Flesh out The Workload Identity Token section

yaronf / wimse-s2s

WIMSE Service to Service I-D

Other

1 stars 2 forks source link

Flesh out The Workload Identity Token section #8

Closed bc-pi closed 3 weeks ago

bc-pi commented 1 month ago

Yaron Sheffer [8:31 AM May 30 in slack] To summarize the near term plan: Joe: security considerations and interaction with TLS Brian: ID Token and DPoP-inspired Yaron: Message Signatures

This PR is the "ID Token" part.

A preview editors' copy of this PR can be seen at http://www.sheffer.org/wimse-s2s/bc-workload-id-token/draft-sheffer-wimse-s2s-protocol.html

yaronf commented 1 month ago

Also, as discussed, please add a header definition in the following section.

yaronf commented 1 month ago

@bc-pi Can you also include the private key of the service (the one that corresponds to the public key included in the WIT) so we can extend the example, e.g. for message sigs.

bc-pi commented 1 month ago

@bc-pi Can you also include the private key of the service (the one that corresponds to the public key included in the WIT) so we can extend the example, e.g. for message sigs.

Yeah, I'll add it somewhere with those examples. In the meantime though:

{
 "kty":"OKP",
 "crv":"Ed25519",
 "x":"_amRC3YrYbHhH1RtYrL8cSmTDMhYtOUTG78cGTR5ezk",
 "d":"G4lGAYFtFq5rwyjlgSIRznIoCF7MtKDHByyUUZCqLiA"
}