Markdown Version | Session Recording

Session Date/Time: 14 Oct 2025 16:00

WIMSE

Summary

This interim meeting focused on the workload-to-workload authentication document, specifically addressing an existing impasse among authors regarding the choice of underlying technology (JOT-based vs. HTTP Signature profile) and, consequently, the overall structure of the document(s). The chairs committed to reviewing the mailing list discussion on document structure and providing guidance to the authors by the end of the week.

Key Discussion Points

• Document Status and Impasse: The workload-to-workload document was noted as being on the agenda for Working Group Last Call preparation. However, Brian noted an existing impasse among authors regarding fundamental disagreements on the necessary and/or sufficient technology for workload-to-workload authentication.
  • Brian's perspective: A JOT-based approach on top of HTTP is simpler, more deployable, and fully sufficient.
  • Yaron's perspective (as conveyed by Brian): An HTTP Signature profile is necessary, particularly for protecting intermediaries with full integrity protection on the body.
  • Previous attempts to gain working group direction via a consensus call on the mailing list regarding the structure yielded many opinions but no clear rough consensus for one approach over the other.
• Chairs' Response to Impasse: Justin and Peter acknowledged the call for guidance. They committed to carefully re-reading the mailing list thread titled "Workload-to-Workload Document Structure" to determine the working group's rough consensus on the structural direction.
  • They emphasized that the IETF does not aim to pick market winners but should consider technological trends when making decisions.
  • The core issue is perceived as structural (single document vs. multiple, and how to split) rather than a content issue, as there are proponents for each technical piece.
• Discussion on Document Splitting:
  • Brian envisioned a split into three distinct documents: one for the Workload Identity Token (WIT) as an identity component, and separate documents for WIPIT and HTTP Signatures as independent presentation mechanisms. Mutual TLS was identified as a cross-cutting concern requiring further consideration.
  • Joseph suggested that TLS and certificate-related content are tightly coupled and should remain together to aid readability, given existing practice and the relatively small amount of new material compared to WIT.
  • Arndt proposed a split to keep the workload identity certificate and mutual TLS presentation alongside the workload identity token in one document, while splitting WIPIT and HTTP Message Signatures into their own documents. He expressed concern about creating too many small RFCs and suggested a maximum of three for readability.
  • Justin highlighted a logical split between "credential formats" (e.509 and WITs) and "presentation mechanisms" (HTTP SIG, WIPIT, MTLS). He advocated for optimizing for the understandability of the resulting documents, even if it meant more documents, and noted IETF mechanisms exist for managing short RFCs or related clusters of documents.
• Timeline and Document Submission: Arndt raised concerns about the ID submission deadline (Monday) and the desire to finalize decisions before IETF 118 in Montreal.
  • Chairs (Justin and Peter) acknowledged that the initial timeline for Working Group Last Call was set before the structural split was extensively discussed.
  • They advised that if restructuring is decided, authors should make edits in the interim and make them available, even if not formally on Data Tracker, for discussion in Montreal.
  • They clarified that if a split occurs, it would not necessarily require a new adoption call for the "new" documents, as the work itself has already been adopted. The structural change itself would be the subject of a consensus determination.
• "Clustering" of Documents: The concept of "clustering" documents (e.g., for IESG review) was discussed. Justin explained that this signals to the IESG and RFC editor that documents are related and should ideally go through together, simplifying cross-references. However, it doesn't mandate simultaneous publication if one document is delayed. This decision can be made later.
• Unrelated Discussion: Mark attempted to raise a question about sending richer metadata using tokens, which was deemed unrelated to the current agenda. Justin directed him to raise the discussion on the mailing list.

Decisions and Action Items

• Decision: WIMSE chairs (Justin and Peter) will review the "Workload-to-Workload Document Structure" mailing list thread to determine the working group's rough consensus on the structural direction of the workload-to-workload document(s).
• Action Item: WIMSE chairs to provide guidance to the authors regarding the document structure (single vs. multiple documents, and details of the split if applicable) by the end of the current week (November 3rd, 2023).
• Action Item: Working group participants are encouraged to contribute any further opinions on the "Workload-to-Workload Document Structure" mailing list thread before the chairs' decision.

Next Steps

• Authors are to proceed with drafting and editing based on the structural guidance provided by the chairs.
• If extensive restructuring is required and cannot be completed by the ID submission cutoff (Monday, November 6th), authors should make edited versions available for discussion at IETF 118 in Montreal.
• The question of whether to formally "cluster" the resulting documents for IESG review will be considered at a later stage, after the structural split is finalized.