Develop Use Cases

[dhs-aws]

Develop the use cases language for token exchange.

[dhs-aws]

@adeinega in slack shared the following:

I don't how this would be useful for anyone from you... but these use cases just from the top of my head... after some research

workloadA doesn't have any "incoming" token but has its own service account token and wants to obtain an access token in order to talk to workloadB

workloadA has both an "incoming" Bearer token and its own service account token and wants to obtain an access token in order to talk to workloadB

workloadA has both an "incoming" DPoP token and its own service account token and wants to obtain an access token in order to talk to workloadB

[gffletch]

We may want to consider more than just hop-to-hop protections and think about a transaction as a unit regardless of how many workloads are involved. This doesn't negate the need for hop-to-hop protections or use cases.

The use cases listed apply to transactions as well as individual messages.

[gffletch]

For the 3rd use case, we should probably consider it to cover any sender constrained token regardless of method (DPoP, HTTP Signatures, mTLS bound tokens, etc).

[dhs-aws]

Closing, as this work is now happening at https://github.com/yaroslavros/wimse-tokentranslation-requirements.