[Wimse] Re: WIMSE Design Team update: securing service to service traffic

Pieter Kasselman <pieter.kasselman@microsoft.com> Mon, 10 June 2024 12:10 UTC

Return-Path: <pieter.kasselman@microsoft.com>
X-Original-To: wimse@ietfa.amsl.com
Delivered-To: wimse@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 802DAC14F69E for <wimse@ietfa.amsl.com>; Mon, 10 Jun 2024 05:10:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 59NmbL8ThBiz for <wimse@ietfa.amsl.com>; Mon, 10 Jun 2024 05:10:09 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2115.outbound.protection.outlook.com [40.107.20.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A46F6C14F686 for <wimse@ietf.org>; Mon, 10 Jun 2024 05:10:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IeUAnvTtUlq7PeKhhNrgK8MMTG726+X0ohCweVkbAJ4gY4zP+cjS0KCX44IGIiVKjeHjcJMKMqN+K2vWBpgpYzLD3cTGYU4SBEsNQWzEqp7zlhwEFqyZvMLba/IRzJDkBC8Ct5BA5aqNtEC4YhqyVSv44reshJm1I7kxHcE7ftCszVJh9wIMWgOuwKq/T2UiQoPPmiXvFlTc/woHnWXL42Pot/b9VrQyVFYVOvaFE98QApziBwOEE6+VUbwmx3ONZXb4oL1GJW4j7vdZPDajFwsXxdLN7Qr5FJ851xbJiQlgwxxB7grELkFTuBxmzdqTdK/zUwtuyXQiLw0vDelu9A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=V3AhtoxgTe9p/qtQzfCFq5KTB/AUiz63Ad1D4qg6Llg=; b=QGsY03xfk0pRVSIFlo3R//ZGVdsUy1neR+AWrhh1+yCRlFEQ8oyUG05X0GzFpRqCHEqIPJwHQuQCb9SENTLVnHEmvuYdm0wRxPnXXqutHhEdVy4LvPsb8araqRdaNwffSN5HV0iJ8K9FCzw1VUlXV3A7Dotg5popfFn0tZaMIZAC/FDZd3DeiiDCAXZIGKdG3SKB1RYs/Nls53H3LMUngh94mDlPMvhhsSJUyhIrwXD2wczml0gx7bt6rgOOSsV1g/t63Y4qtshrRI9gJS6vyVmy0IEPCrYAYvtbRrfZ7rFjnD8M8FbCDip5eaGPd68XXpM8wCKvcTxsrmCk76jK6g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=V3AhtoxgTe9p/qtQzfCFq5KTB/AUiz63Ad1D4qg6Llg=; b=JAMyWMIcCjeg5AuyG9DbisCjHOGkyPD82/hUpnS5SUf14geVa5HXBM6KUTVO9OVoCIbQIScXbkmyG32myIHj7gqC+0jQcCZO/ql6vndbw21ABHNTKLLa7W+U1AcHDqskxWjIVWNyw3E2U0kV11uz4zVlcf0cQkowJyajeaEokAs=
Received: from DBAPR83MB0437.EURPRD83.prod.outlook.com (2603:10a6:10:19e::6) by PA6PR83MB0578.EURPRD83.prod.outlook.com (2603:10a6:102:3d7::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.17; Mon, 10 Jun 2024 12:10:05 +0000
Received: from DBAPR83MB0437.EURPRD83.prod.outlook.com ([fe80::9ee1:305:cfd7:dded]) by DBAPR83MB0437.EURPRD83.prod.outlook.com ([fe80::9ee1:305:cfd7:dded%5]) with mapi id 15.20.7677.014; Mon, 10 Jun 2024 12:10:05 +0000
From: Pieter Kasselman <pieter.kasselman@microsoft.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>, "wimse@ietf.org" <wimse@ietf.org>
Thread-Topic: WIMSE Design Team update: securing service to service traffic
Thread-Index: AQHauyMER9+KzdNQX0umdw7kjkAeT7HA4nPg
Date: Mon, 10 Jun 2024 12:10:05 +0000
Message-ID: <DBAPR83MB0437A492509BE75732B2372E91C62@DBAPR83MB0437.EURPRD83.prod.outlook.com>
References: <3FFB92F6-EB2E-6240-93F1-884F0354B02C@hxcore.ol>
In-Reply-To: <3FFB92F6-EB2E-6240-93F1-884F0354B02C@hxcore.ol>
