Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Convert ascii art to aasvg #21

Merged
merged 3 commits into from
Mar 21, 2024
Merged

Convert ascii art to aasvg #21

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0b80e36
Convert ascii art to aasvg
SteveLasker Mar 18, 2024
0cbe268
A few markdown formatting fixes and spelling
SteveLasker Mar 18, 2024
a6fb03e
Tighten up vertical space a bit
SteveLasker Mar 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 21 additions & 30 deletions draft-salowey-wimse-arch.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,13 +31,10 @@ author:
organization:
email: [email protected]



normative:

informative:


--- abstract

The increasing prevalence of cloud computing and micro service architectures has led to the rise of complex software functions being built and deployed as workloads, where a workload is defined as a running instance of software executing for a specific purpose.
Expand All @@ -56,42 +53,36 @@ Workloads need to be provisioned with a unique identity when they are started. O

How the workload obtains identity information and interacts with the agent is subject to different implementations, as described in this document. A few variants (such as environment variables or domain sockets) have been used in deployments today.

~~~
~~~aasvg
+-----------------+
| Server |
| |
| |
| +-------------+ |
| | Attestation | |
| +-------------+ |
+-----------------+
^|
||
||
|| Identity
|| Information ..
|| ||
|| || Workload
|| || to
|| || Workload
|| || Communication
+--------||-------------------------------vv-----------+
| |v +-----------------+ |
| +---------------+ +-----------------+| |
| | Agent | | Workload || |
| | | | || |
| | <...............> || |
| | ^ | Identity | ^ |+ |
| +------------'--+ Information +-'---------------+ |
| ' ' |
| ' & Identity ' Identity |
| Attestation ' Information ' Information |
| v v |
|------------------------------------------------------|
+---------+-------+
^ | . .
| | Identity | | Workload
| | Information | | to
| | | | Workload
| | | | Communication
+-------+-+------------------------------+-+-----------+
| | | v V |
| | v +----------------+ |
| +----+----------+ +-+--------------+ | |
| | Agent | | Workloads | | |
| | <+--------------+> | | |
| | ^ | Identity | ^ +-+ |
| +------------+--+ Information +--+-------------+ |
| | | |
| | & Identity | Identity |
| Attestation | Information | Information |
| v v |
+------------------------------------------------------+
| Host Operating System and Hardware |
+------------------------------------------------------+
~~~~
{: #arch-fig title="Host Software Layinger in a Workload Identity Architecture."}
{: #arch-fig title="Host Software Layering in a Workload Identity Architecture."}

Once the workload is started and has obtained unique identity information, it can offer its services. Once a service is invoked on a workload it may require interaction with other workloads. An example of such interaction is shown in {{?I-D.ietf-oauth-transaction-tokens}} where an externally-facing endpoint is invoked using conventional authorization mechanism, such as an OAuth 2.0 access token. The interaction with other workload may require the security context to be passed along the call chain.

Expand Down
Loading