Skip to main content

Workload Identity in Multi System Environments (WIMSE)

Document Type Approved BOF request
Title Workload Identity in Multi System Environments (WIMSE)
Last updated 2023-09-28
State Approved
Editor Justin Richer
Responsible leadership
Send notices to (None)

Name: Workload Identity in Multi System Environments (WIMSE)


Secure workload identity is a foundational problem in cloud environments, and the applications built on top of such systems. While technologies like SPIFFE help solve workload identities, and technologies like OAuth help solve access rights, there are many open questions about where the overlaps and gaps are in this space. Identity for workloads, software stacks, transactions, users, authorities, and other entities can all have a part to play in determining the rights associated with a request and its response.

A presentation during IETF117 on proposed interest areas was made to DISPATCH: Several informal group conversations were held during the week.

An initial set of use cases has been published as an I-D.

Required Details

Information for IAB/IESG

To allow evaluation of your proposal, please include the following items:

  • Any protocols or practices that already exist in this space:
  • SPIFFE open standard from CNCF
  • Which (if any) modifications to existing protocols or practices are required:
  • likely additions to token formats (like JWT/CWT) and handling to account for workloads and crossing domain boundaries
  • Which (if any) entirely new protocols or practices are required:
  • potential new formats and protocols for carrying multi-domain information
  • Open source projects (if any) implementing this work:
  • SPIRE open source implementation of SPIFFE