Noah Stride
Noah Stride
I think my overarching concern about mixing the content stands - there's two very distinct ways of using MWI and my fear is that mixing content about the two makes...
Thanks for raising this! I've done a first pass. One thing that has occurred to me is that we may need to update CODEOWNERS etc to cover the new directory.
> The request should be extended with a public key, so that the secret key never leaves the workload. This is fairly interesting to me since as it stands today,...
> I'm seeing a few impacts if we would make these new key submission parameters required I'm in full agreement here fwiw. I don't think we should make any breaking...
> There is no standard for the workload-to-agent protocol From my understanding, this is the SPIFFE Workload API - https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE_Workload_API.md Rather it is the Agent Server API that is undefined...
> By the way, generating an ECDSA keypair is extremely easy Definitely agree that this is trivial in most cases - but I do think that within how SPIFFE works...
> Let's simplify the WIT support discussion by splitting it from the key provenance/origin discussion. I've raised https://github.com/spiffe/spiffe/issues/317 with my understanding of the motivations and challenges regarding key generation on...
Hey all, following discussion in the SIG SPEC meeting, it feels as if we have consensus on introducing the WIT-SVID in its own right rather than attempting to extend the...
> I believe that with the introduction of a 3rd SVID type we should give more guidance in SPIFFE when to use what format. For instance workload-workload scenarios (or maybe...
> Are we awaiting the Workload Identity Credentials draft making its way to RFC before we include changes into the SPIFFE spec? We discussed this briefly a fair while back...