Skip to main content
  • Extended Protocol Provisioning Tutorial from IETF 121

    The RESTful Provisioning Protocol (rpp) Birds of a Feather session during the IETF 121 meeting featured a review of the Extensible Provisioning Protocol (EPP) of interest to anyone looking to learn more about the Domain Name System (DNS).

    2 Dec 2024
  • IETF 121 post-meeting survey

    IETF 121 Dublin was held 2-8 November 2024 and the results of the post-meeting survey are now available on a web-based interactive dashboard.

    25 Nov 2024
  • The new GREEN working group gets ready for an energy efficient Internet

    The Getting Ready for Energy-Efficient Networking (GREEN) working group will explore use cases, derive requirements, and provide solutions to optimize energy efficiency across the Internet.

    29 Oct 2024
  • IETF Annual Report 2023

    The IETF Annual Report 2023 provides a summary of Internet Engineering Task Force (IETF), Internet Architecture Board (IAB), Internet Research Task Force (IRTF), and RFC Editor community activities from last year.

    25 Oct 2024
  • IETF 122 Bangkok registration open

    Registration is now available for the IETF 122 Bangkok meeting scheduled for 15-21 March 2025, which is the first time registration for an IETF meeting has been open before the preceding meeting registration has closed.

    25 Oct 2024

Filter by topic and date

Filter by topic and date

WIMSE Working Group: Serious business for cloud computing

15 Oct 2024

Chartered in March 2024, the IETF Workload Identity in Multi System Environments (WIMSE) working group aims to address challenges of implementing fine-grained access control across platforms in the public and private clouds, which is increasingly important to how complex software functions are built and deployed.

The increasing prevalence of cloud computing and micro service architectures has led to the rise of complex software functions being built and deployed as workloads—instances of software executing for a specific purpose, across multiple service platforms. 

pexels-brett-sayles-buildingblock-wimse

WIMSE focuses on the unique identity and access management aspects of workloads at runtime and their execution context, particularly focusing on the propagation, representation, and processing of workload identity. While several standards and open-source projects—such as OAuth, JWT, and SPIFFE—offer foundational elements for this work, there are no established standards on how to combine these standards, or any guidance on how to bridge the gaps between them. . This can lead to inconsistencies, interoperability issues, and potential security vulnerabilities.

WIMSE formed from a Birds of a Feather session held during the IETF 118 meeting in Prague and first met as a working group during IETF 119 in Brisbane. Work has progressed rapidly since then and the group has already adopted three documents that identify, articulate, and bridge the gaps and ambiguities in multi-cloud workload identity deployments and define solutions that can be adopted across a diverse set of platforms and deployments. WIMSE is scheduled to meet during IETF 121 Dublin in November 2024.

WIMSE Service to Service Authentication“ defines authentication and authorization for software workloads in a variety of runtime environments, from the most basic ones up to complex multi-service, multi-cloud, multi-tenant deployments. This document defines the simplest, atomic unit of this architecture: the protocol between two workloads that need to verify each other's identity in order to communicate securely.

Workload Identity in a Multi System Environment (WIMSE) Architecture“ discusses an architecture for designing and standardizing protocols and payloads for conveying workload identity and security context information. 

Best Current Practice for OAuth 2.0 Client Authentication in Workload Environments” describes the current best practices to avoid client_secret provisioning and leverage platform attestation to receive access tokens from an OAuth 2.0 authorization server via RFC 7523. 

Work is ongoing…. If you are interested in working on these issues and contributing ideas and solutions, please sign up for the mailing list and plan to attend the session during IETF 121


Share this page