[Wimse] I-D Action: draft-ietf-wimse-workload-identity-bcp-01.txt

internet-drafts@ietf.org Mon, 08 July 2024 14:16 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: wimse@ietf.org
Delivered-To: wimse@ietfa.amsl.com
Received: from [10.244.2.22] (unknown [104.131.183.230]) by ietfa.amsl.com (Postfix) with ESMTP id E55E3C0708F0; Mon, 8 Jul 2024 07:16:35 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.17.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <172044819558.349738.12457644968418489830@dt-datatracker-5f88556585-j5r2h>
Date: Mon, 08 Jul 2024 07:16:35 -0700
Message-ID-Hash: TBPO3MNG7VCBLVH3GFYADIOAEHGUKTOJ
X-Message-ID-Hash: TBPO3MNG7VCBLVH3GFYADIOAEHGUKTOJ
X-MailFrom: internet-drafts@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: wimse@ietf.org
X-Mailman-Version: 3.3.9rc4
Reply-To: wimse@ietf.org
Subject: [Wimse] I-D Action: draft-ietf-wimse-workload-identity-bcp-01.txt
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/wimse/bY4Xu_QQFvJabB3VbDH2rnK2IeE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Owner: <mailto:wimse-owner@ietf.org>
List-Post: <mailto:wimse@ietf.org>
List-Subscribe: <mailto:wimse-join@ietf.org>
List-Unsubscribe: <mailto:wimse-leave@ietf.org>

Internet-Draft draft-ietf-wimse-workload-identity-bcp-01.txt is now available.
It is a work item of the Workload Identity in Multi System Environments
(WIMSE) WG of the IETF.

   Title:   Best Current Practice for OAuth 2.0 Client Authentication in Workload Environments
   Authors: Benedikt Hofmann
            Hannes Tschofenig
            Edoardo Giordano
            Yaroslav Rosomakho
            Arndt Schwenkschuster
   Name:    draft-ietf-wimse-workload-identity-bcp-01.txt
   Pages:   10
   Dates:   2024-07-08

Abstract:

   The use of the OAuth 2.0 framework for container orchestration
   systems poses a challenge as managing secrets, such as client_id and
   client_secret, can be complex and error-prone.  "Service account
   token volume projection", a term introduced by Kubernetes, provides a
   way of injecting JSON Web Tokens (JWTs) to workloads.

   This document describes the current best practices to avoid
   client_secret provisioning and leverage platform attestation to
   receive access tokens from an OAuth 2.0 authorization server via RFC
   7523.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-wimse-workload-identity-bcp/

There is also an HTMLized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-wimse-workload-identity-bcp-01

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-wimse-workload-identity-bcp-01

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts