[Wimse] Re: New Version Notification for draft-sheffer-wimse-s2s-protocol-00.txt

Pieter Kasselman <pieter.kasselman@microsoft.com> Mon, 08 July 2024 09:46 UTC

From: Pieter Kasselman <pieter.kasselman@microsoft.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>, "wimse@ietf.org" <wimse@ietf.org>, Arndt Schwenkschuster <arndts.ietf@gmail.com>, Brian Campbell <bcampbell@pingidentity.com>, Daniel Feldman <dfeldman.mn@gmail.com>, Joe Salowey <joe.salowey@gmail.com>, Justin Richer <jricher@mit.edu>
Thread-Topic: Re: New Version Notification for draft-sheffer-wimse-s2s-protocol-00.txt
Thread-Index: AQHazXY1uovzCa6UGkKuXQfpkguDvbHm7C7Q
Date: Mon, 08 Jul 2024 09:46:39 +0000
Message-ID: <PR3PR83MB04418064D56100D7B5A132FE91DA2@PR3PR83MB0441.EURPRD83.prod.outlook.com>
References: <172002996152.1005451.5563247643902230109@dt-datatracker-5f88556585-g8gwj> <FC6C1517-AE13-AC40-BCF5-77B77226BCE1@hxcore.ol>
In-Reply-To: <FC6C1517-AE13-AC40-BCF5-77B77226BCE1@hxcore.ol>
Accept-Language: en-IE, en-US
Content-Language: en-US
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=e9cafe54-bb34-4969-92a2-ec00a4aa73cf;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2024-07-04T18:54:08Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PR3PR83MB0441:EE_|GVXPR83MB0670:EE_
x-ms-office365-filtering-correlation-id: 0b24447e-0382-4491-7b9d-08dc9f32dd93
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|38070700018;
x-microsoft-antispam-message-info: 7jHYmyZybXdMIdn2wys0MKqEgRVcf1Az7VAH/ia3pRDi63VQUQAv4+9t54gBt8MlRqkY9Gex0LaFhGMrqYbq5id1oDigJAzArGor4AcSK57Zltcgk8/06WBN/lUAmu+hhI5znBpejLAq5z1rozZJdxdLcgjFrOXSDPRU04TAAfQJlf8cV7PuKkaQPD/Py6SblWe2YEwPiL2+/Hm1hix4jqLRu+LyF9OKiHyBHgc9mFaPHNU8HtxcRMyXO3YqVGMChGcpDr/3kpqwe3FlW8l3MBEHoOOUiCbDdOH1IMNZFnaRBF+UREbAUPtHHTzok0M75+wGcwki7EX2+8IFnHfAVtces7nWazS7wIiJfTuLiSRMJl/6Hejrb4deuytV7D3vT3iHjqR/3dXucO/2SVgUQo6xyUzAh0ReCgKmk0j2AJcoAvAugV8oPOvsLgKULljh+oS13aLDT9mnRNCf1PLB0RM9tmeqClc491NCEdJFBjCUTa9RaYk6qw6Ki2Ub5QEbNUoigLa1BXRdN98qX1swEdevRHxAsvrVl99mqEoqTPDiesa58IyfJ7VcToUdpQPjX4RTCVaiJEwOUN3pXcO1oRwK3ofmneUskGtA4i+vN26WH2I96zFhw1kJaUiNOvncfs/Fa099p0JC8Xs/aqSYF4581OZbPQ8LQ+1qSnbBAXeqCrT7NsYdWIJgSonvF0ZFzExo7zA3u14Pp6KalaUxGcFuzvzVIysNKhX7PvVewonw0ItORV6jEJqTGZw4cSg8sAh0mD+JVpDr30hSqExdX025z2qnhrG7HpwbgYi+jKGEUCS0uLX6a52SVQjDtyowovNh7Xh+jbFufWOPR4e4xzIfZhR9iKOCBp6vcd62wYKPLKYERvyLeGu4xPgSxzXHgeNVFhtekLLQICbdqvBiz6QGzJwF1dm85X7nG7bBowQ8tmsqPka6JlaC/2L6cVq0j8OujhL8pWgA3feBngq0LBFZA6hbO8Fwz99eXSIPw8fAqLMr2kyyCAHr3g45s+av7SI7uECrrv2Qanl66vH9bIKqjxYpDcPsLwdrOIIMIixLNPdD0yEuHT61mV5BC/Bz3OB9oDUCn5HnrwG3+j8HOcdQzD1WIIWr1xP6BQS/1SqbG3MwmJkJb6YK9iGTTq+db/Q1L162+xztjx/PWdXehqcO18+woy0uuhzmMF2vN7/H/sbNrktL8tAcCjSTRK9fCx+ceoT8xJQhw85Iq805uOVRCJCL5j3nhHcLXRvEJko4ySveTu+mCFKe+Mq4/HP8NfHCWMOH+XAjMmS6NL5nf+hOpHD75ds5pjngt0dHPyn4wyyUMNQJ36FS4lohP/I7tlmNiqAYduBjgBlJ6CyariemY93S7CnnZu+hb9dgrGg=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PR3PR83MB0441.EURPRD83.