-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Intro and high level architecture #3
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please feel free to just close my comments if they are too nit picking at this stage.
TODO Introduction | ||
This document defines authentication and authorization in the context of interaction between two workloads. | ||
This is the core component of the WIMSE architecture {{?I-D.ietf-wimse-arch}}. | ||
Assume that Service A needs to call Service B. For simplicity, this document focuses on REST services, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should stick to one term - either workload
or service
. Using these two interchangeably may confuse readers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed. Note that this includes the document's title. Sigh.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On second thoughts, even in the group charter we called it "service to service". I will let others chime in.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm in favor of switching to workload to workload vs service. I feel that the workload term is more generic and its what we are using elsewhere. I believe the way we are using the they are synonymous.
draft-sheffer-wimse-s2s-protocol.md
Outdated
* The other commonly deployed architecture has a mutual-TLS connection between each pair of services. This setup | ||
can be addressed by a simpler solution ({{mutual-tls}}). | ||
|
||
It is an explicit goal of this protocol that a service deployment, and in fact a single call chain, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is an explicit goal of this protocol that a service deployment, and in fact a single call chain, | |
It is an explicit goal of this protocol that a service deployment can include both architectures across a multi chain call. |
or do you indeed mean mTLS + TLS terminating middlebox? If that's the case I propose to rephrase the example to something like "TLS terminating middlebox + mTLS"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I meant it exactly like you wrote it: a single multi chain call including both architectures. (Except that maybe the word "architecture" is a bit off here.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm in favor of merging this, I think we can work out the details later.
No description provided.