WIMSE Workload-to-Workload Authentication
draft-ietf-wimse-s2s-protocol-07
| Document | Type |
Replaced Internet-Draft
(wimse WG)
Expired & archived
|
|
|---|---|---|---|
| Authors | Brian Campbell , Joseph A. Salowey , Arndt Schwenkschuster , Yaron Sheffer | ||
| Last updated | 2025-11-06 (Latest revision 2025-10-16) | ||
| Replaces | draft-sheffer-wimse-s2s-protocol | ||
| Replaced by | draft-ietf-wimse-workload-creds, draft-ietf-wimse-http-signature, draft-ietf-wimse-mutual-tls, draft-ietf-wimse-wpt | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | Proposed Standard | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | Dead WG Document | |
| Document shepherd | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-wimse-workload-creds, draft-ietf-wimse-wpt, draft-ietf-wimse-http-signature, draft-ietf-wimse-mutual-tls | |
| Consensus boilerplate | Yes | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
The WIMSE architecture defines authentication and authorization for software workloads in a variety of runtime environments, from the most basic ones up to complex multi-service, multi-cloud, multi- tenant deployments. This document defines the simplest, atomic unit of this architecture: the protocol between two workloads that need to verify each other's identity in order to communicate securely. The scope of this protocol is a single HTTP request-and-response pair. To address the needs of different setups, we propose two protocols, one at the application level and one that makes use of trusted TLS transport. These two protocols are compatible, in the sense that a single call chain can have some calls use one protocol and some use the other. Workload A can call Workload B with mutual TLS authentication, while the next call from Workload B to Workload C would be authenticated at the application level.
Authors
Brian Campbell
Joseph A. Salowey
Arndt Schwenkschuster
Yaron Sheffer
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)