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 1uQKbv1Z6IamEucML8fwtDuo9n9/Z+LQtIblZETIJxrhcOnBY2Dv3T6IuO5zcFHoPE4FDf230V9jYnIlYUt6hhH+j3StEbx+2DDlqh0kBX/bXruWA5Z/jT8vy9NXxv362N7Wd6H7CRlk0+U+ObmuVjVZfVGPfeASNPDVVoMcIk7y+mgNUpAOrzeRK8X93KvhIZ/FAyS0mDoKai2P+FOdDKHEsJiMx5c2poodUv0PsVb1YmbOnnvVQOMunhBxSxWMqPW8EgHgahJ4XxaSYQED0opF112aPmlpcrT1Rv9M+Lt/GucfErY6oXtIpMh3fS5RDEwPNx1YaCurTiHU0mI+3nJSZhqOvd3bssGqFyNt6chuMPJUpqKlNkVYJxFj4V+iDy5ySRCW+TqPdOJcgbjU/5FeIAFzCylIDrGkEfDMYE5076XWjjnA4g/HRQnNR97Mk2SqtjjECsh8SJuKVT1VwtKwxIw3Iahxv5yYveWu35hXs/QYQf040iW2CGZGdh00LuMiet/NO4ZSOV4kzMVjJi3pXuVxvcVscWS/7KUnvoSCWtHjwY2VFfpRAG/G6i31QwGBlAihGcjYhZEW57/+0PXaQAvjQsyMfCm+qvVtaLnbVPGKb7YVhvNB3lP6xo/wGyjr2hh4K5Ts1Xej67BznK0BQu5VHFOh3SP8LCuB/LEU5XPWkMvfChtOgEp85u5HJ7eHOhoWXSqxMBxSGvWR3sDFlbBUaeb6xtPkcj8Tr5yaE0O1Hn/vVF5V0ToxvAunuht9Clk9XemcCUSfsVJJ+I3sPp8ZwQ0KhLprw8CknX9dyWe0Hq+FnsRxwmLIfaTXHOmTh1IZZG4kNVOEQ4gM0pAZUCrip3xAz0s7O7Ku7qSZ9RtnTYQyWPKuB2a7EPs71l/0T0UISNrK4Y0GpMS+7jBaeWleBmMWC3Lvka76T+ajTeH56ee8TjgxjxK27kY5cJbUogwadLkjyONQAbEGrYyC6hRsDxvdLNwiCDcBgIFLCIR8CNAw/7P+RwlJS8vNuQMeiBrnWfgCphhg+t9k7TT5RA/LQViSKx5ahxXFlZQlQrU884Ya2Wu2+DXWjTAKmHkFVDDQ5QJKhsgdrHI1nhG5I6fiSjyBl0NQDFjYHEc/tmcDjkQ3A4vKO7JUal7GfpXMppY1ROcuh5HhleUvx0gh6zKhQbNx3K/GRaG/4BMySC+8U3KAsXqO31iXNNAz9DLbGg6rqtCAUDUJuUk7rSvb1TCB5XlY0D7JZPtMk9HCKv2RYbWJbYCKOcpkTdecWTQYuqErDFuKC7u347qICVggN6qKwTMy+hijNA1oDpyClAfcU+fphKOwVfOfe2KA6Vqn5vTxKfNARHOcx/liNna+iCkRJMIX6pjDGLTVuXfqhhZpxIDWKV3CDj7EXJcfLDq189/p7Sixyv+ngGPeW4vZxqjihG7pYTr1DYfxSzoW07m4mvGa5D72D2lHUIb/uDKXWYKfLtr16csaLO+vPvYLTtPRFlgyj8lBX9lggZxsyTqJ273aJEsFHVGMO6So
Content-Type: multipart/alternative; boundary="_000_PR3PR83MB04418064D56100D7B5A132FE91DA2PR3PR83MB0441EURP_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PR3PR83MB0441.EURPRD83.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0b24447e-0382-4491-7b9d-08dc9f32dd93
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Jul 2024 09:46:39.3800 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jz0Licd+7xeY/BXkHttAcKXd9l3lVgDSiGDt6naNywsCSgj4zI5A8CnASD69sL+OXhJl+6LMg2NPzK8yVJ2Rl/1Ous1gXpTt06bmsTwdcbQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVXPR83MB0670
Message-ID-Hash: HI6WNMOBPE66ZEDPVJDXQ6LAM5MDZ3RT
X-Message-ID-Hash: HI6WNMOBPE66ZEDPVJDXQ6LAM5MDZ3RT
X-MailFrom: pieter.kasselman@microsoft.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Wimse] Re: New Version Notification for draft-sheffer-wimse-s2s-protocol-00.txt
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/wimse/gdBpszIWyn2Wy6O_o9HjApDkbQE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Owner: <mailto:wimse-owner@ietf.org>
List-Post: <mailto:wimse@ietf.org>
List-Subscribe: <mailto:wimse-join@ietf.org>
List-Unsubscribe: <mailto:wimse-leave@ietf.org>

