | By Email | System Status