Note taker: Richard Barnes
RB: Even though you need chainability, you should consider sticking
to sender constrained tokens; just requires more signatures
Bron Gondwana (BG): If you're going to be signing things, need to
avoid replayability
RB: Where does the connection between the two domains made?
Roy Williams: Have we thought throw leakage of information between
domains?
PK: You mentioned writing down security properties. Could that
support formal analysis?
Proposal: https://github.com/CCC-Attestation/governance/issues/13
CoCo KBS https://github.com/confidential-containers/trustee
KBS protocol:
https://github.com/confidential-containers/trustee/blob/main/kbs/docs/kbs_attestation_protocol.md
RB: We can both (a) say that using JWTs in certain ways is best
current practice, and (b) build more sender-constrained stuff for
the future
Pete Resnick: BCPs, procedurally, are a mess. There are these things
called "Applicability Statements" that are neater
JR: Plan to keep architecture open while we develop protocol
[[ missed last point from George Fletcher ]]
WIMSE Architecture
Token distribution BCP
Token Exchange
Token Issuance
Securing service-to-service traffic
Atul Tulshibagwale: You had mention a "bag of tokens" thing, is that
going to be worked in this group?
Brian Campbell: Confused on the service-to-service stuff
Oliver Borchert: Do you believe service-to-service stuff would
include Zero Trust