Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Intro and high level architecture #3

Merged
merged 2 commits into from
May 29, 2024
Merged

Intro and high level architecture #3

merged 2 commits into from
May 29, 2024

Conversation

yaronf
Copy link
Collaborator

@yaronf yaronf commented May 24, 2024

No description provided.

@yaronf yaronf requested review from dfeldman, jsalowey, arndt-s and bc-pi May 24, 2024 14:02
Copy link
Collaborator

@arndt-s arndt-s left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please feel free to just close my comments if they are too nit picking at this stage.

draft-sheffer-wimse-s2s-protocol.md Show resolved Hide resolved
TODO Introduction
This document defines authentication and authorization in the context of interaction between two workloads.
This is the core component of the WIMSE architecture {{?I-D.ietf-wimse-arch}}.
Assume that Service A needs to call Service B. For simplicity, this document focuses on REST services,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should stick to one term - either workload or service. Using these two interchangeably may confuse readers.

Copy link
Collaborator Author

@yaronf yaronf May 27, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. Note that this includes the document's title. Sigh.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On second thoughts, even in the group charter we called it "service to service". I will let others chime in.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm in favor of switching to workload to workload vs service. I feel that the workload term is more generic and its what we are using elsewhere. I believe the way we are using the they are synonymous.

* The other commonly deployed architecture has a mutual-TLS connection between each pair of services. This setup
can be addressed by a simpler solution ({{mutual-tls}}).

It is an explicit goal of this protocol that a service deployment, and in fact a single call chain,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
It is an explicit goal of this protocol that a service deployment, and in fact a single call chain,
It is an explicit goal of this protocol that a service deployment can include both architectures across a multi chain call.

or do you indeed mean mTLS + TLS terminating middlebox? If that's the case I propose to rephrase the example to something like "TLS terminating middlebox + mTLS"

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I meant it exactly like you wrote it: a single multi chain call including both architectures. (Except that maybe the word "architecture" is a bit off here.)

draft-sheffer-wimse-s2s-protocol.md Show resolved Hide resolved
@yaronf yaronf requested a review from arndt-s May 27, 2024 21:06
Copy link
Collaborator

@jsalowey jsalowey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm in favor of merging this, I think we can work out the details later.

@yaronf yaronf merged commit 44d70b3 into main May 29, 2024
2 checks passed
@yaronf yaronf deleted the ys-intro branch July 3, 2024 16:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants