Is there an update on supporting the Transitive Identites?

[martin shi]

Hi all:

It has been almost one year since the last update of this working group. Is there a latest update on the specification? Thank you.

Martin

[Andrew Jessup]

Hey Martin,

Sorry for the slow reply here. The latest specification is the DA-SVID, which you can find here. The feedback was positive however the strongest objection was that it did not allow a remote party to independently verify the claims in the DA-SVID. Instead it is necessary to implicitly trust the DA-SVID issuer.

Recently though, a team of researchers have picked up this work and are expanding on it. I've CC'd them on this thread, and I would encourage you to reach out to them to learn more and get involved.

Cheers,
AJ

--
To unsubscribe from this group and stop receiving emails from it, send an email to transitive-identi...@spiffe.io.

[Marcos Antonio Simplicio Junior]

Hi, everyone.

Just a quick update on the matter: we believe the spec on Transitive IDs is reasonably stable (thanks for all the comments in https://docs.google.com/document/d/1fH8XkOKGXGrWy9uk-JXZbyksHejZ2CfB7h6YXetqG_w/ !). Hence, we are currently working on building a Proof-of-Concept to show how it would work in practice on a SPIFFE/SPIRE environment. That should give further insight on missing requirements and needed points of improvement. 

We have added two figures  in Appendix D: Proof of concept implementation to show what we are planning. We are currently working on the steps shown in Figure D.1. 

Please fell free to comment on the document and/or the PoC, including requests for clarification. We plan to have a demo ready  before the end of March/2022!

Best regards,

Marcos Simplicio.