From 596c43ba30d24ec97199b28cdc21372bfa01779a Mon Sep 17 00:00:00 2001 From: Dmitry Date: Wed, 1 May 2024 00:06:10 -0700 Subject: [PATCH] Create 20240430.md --- notes/20240430.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 notes/20240430.md diff --git a/notes/20240430.md b/notes/20240430.md new file mode 100644 index 0000000..0170c85 --- /dev/null +++ b/notes/20240430.md @@ -0,0 +1,24 @@ +# April 30, 2024 Notes + +## Attendees +Yaroslav Rosomakho +Andrii Deinega +Dmitry Izumskiy + +## Recording + +https://zscaler.zoom.us/rec/share/epF1AXb8oIRqmc1RkaJEV0GBx_MPMT1TD21docKuaKth57jBShZY-CWhV9XY0QJZ._mqRQ39u1qltrD0W +Passcode: pwisx8!^ + +## Agenda + +1. Review consolidated use cases for token exchange +Yaroslav: The proposal is to to condense broad set of business use cases into generic short list of use cases based on techical aspects. +New version of use cases on top of [the document](https://docs.google.com/document/d/1TTVNV4gpTcFnMIFzwCU_JKAWSAD8Jo7QjjCXCeDbqZ0/edit?pli=1) +Andrii: Should we consider workload authentication and different types of credentials? (K8s SA, X.509, SVID, etc.) +Dmitry, Yaroslav: Suggestion to consider workload attestation as out of scope, context for token exchange. +Andrii: We need to focus on OAuth centric token exchange mechanism, probably an extension of OAuth specification. +Yaroslav: Disagree on this approach as some discussed target tokens are derived from OAuth and some completely independent so we may consider OAuth as a foundational specification but do not limit to compatible only token formats. +Andrii, Dmitry: Open question about OAuth centric or not OAuth centric token exchange. Should we make a call or present several options for broad discussion? + +