Notes from Meeting #4

38 views
Skip to first unread message

Jessup, Andrew (PM, Cloudless Trust Fabric)

unread,
Jun 3, 2020, 6:05:43 PM6/3/20
to [WG] Transitive Identity
Hi Everyone,

Thanks to those who were able to join today. While we don't, unfortunately, have a recording, you can all find the slides from today's presentation here, where we reviewed WS-Trust STS, oAuth 2.0 Token Exchange, Istio RCTokens, Google Macaroons, and (briefly) Biscuits.

Here too are my key takeaways from the conversation:
  • Given that SPIFFE is designed for highly distributed systems (deep call chains, multiple trust domains, lots of fan-in and fan-out) - it's highly desirable from the standpoint of performance and availability to ensure the ability to propagate any identity, appending context as necessary, can be done without needing to perform callbacks to a central authority (like a SPIRE server).

  • Ed Warnicke shared some early thinking about JWT-SVIDs (also slides) that can be validated offline by encapsulating the trust chain (also shared with SIG-Spec). 

  • Before proposing a design document, we should share and as best we can align on a set of requirements first. Accordingly, I'm going to update the WG schedule to include this.
The schedule now stands as:
  • July 10 - Share initial requirements document 
  • July 29 - Distribute initial proposal document

  • 11am PST August 5 - First proposal in-person review session

  • 11am PST August 19 - Second proposal in-person review session

  • Sept 2 - Present WG recommendations to SPIFFE SIG-Spec

Assuming that structure works, I'll start sending calendar invites to this group so folks can join the calls. I'll try and get the Zoom links right this time 🙂

Ken Adler

unread,
Jun 3, 2020, 7:25:39 PM6/3/20
to Jessup, Andrew (PM, Cloudless Trust Fabric), [WG] Transitive Identity
Thanks for the summary...

--
To unsubscribe from this group and stop receiving emails from it, send an email to transitive-identi...@spiffe.io.
--
Ken Adler
InfoSec SME, DPS
ThoughtWorks

Evan Gilman

unread,
Jun 3, 2020, 9:15:00 PM6/3/20
to Jessup, Andrew (PM, Cloudless Trust Fabric), [WG] Transitive Identity
This is awesome, thank you Andrew! The SIG-Spec mailing list could be a good place to circulate proposals. IMO the earlier the better. Excited to see the progress!
--
evan

--

Frederick Kautz

unread,
Jun 3, 2020, 10:18:52 PM6/3/20
to Evan Gilman, Jessup, Andrew (PM, Cloudless Trust Fabric), [WG] Transitive Identity
I'm extremely excited over this! Looking forward to collaborating.
Reply all
Reply to author
Forward
0 new messages