Workload Identity in Multi System Environments
charter-ietf-wimse-01

Suggestion: provide references for `OAuth, JWT and SPIFFE` as well as `such as GraphQL, gRPC, and Kafka`.

It is unclear to me where this work will happen, in WIMSE or the other WGs ? `Engage with other relevant working groups to pinpoint and address gaps in current standards`.

Please indicate the intended status for "Securing service-to-service traffic" and token-related document(s); the other documents are clearly marked as informational.

Thank you for the revised 00-02 text.

# Internet AD comments for charter-ietf-wimse-00-01
CC @ekline

* comment syntax:
  - https://github.com/mnot/ietf-comments/blob/main/format.md

* "Handling Ballot Positions":
  - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/

## Comments

* "will also consider deliverables that use non-HTTP transport protocols..."

  "... where such work shall not include authoring changes to non-IETF
  protocols" or something?

## Nits

* perhaps "least privilege" -> "least-privilege"

This charter is taking on very complex tasks - kudos. Looking at wider deployment of Kafka and gRPC, I am wondering if we can really put them aside from the beginning and hope a wide deployment of wimse protocol. The interoperability aspects are very crucial here, as both HTTP based and non-HTTP based technologies are in the goal of this charter. Has there been a concrete gap and feasibility analysis with existing non-http based technologies in use? If, yes then perhaps it is wiser to focus on the issues (and spelled out in the charter) that would be solved by the wimse protocol, giving a better chance for wimse to get deployed. 
  
I am supporting Romans block. I also have similar comments as Romans {(3),(4),(5),(8)}, I think those should be addressed before going for external review.