Flesh out The Workload Identity Token section

ietf-wg-wimse / draft-ietf-wimse-s2s-protocol

WIMSE Service to Service I-D

Other

3 stars 3 forks source link

Flesh out The Workload Identity Token section #8

Closed bc-pi closed 3 months ago

bc-pi commented 3 months ago

Yaron Sheffer [8:31 AM May 30 in slack] To summarize the near term plan: Joe: security considerations and interaction with TLS Brian: ID Token and DPoP-inspired Yaron: Message Signatures

This PR is the "ID Token" part.

A preview editors' copy of this PR can be seen at http://www.sheffer.org/wimse-s2s/bc-workload-id-token/draft-sheffer-wimse-s2s-protocol.html

yaronf commented 3 months ago

Also, as discussed, please add a header definition in the following section.

yaronf commented 3 months ago

@bc-pi Can you also include the private key of the service (the one that corresponds to the public key included in the WIT) so we can extend the example, e.g. for message sigs.

bc-pi commented 3 months ago

@bc-pi Can you also include the private key of the service (the one that corresponds to the public key included in the WIT) so we can extend the example, e.g. for message sigs.

Yeah, I'll add it somewhere with those examples. In the meantime though:

{
 "kty":"OKP",
 "crv":"Ed25519",
 "x":"_amRC3YrYbHhH1RtYrL8cSmTDMhYtOUTG78cGTR5ezk",
 "d":"G4lGAYFtFq5rwyjlgSIRznIoCF7MtKDHByyUUZCqLiA"
}