Accept-Language: en-IE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=e573934e-a5eb-4636-b8b2-97546769bb46;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2024-06-10T11:50:17Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DBAPR83MB0437:EE_|PA6PR83MB0578:EE_
x-ms-office365-filtering-correlation-id: a18e9ff3-9505-4af4-cbd3-08dc894643d2
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230031|1800799015|376005|366007|38070700009;
x-microsoft-antispam-message-info: APupNV5ZpTZvK4b5Vax4hzlKGbTzVwDgIkxiWInoK5XtdIfKcWOKk8Am+1eTDlFqCk4QFw1OfK9R9AMNMhqKxMcVdRf2Qwd5WKFT9QUhAuFTQHAuW7rhLiASztmetDkgQQbTPK8N8+KlDA42uy1zXZGkIwB3RJjfx+ivdV0ls6CIC6PmKvA153LlDZ2YPtdr2WMJVMIQ0M6RwAqTMTFoAJuBjtfZ4agxx+S1AgLu3ko3Rys2zw02gEIdON1ueRXHGTu66zbs36eMhcGhsmCtUeml0iVIEP9XGP4UpI8MnOS+jXAvbcUjdP4c838PdNuYgJO5Og/NtB32OBiZVlIth+MT2Ev8rh6iaATVf0SXk/STffN+LcVZ6b1xXZlNLd6fqLRp0Gw1g+uNeW3IUUnwQHu6WwXRcBiSd6UrsyQPRp1ZznstLf6elbyyBELc/uFWxUzAeND+gjFY7nKCv+7tUtsDcpnJuVBaEIXJM7trQLjxWrElDNojdz8Metaj8ZqtdE0mkFsZeqFBFZMz7+oHqnCPyseUD8C8pBHcqSRKaTBxezuBA+L99suFVRWw6FUD6EYjBn8XfRasqHGSEF6jP/2DbPSdKi3cgBNEXLSb/XVD4wK1TlkjZ1HnjQ9AAs4gyglPNp8IMOvJfOrWztAKcEfD6IpWrfO/ZmY/aYvlSzQZaSQ1wOhyA1hNSef8KEruSzvGxxPlbvsiRYP1JfFUAPr4oJZeTO+cBoLFknAYG3MibXy2D9zvQTBy2iENhx7LPkEQOA0+J5bjZnU5l7oNRCTvXVFxTHoa/GUxSCZgWteId3Iavamoyce/7eQ7LB52qlrSXK3BqAy8t2Wyr6t5ISvONl7eHMlKgWKRsNFIk1+SaGibgO8GBLOyi46NjqcWLFV3z8vZwEGgzPUbl5PeGlaZTjvwhD/q2xH3XR7mJKMuMJozIoxYQX0NrN4/YmprSTCzdzR6FAZaK+oxibqt2fUp6qDIwgGMmN173h5l91f97YukPSFA2G24FlxciZwh2uE/P7s7yvR3kKTe/jXmq64vKsPm2CcYU5PxvYYHO+HdQnL6cuwDntFoZGfOndXFwUGWs9VHwU9mQUlCZpDWIo+KvDyunxSwKXul70cpIJhsNgwLjSqbCQSgl/Dshd9WEyPS9zRWDPpiuW2tp+tQB+xtws4M2ZuFFgJ3E+kV8QNd9qM4o3F7d95pLIhniO2dgYikSAiaxXX9E1qQ+TXUMB32Sw324zPg1fc98XqL9ceciMiudhKtieSiN3qOJI9SFav3ImHEZukvp2QzChk+usRRFfz7A99ArqikyWB2BkKOKg3LqSPk24rQwr6nKdtjRWozbQSdYOrnvfEvUZCXZ1fova2YkO5ncIF7bNfySTc=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DBAPR83MB0437.EURPRD83.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(1800799015)(376005)(366007)(38070700009);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: U7PfvJT2LIuq4BJNPQ939qUjqsKBT0Ta6NAPCjT9riCZOjdAIJ5FnONVocPiMye/35y779MUNYl4eNec61Sv7sYVmw4km1Mx8vUd+UbmD8eo4jlNQxgokhXEh8r0Y3LeV8wBhTnGL1Zb3ntqrwY9faKzcslzs5dP+QLW6YVCj1NkkkZyr59Adu4XyyjMsD5fWyzat5mbqRomBol73ZAV2xDjrjsdEQSH/jSy320Vlr2bbhqebGOfriY3z+TFwcQkHRhTq261QplwQ8zS19W9J8tm9HOgd7dgpAodFDB01VNyIqyBTVlxcjVbbHRWRPzmW1qq6acQ5VlcG62s12HCOjr6GpAVInT8Egn4dkHvPeNLW4vIRHR/Klt1SrJGON8ZK5XU+vKupEEKVgzrmmnS6OO6i70IKJN7O3UMxkyWR87KXPV+YaEEEfv6SRMPNzafIjQWs60QN7BEvqehXYVQYq17m4X5ObGl5kFbs4PvIpHcxfJpiJ2kTWka6Vo+VNOfyx6K5ZNlH7EX63SzO1I2F+jMYdwYM3NcXG7psEOo5g05uquHrTfddYdS+3MPRdFFpx9PormNfQSppOSoZTNHnHY/nSaLEHV/kl89VDAge7YmYO7HUUywbaadpk8MEnrPxZPlokuQX1cAfIgb+zUCOi2I5POYHV8GfuIcPGMEUBmCiPtUtC6VnkvcH/56jGMh033a9BuBgY0RVFC+b8aJGyVH1RE7sjDvKg7sqLSJ/a5wsRjvElTbGabQN7IFntOxL50gsMwxpSy27lh7ep8oktKMD5FHixpq0yqZUMYguaCIMyxynM6wm/pUwEG09VRxtLbAQUc9H34TFb98Y0hM3AuRKEGPzCJ707tNS4qjnKS3+9VZr0yWicove/8eqZTgjbosX8G5Q5pOeu+2r7GsY/NmpDd9LQGKTy/9D4MaY4sVNAVdpQSxnMMy25G7IsquWxw7HmoEyrZw1gQD7WEGvKSrmrPbQYpuxdntGxv1xUz4V7GEeg+X7QVL42v4Egb3UhKddFD6MSfLwTkblaxxlvJfONydlYbrDY8ch3mSbXvVgwVZM0bYmMow8Qa4m/E/SQHH9EM5OX5joCWatNKtRHRjljge1cqmxinuwbIzRVrKpTcHD1NJ0lKJPfqhQD4WQGAnAs7vrWa0uVXRNiLv1dmMRDLGJKqJEY4yOXi8Pk/nliGdM2ae2IJK5CYLOqOVwcwD2goy6aSN+8TP09q++Jrg76AmKd8OfWG7kdhmaQKZx46tQ7N1hmHUNM5D0k6WEuuRy8nlfX50Ll7KcrcQgCQgZaPeS9X0lkGZTfpudlXJJ6eU04yGbK4DPCkogUmAr5B0vNlqGsBmYTe2HjqMiINlHd2idOtBSmAQE0QmLyMB67SC1zAR/2ADUMPj669EKl37trD/eXILzCW7+inf5SaZWIOhPB27XnKIMqCSowITxO0Ajw9lO8WHl4eUpHrSDzlW0o1awjO++19M+RP47giPsMjdXw4KxIymXelNTy7GSlPsGde0V3chjh+giASI
Content-Type: multipart/alternative; boundary="_000_DBAPR83MB0437A492509BE75732B2372E91C62DBAPR83MB0437EURP_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DBAPR83MB0437.EURPRD83.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a18e9ff3-9505-4af4-cbd3-08dc894643d2
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jun 2024 12:10:05.7951 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: e009b3jlf3fGMJ5HOjbRg2Zy9C9ihI9OwZtj3F3t7BzGd697+WkKaC9BP3f/M69iziiIU6t5Dw3qNqhwAOp22AKN7fGOIm+KF89AWH2ELQQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA6PR83MB0578
Message-ID-Hash: DWMLM4DFUO664QHEXCPXFPMVROGN2GF3
X-Message-ID-Hash: DWMLM4DFUO664QHEXCPXFPMVROGN2GF3
X-MailFrom: pieter.kasselman@microsoft.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Wimse] Re: WIMSE Design Team update: securing service to service traffic
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/wimse/gUgk0TpOW5DH0PCSF27MU-4a7Cc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Owner: <mailto:wimse-owner@ietf.org>
List-Post: <mailto:wimse@ietf.org>
List-Subscribe: <mailto:wimse-join@ietf.org>
List-Unsubscribe: <mailto:wimse-leave@ietf.org>

Thanks Yaron, Brian, Joe, Daniel and Arndt for participating in the design team, and special thanks to Yaron for agreeing to lead the design team.

We look forward to seeing the draft evolve into a -00 draft by the IETF 120 deadline (8 July 2024) and encourage working group members to open issues, comment on PRs or create additional PRs while the design team finish preparing the -00 draft.

With many thanks

Pieter

From: Yaron Sheffer <yaronf.ietf@gmail.com>
Sent: Monday, June 10, 2024 11:43 AM
To: wimse@ietf.org
Subject: [Wimse] WIMSE Design Team update: securing service to service traffic

Dear WIMSE WG members,

The design team has been meeting regularly and we're moving towards consensus. We don't have a draft yet, instead we have an initial document outline and a bunch of pull requests that together cover most of the document. The repo is public and available at [1]. We plan to bring all these threads together and publish a -00 draft by the IETF 120 deadline, July 8. In the meantime, feel free to open issues, make comments on existing PRs or even open new PRs.

Thanks,
                Yaron, on behalf of Brian, Joe, Daniel and Arndt


[1] https://github.com/yaronf/wimse-s2s