Re: [Wimse] Roman Danyliw's Block on charter-ietf-wimse-00-01: (with BLOCK and COMMENT)
Roman Danyliw <rdd@cert.org> Wed, 21 February 2024 22:01 UTC
Return-Path: <rdd@cert.org>
X-Original-To: wimse@ietfa.amsl.com
Delivered-To: wimse@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C908C14F700; Wed, 21 Feb 2024 14:01:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MWT-KiCRKGR3; Wed, 21 Feb 2024 14:01:40 -0800 (PST)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0074.outbound.protection.office365.us [23.103.208.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED189C14F6E3; Wed, 21 Feb 2024 14:01:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=nkqiedMKBZXSqkC7c6FcU4P+lT7SbNQnhKw8Yu6eSkAdkfjXONVLd7RzYBhPa5eu+Ix/wfb9n3Trmo3P2V98P59W3/rtMkUlkx3uX1eaIHjin+ZQPE6CwGe5RaFnqAgwhFfeqUMl0mPHmkD7TtgMYzA0W/17sNvUz4ZE6AlF3Ak4ZVhBIo8WJQnJrI1WWieuTQocHLFrvlOJhLka92d77LRJyxFgE2NNy6jUCCr+0QKH6tnjZfZdYpfuosAkJc8ricxy4vvxGvHyNO6cgZozNYED1+WnT1tNLhUpWKjen6AMTcu/EKj5PCrtfmzZhLpqqD4Z7GlFZsPmv07BcTXwpA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+LTFkToE98ULdHTQyuKLuLdOuJtaLPOJV7IevQcbwLE=; b=aG00a4L7DUD2fgqVcsqwoyxxIXTkNudxQe9+e2W0zSytW9F0YOucmfuztDmFORpN+Z5B/FAtypfdBJnXLg6g2yp0yLUN10UO5EB3JBhnY/UmZWIZLUK92ywAJHDQJb3ZVqk+V/9Y0/6XJnZpsX7jD7NYt+dKTczugxKZmMPW77KtlNMLPq/FmhDyxuU9ek/8zq3N7/jDo7ov5GnHSSDxL3Mx7xyVDF+D5BFaHk/WsnfVaUeQi/aw376Q/zLjhVhH1o5/8oiFdkIji1g3nSwy0powWSuwew2uRnOLKl9cdS2uml4JYBOVPrs9NemWAoCRePgy+7UV2yVEMIvhv5pLsg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+LTFkToE98ULdHTQyuKLuLdOuJtaLPOJV7IevQcbwLE=; b=fUHGlCHXjfvbSdtfxk56rdmcDd9E+MwAliQ8fx98D/oef40PSEcTj79bvwDCIhLFYpQbAfqvXgz0VIXCzek6PdlO3Lkl3c/yImws9vrjawxTBxODVx4JUa+feVwbg4ez+w6DEaIEWoWX9TTbI+L5M3ygF8RFjtAwgs42UA/6wZ0=
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:168::11) by BN2P110MB1590.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:178::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.50; Wed, 21 Feb 2024 22:01:36 +0000
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::364:96fe:e2d6:b29f]) by BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::364:96fe:e2d6:b29f%4]) with mapi id 15.20.7249.051; Wed, 21 Feb 2024 22:01:36 +0000
From: Roman Danyliw <rdd@cert.org>
To: Joseph Salowey <joe@salowey.net>, Justin Richer <jricher@mit.edu>
CC: The IESG <iesg@ietf.org>, "wimse-chairs@ietf.org" <wimse-chairs@ietf.org>, "wimse@ietf.org" <wimse@ietf.org>
Thread-Topic: [Wimse] Roman Danyliw's Block on charter-ietf-wimse-00-01: (with BLOCK and COMMENT)
Thread-Index: AQHaX7dhmIIG1egOB0GGdc0RSPdciLELhvcAgAA7TACACZ8s4A==
Date: Wed, 21 Feb 2024 22:01:36 +0000
Message-ID: <BN2P110MB11074771F0E180B8C4E793A5DC57A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
References: <170796440810.15762.11962441526391591981@ietfa.amsl.com> <93FC7571-794F-4254-9C8A-65404CCDFE90@mit.edu> <CAOgPGoD3fgjVc0VsRn4yEwvjzYuwHAkCg2ki3hgi+GU02Ha3xQ@mail.gmail.com>
In-Reply-To: <CAOgPGoD3fgjVc0VsRn4yEwvjzYuwHAkCg2ki3hgi+GU02Ha3xQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN2P110MB1107:EE_|BN2P110MB1590:EE_
x-ms-office365-filtering-correlation-id: ba3ef220-8266-4d3a-dd58-08dc3328ac7f
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 1YldefTRxlzSq7y2Al7cEPVh9c2451KaoK4PohF1MDcLbeKw6gaKpVY2q3ho5Q/afNp/DFtTaizILoWifBSDEE7wjAgN6SotvOzPUhADYQV3IuEeHWAiyjMci7aN8Ki8iyQbpo+wZCcR+63HGUvHbXs418Jz7q0nIc9A5DNm/LLpddhwC+GTRZJWXTKhK1fpUctBNSNc6s3p9ClckV8WloOPGr9I309DqHBXfy47U/d2cS3dNWV5TvQ/CdyrwBLkcP01DGkF/UezKKFfR8kkJQ7ZzznMiphuh0L8DmLmEW0RMIzjgX/zK75MjT2qO3rcGxT0CZu4sQPWTw/VwrQf1RUexGv180LX1QxYNJ2BOl+QTBW9MAgYmfjjvDPd1ZOGr/Drx3WTUOIx15X6VJaoFfp7QCCxhpvM1RuvD3bIqDAoFqRthKuaWJuOs/qyVTnSqbvf2F1YpUPksQRt1Axw37ERe3IgkJmlOEVtYCMiYpUiqg12ybbSJVaPC8FyY9AsL6bHSIsWv3JDv2ckw82ZdyupY7U6/o1uMhjq+EsdJ+4sZQZHWMVUCVB/5JcxT//Z6IRq29Jng6x3tt6MMCg9IBDahx+oUpKUPT2a+G0yaEA=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(230273577357003)(38070700009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 7+C24EPDKUWE1Dky0gF0P7fMcS2mRg0XCYIsGnobUapEVbJlnyFr6wNB06J+5v2gId1Hbe2by0mTdKlKYQKIDLLSZ33QTvlaD7agHryQrfnfrUXxlXoeMWwFCn4Qxia0vs5L3nAW5CFMUD0PsbHBFyJkCoajcwT53Zzj7QV7pI3RQJoG1sDXhrNwj9JqaX5/h9CD/YwjqKsp5nAAmuGuvtqfBi9E4d1BI8xMNM5YCEpkOh27P9HZpx6zZRxZZAuk9DenB0pJj9N0ybqli9CVKzYkLkeUO9WY/zj1s2Yml9ObeJDioKLqMM0NauYTleVtk7HrgyEkaTwZzu0pNKpXZd9mV9OY9isRHWYUfne8V4ha8F5clP6IFkHRwoaadrBANUbm1Ud0ToEmsm6/tNEc1oX8levq/PwKKvTn5iZbMQTHGWSxUneKo+nAzhLuFS0CCHvZo6CeidRo9G5X+4e2RYoJpXFtiHLckWevBJpqlyGsWuOKUJsJgQBfC0jz2VKpgjay1+GkGUKI4m2UAy2iV3bT/4ymBmueBVshoifFi+3kW8yj6cDWE9ZomM1WJrk8kkfU/L4L+S53G/kIdxT3+WH7l7DsaFd9EL11f5J/X+4FDTtYhpW6Rq3qCEISQg5Tr6p0NsYssTC3gUvI5Mi63wyZX/KrdiddgEMl3AMHZ+QSuAlcpR10jA4+qQqpBp0cwmZJgCvvTbz1kn20Q73ydeZxeIFuOzBwnhHJ6zNPYxHmMTKNvlKiVGdsF7NHiptAna3ZIXF49QMPJlUl0+RmQ05Y1QAE6mUR5mg3ODQGbFUMQRVUlRHcKssAX6aN1n1Mm1GCCXTxyIxZKLvNhZl+sU/igILtXDYwSBixFuvxcVEiB7UrJQSHqetTAsPhUDAPmY//aeQSRKlV4p5UCMyf8B34ubcBgjYPwRZ1h2Z69u4hCnuEw+N12d7hwxOTKZV5/2kQ7I6vdxMgx/LMULzhKlVH+rGPrQUClFKRRtm5gojjb07EcGje7C3def6i9ktAGQAZn/gS/V5b8hBrc6byRNlwBtuoiqt8mYBhL12vHDHqYWMkNPXbX9j0ksDcuLEnehCupTY9QKRAlDZVNsveVwaSjSC+KPzSLxvdEMlJdfrJyLE+VQta977hAOE/IEshwM0OjOcW/lDFiFpyj2yRdzgaPK1qcUs1+PlUqPcqaCtF15JBm3ZfesPX1Mn8xV4RbtYaAv3hYyVEEPPWBpjsivJateBPUoalLoCYRFqwgBIK5Ez6LuYkZKpCJ5cC0A+UTo0hF43RWmjcRpAodZyzCC04vqvybYv8Kgxcumo0gYaAN9W4AQbCW6ACGAA2f23ty4WJaQAS0kOKtXH1P3Eh3N7icu64t4nofkkIQApWqR9loWG1K6AcaSZ19MEQlZszLZWi2Uhkhutt4+EF+boYnmG2mH/xLiu3i1Ko/T1/2+lFQ6c/S+uAxNo5r89ElmI7a4VC7Km+5neXM2TUaSlNTySHd2DjDvowqb/V417c9M0=
Content-Type: multipart/alternative; boundary="_000_BN2P110MB11074771F0E180B8C4E793A5DC57ABN2P110MB1107NAMP_"
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: ba3ef220-8266-4d3a-dd58-08dc3328ac7f
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Feb 2024 22:01:36.5482 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN2P110MB1590
Archived-At: <https://mailarchive.ietf.org/arch/msg/wimse/P_cZUKnm7OwlgO06J6kjeG5RgrE>
Subject: Re: [Wimse] Roman Danyliw's Block on charter-ietf-wimse-00-01: (with BLOCK and COMMENT)
X-BeenThere: wimse@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wimse>, <mailto:wimse-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse/>
List-Post: <mailto:wimse@ietf.org>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wimse>, <mailto:wimse-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Feb 2024 22:01:44 -0000
Hi Joe! From: Joseph Salowey <joe@salowey.net> Sent: Thursday, February 15, 2024 1:58 PM To: Justin Richer <jricher@mit.edu> Cc: Roman Danyliw <rdd@cert.org>; The IESG <iesg@ietf.org>; wimse-chairs@ietf.org; wimse@ietf.org Subject: Re: [Wimse] Roman Danyliw's Block on charter-ietf-wimse-00-01: (with BLOCK and COMMENT) Warning: External Sender - do not click links or open attachments unless you recognize the sender and know the content is safe. On Thu, Feb 15, 2024 at 7:25 AM Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu>> wrote: Hi Roman, thanks for the review of the charter. Responses inline below — and to be clear, these represent my own interpretations of discussions, and I would welcome others on the list to chime in. — Justin On Feb 14, 2024, at 9:33 PM, Roman Danyliw via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote: Roman Danyliw has entered the following ballot position for charter-ietf-wimse-00-01: Block When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/charter-ietf-wimse/ ---------------------------------------------------------------------- BLOCK: ---------------------------------------------------------------------- ** The text in the goals section appears to be extremely open ended. How will the WG know it is done? Is it possible to describe to describe a narrower initial tranche of work and recharter later? Is the intent to have a long standing WG? More specific are in the comments. ** If “non-HTTP transport protocols that are found in workload deployments, such as GraphQL, gRPC, and Kafka” is in scope, can the deliverables please be described. The expectation is that this would be a long standing working group that’s specifically focused on the technology area in question. Workloads present a reasonably broad technology area that’s applicable to a very large community (e.g., companies that have service-based architectures and large scales), and therefore the intent is to charter a working group to bring together the expertise to work on problems in this area. From all of our initial conversations, it’s clear that there is a wide need for work in this space for solutions that account for the specific concerns that workloads bring to the table. Since this is a massive space, with a lot of interest and investment right now, we also realized the need to have a solid place to start. For that, we have defined a set of deliverables that the group believes are immediately tractable and useful to the community, and the goals/scope section remains a broader guideline for what any future rechartering or additional deliverables would be. As such, we wrote the charter with three main points: - The overall area that the charter focuses on (workloads) with walls of what we don’t focus on - A list of immediate concrete deliverables - A set of filters for how to consider new work in the group, either as a new deliverable or a larger recharter discussion With this setup, I believe that the working group ends when there are no active deliverables and no more inputs to the group that fit through this filter. The chairs will need to ardently apply such a filter to all proposed work to prevent this from becoming a dumping ground for "neat ideas" that have little to do with workloads and their surrounding technologies. The proposers are keenly aware of the tendency for long-running groups to grow well beyond their original agreement, and the bounds here are intended to prevent exactly that behavior. It would need to be enforced, of course, but we felt it was important for the charter to acknowledge both the wide space and the intent for addressing specific problems. So while the group isn’t being chartered to, for instance, write a specific protocol named WIMSE, I do believe in the intent to limit the scope to tractable items within a specific space, even though we anticipate there being more items to come as the group continues. This is why we have the text calling out both HTTP and alternatives - the initial deliverables will be around HTTP based protocols and systems (where applicable), but we already know walking into this that the world of workloads doesn’t just run on HTTP. Even HTTP-based solutions are going to need to consider carefully what parts of HTTP they rely on. While we don’t expect to necessarily create a single solution that works across all delivery mechanisms, we also don’t want the WG to focus solely on HTTP in the long run. If there are better ways to communicate this intent, both the limitations of scope and the long vision, I know we’d appreciate guidance in doing so. [Joe] To add to what Justin has said, we feel there is a need for a long standing working group to address this area, that being said we have a list of concrete deliverables that we want to address first. The goals are intended as guidelines for rechartering to add items outside the current scope of deliverables. With respect to “other protocols” the intent of the working group is for the solutions to be applicable across the range of protocols in use. We will be successful if the mechanisms and constructions we develop are as ubiquitous as the current usage of JWT tokens across multiple protocols. This may require specific adaptations to meet the needs of certain protocols like how entities are identified and named or of how information is propagated from one system to another across different protocols at different times. [Roman] Thanks for the explanation. What I’m trying to understand is why scope beyond the already known deliverables needs to approved now, rather than restricting the scope to the known work items now and rechartering when those follow-on deliverables are known. Per our call, I’ve sent a proposal on how to meet this intent. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- (3) Per the goal of “Identify and Advocate for Gap-filling Work: Engage with other relevant working groups to pinpoint and address gaps in current standards. This will involve thorough collaboration, ensuring that emerging standards are consistent, holistic, and interoperable.” Does this bullet imply new standardization activity? What is the deliverable for "advocacy of gap-filling work"? The deliverable is engagement with other groups, and if that turns into a deliverable within that group then that’s great. Since we see WIMSE as a place to gather workload expertise, problems, and solution spaces, we think it’s important that this expertise be ready and willing to engage with other groups. We think of this as similar to a DISPATCH outcome — if someone brings work into this group that’s a better fit elsewhere, we’re saying that WIMSE will proactively seek and engage the "elsewhere". (4) Per “Engage with other relevant working groups to pinpoint and address gaps in current standards”, if this is in scope, what are the relevant WG and the gaps? As the initial deliverables are currently described, no existing IETF WG appears to be built upon beyond JOSE and HTTP. I observe that the charter says to coordinate with OAuth, SCIM and RATS. What gaps in what standards of those WG is WIMSE focused on? Token delivery and formats today are largely based on OAuth work, and some current OAuth drafts (like transaction tokens) are directly related to WIMSE’s goals and environments. I would personally argue that if WIMSE had been chartered at the time, the transaction token draft would belong in WIMSE and not in OAuth. I believe "SCIM" might actually be a typo where we meant to say "SCITT", and with that and RATS you can start to address the foundational software, device, and system identities that workload identities can be built on — and in fact are built on today in running systems. But those spaces don’t get at the runtime context that WIMSE seeks to address, and likewise WIMSE does not seek to address supply chain or platform attestation. [Joe] Yes I think SCIM should have been SCITT. (5) Per the goal of “Initiate and develop new standards that provide the needed functionality and ensure their widespread adoption to address propagating, representing, and processing of workload identity”: ** what will the WG do to “ensure … widespread adoption”? What’s the deliverable? We make good standards and engage the relevant communities, like any other WG would try to do. :) I admit that it’s a bit grandiose to say we can ensure it, but we certainly can try. [Joe] More concretely it's keeping the needs of the workload environment and problems space in mind, which includes developing solutions that are adaptable to other protocols and that integrate with the security requirements and mechanisms deployed in these environments. [Roman] Thanks for the explanation. If the bar is “good standards” then I’m not sure this text is needed. I think we all aspire for that outcome for all RFCs. ** what is “processing of workload identity”? I’ll say we struggled on capturing this at the right level for the charter — we are talking about situations like "what happens when a workload receives an identity from another workload?" The major space here is authorization, but we (1) believe that there are other functions beyond authorization, like call chain verification, and (2) we do not want the WG to focus on authorization technologies themselves. So, while this group would consider an application of, say, a cryptographic graph processing runtime provenance, it would not adopt a policy language or authorization rules system as an item. [Joe] Processing would also include proof of possession or binding to identity where required. [Roman] Consider if you can explicitly enumerate the security properties the solution needs to engineer for. Regards, Roman
- [Wimse] Roman Danyliw's Block on charter-ietf-wim… Roman Danyliw via Datatracker
- Re: [Wimse] Roman Danyliw's Block on charter-ietf… Justin Richer
- Re: [Wimse] Roman Danyliw's Block on charter-ietf… Joseph Salowey
- Re: [Wimse] Roman Danyliw's Block on charter-ietf… Pieter Kasselman
- Re: [Wimse] Roman Danyliw's Block on charter-ietf… Saxe, Dean
- Re: [Wimse] Roman Danyliw's Block on charter-ietf… Roman Danyliw
- Re: [Wimse] Roman Danyliw's Block on charter-ietf… Roman Danyliw
- Re: [Wimse] Roman Danyliw's Block on charter-ietf… Roman Danyliw