Markdown Version | Session Recording

Session Date/Time: 22 Jul 2025 12:30

WIMSE Working Group Meeting Minutes

Summary

The WIMSE (Workload Identity in Multi-System Environments) working group met to discuss current working group drafts and proposed related work. Key updates were provided on three current documents: workload-to-workload authentication, workload identity practices, and architecture. The group also explored new topics including agentic AI applications, workload identifiers, credential exchange, and confidential computing considerations. Multiple documents are targeting working group last call before the Montreal meeting.

Key Discussion Points

Current Working Group Documents

• Workload-to-Workload Authentication Protocol: Significant progress since Bangkok with three new versions published, including stricter signature algorithm requirements, JWT replay protection, HTTP signature support, and mandatory content digest. Open issues remain around multiple workload identities, security goals definition, and URI scheme considerations.

• Workload Identity Practices: Evolution from BCP to informational draft, scope expanded to cover workflow platforms, cloud providers, SPIFFE, and CI/CD platforms. Document moved away from OAuth 2.0 specifics to accommodate cloud providers using different federation mechanisms.

• Architecture Document: Limited activity since last meeting, with reorganization of authentication/authorization sections and security considerations updates. Discussion of terminology alignment with other documents like transaction tokens.

Technical Discussions

• Multiple Authentication Methods: Debate over whether to allow different authentication methods between the same workload and different services, and whether correlation between identities should be required.

• Security Goals vs Properties: Clarification that the working group should focus on high-level security goals rather than formal security properties, with examples including non-repudiation, replay protection, and authentication.

• Token Binding: Discussion of the "OTH" (other token hash) construct for binding external tokens into WIPPIT, with proposals to change from single hash to JSON object mapping HTTP headers to token hashes.

New Proposals and Topics

• Agentic AI Integration: Presentation on how WIMSE might address AI agent authentication and authorization challenges, including streaming support, identity attestation, and authorization for autonomous agents using tools/APIs.

• Workload Identifiers: Proposal to extract workload identifier definitions into a separate standards-track document, enabling broader reuse and more stable references across protocols.

• Credential Exchange: Discussion of patterns for workloads to obtain different credentials, including initial platform provisioning, on-demand platform assurance, and credential exchange mechanisms.

• Static Secrets Management: Exploration of challenges with API keys and static secrets in modern workload environments, though consensus emerged that this may be better addressed in other working groups.

• Confidential Computing: Presentation on requirements for sovereign AI and data residency, emphasizing the need for proof of residency and geo-fencing capabilities in zero-trust environments.

Decisions and Action Items

Document Progression

• Target working group last call before Montreal meeting for current working group documents
• Schedule multiple interim meetings to accelerate progress on current drafts
• Architecture document to focus on currently specified solutions rather than expanding scope

Protocol Specifications

• Workload-to-workload protocol to address open issues around multiple identities and security goals
• Consider alignment of terminology across WIMSE and OAuth working group documents
• Evaluate the OTH token binding construct and consider JSON object approach

New Work Considerations

• Continue discussion of agentic AI requirements and potential WIMSE involvement
• Assess interest in standardizing workload identifier as separate document
• Explore credential exchange patterns and determine if protocol work is needed

Next Steps

1. Immediate Actions:

   • Schedule interim meetings for current working group drafts
   • Authors to provide updates on readiness for working group last call
   • Continue terminology alignment discussions with OAuth working group

2. Document Development:

   • Resolve open issues in workload-to-workload authentication protocol
   • Finalize workload identity practices document
   • Scope architecture document for Montreal timeline

3. Community Engagement:

   • Encourage continued mailing list discussions on new proposals
   • Seek input from agentic AI practitioners for potential future work
   • Coordinate with related working groups (OAuth, SPICE, TLS) on overlapping topics

4. Future Planning:

   • Evaluate adoption of new work items based on community interest and implementation experience
   • Consider charter implications for expanded scope areas like agentic AI and confidential computing

The working group emphasized the importance of completing current work before taking on new initiatives, while maintaining openness to important emerging use cases in the workload identity space.