Thanks Yaron, Brian, Arndt, Daniel and Joe

The chairs would like to thank the design team for all the work that has gone into preparing this draft.

We would like to encourage all working group members to review it, open GitHub issues and bring specific points for discussion to the mailing list.

We look forward to discussing this draft in Vancouver.

Pieter and Justin


From: Yaron Sheffer <yaronf.ietf@gmail.com>
Sent: Wednesday, July 3, 2024 7:24 PM
To: wimse@ietf.org; Arndt Schwenkschuster <arndts.ietf@gmail.com>; Brian Campbell <bcampbell@pingidentity.com>; Daniel Feldman <dfeldman.mn@gmail.com>; Joe Salowey <joe.salowey@gmail.com>
Subject: [Wimse] Re: New Version Notification for draft-sheffer-wimse-s2s-protocol-00.txt

Apologies for this mess. Maybe it's time for the IETF to standardize email...

This draft is the product of the service-to-service design team, and
defines the protocol between two workloads communicating over HTTP
(a.k.a. REST).

This is still an individual draft. We plan to present it to the WG in
Vancouver and ask the group to adopt it.

Comments of course are most welcome. Until the draft is adopted, it is
managed here: https://github.com/yaronf/wimse-s2s
Feel free to open PRs/issues.

Thanks,
     Yaron and the design team



On 03/07/2024, 21:06, "internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>" <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> wrote:
A new version of Internet-Draft draft-sheffer-wimse-s2s-protocol-00.txt has
been successfully submitted by Yaron Sheffer and posted to the
IETF repository.

Name:     draft-sheffer-wimse-s2s-protocol
Revision: 00
Title:    WIMSE Service to Service Authentication
Date:     2024-07-03
Group:    Individual Submission
Pages:    21
URL:      https://www.ietf.org/archive/id/draft-sheffer-wimse-s2s-protocol-00.txt
Status:   https://datatracker.ietf.org/doc/draft-sheffer-wimse-s2s-protocol/
HTML:     https://www.ietf.org/archive/id/draft-sheffer-wimse-s2s-protocol-00.html
HTMLized: https://datatracker.ietf.org/doc/html/draft-sheffer-wimse-s2s-protocol


Abstract:

   The WIMSE architecture defines authentication and authorization for
   software workloads in a variety of runtime environments, from the
   most basic ones up to complex multi-service, multi-cloud, multi-
   tenant deployments.  This document defines the simplest, atomic unit
   of this architecture: the protocol between two workloads that need to
   verify each other's identity in order to communicate securely.  The
   scope of this protocol is a single HTTP request-and-response pair.
   To address the needs of different setups, we propose two protocols,
   one at the application level and one that makes use of trusted TLS
   transport.  These two protocols are compatible, in the sense that a
   single call chain can have some calls use one protocol and some use
   the other.  Service A can call Service B with mutual TLS
   authentication, while the next call from Service B to Service C would
   be authenticated at the application level.



The IETF Secretariat

[Wimse] Re: New Version Notification for draft-sh… Yaron Sheffer
[Wimse] Fwd: New Version Notification for draft-s… Yaron Sheffer
[Wimse] Re: New Version Notification for draft-sh… Pieter Kasselman