generated from martinthomson/internet-draft-template
-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
22 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| **Agenda & Notes for April 16 2024** | ||
|
|
||
| * Welcome | ||
| * "Token exchange: Specify a protocol for exchanging an incoming token of one format for a workload-specific WIMSE token at security boundaries (possibly based on RFC 8693). Additionally, this token exchange will require specifying as proposed standard a small set of token exchange profiles (mapping of claims) between existing and new WIMSE token formats." [WIMSE Charter](https://datatracker.ietf.org/doc/charter-ietf-wimse/) | ||
| * Weekly meetings - confirm meeting time works for everyone for the next few months, Dean to send out a meeting invitation | ||
| * Confirm everyone has access to [GitHub repo](https://github.com/dhs-aws/wimse-token-exch-design-team/) | ||
| * Weekly meeting notes to be stored in GitHub under the /notes folder | ||
| * Interim meeting scheduled for May 22 10:30 AM EDT (GMT-4). Need a volunteer to lead the token exchange discussion since I'll be working from Osaka | ||
|
|
||
| * Intro from Evan - token exchange issues, considerations in SPIFFE, [draft use cases](https://datatracker.ietf.org/doc/draft-gilman-wimse-use-cases/) | ||
| * Getting Things Done - Workstreams | ||
| * Use Case development | ||
| * build off Evan's [draft use cases](https://datatracker.ietf.org/doc/draft-gilman-wimse-use-cases/) | ||
| * Token translation - SPIFFE to JWT, JWT to SPIFFE, etc. | ||
| * Do we know all the token types we wish to convert between? | ||
| * Or do we want to build a generic token translation mechanism and then profiles for X to Y, Y to Z, etc.? | ||
| * User mapping across domains - How does Workload User A at MSFT translate to a user in AWS/GCP? | ||
| * Do we need SCIM for both user and workload identities? | ||
| * How do we avoid static mappings which are hard to maintain in large environments? | ||
| * Security Considerations development | ||
| * Look into the [CSRB report on Microsoft](https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf) - can we reduce the risk of stolen signing keys/tokens? | ||
| * |