c/ietf-wimse-ect
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: migrate refimpls from draft-00 to draft-01 claim names

Browse Source 
- Rename `par` to `pred` (predecessor) in types, serialization, tests
- Remove `pol`, `pol_decision` from core payload; move to `ect_ext`
- Remove `sub` from payload (not part of ECT spec)
- Update `typ` from `wimse-exec+jwt` to `exec+jwt` (accept both)
- Rename MaxParLength to MaxPredLength everywhere
- Update testdata, demos, READMEs with migration table
- All Go tests pass, all 56 Python tests pass (90% coverage)
This commit is contained in:
Christian Nennemann
2026-04-03 10:55:58 +02:00
parent ba044f6626
commit 884d2dc836
33 changed files with 416 additions and 481 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
refimpl/README.md
View File

@@ -1,16 +1,16 @@
# WIMSE Execution Context Tokens — Reference Implementations
> **Note**: These reference implementations were built against **draft-nennemann-wimse-ect-00**.
> The current draft (**-01**) introduced several claim name changes and structural updates:
> These reference implementations are aligned with **draft-nennemann-wimse-ect-01**.
>
> | -00 (refimpl) | -01 (current draft) | Notes |
> |---------------|---------------------|-------|
> | `par` | `pred` | Predecessor task IDs |
> The following claim name changes from -00 have been applied:
>
> | -00 (previous) | -01 (current) | Notes |
> |----------------|---------------|-------|
> | `par` | `pred` | Predecessor task IDs |
> | `pol`, `pol_decision` | removed (use `ect_ext`) | Policy claims moved to extension object |
> | `sub` | not defined | Standard JWT claim, not part of ECT spec |
> | `sub` | not defined | Standard JWT claim, not part of ECT spec |
> | `typ: wimse-exec+jwt` | `typ: exec+jwt` (preferred) | Both accepted for backward compat |
>
> The refimpl update to -01 is tracked in IMPROVEMENTS.md.
> | `MaxParLength` | `MaxPredLength` | Renamed to match `pred` claim |
This directory contains **reference implementations** of Execution Context Tokens (ECTs) for the WIMSE (Workload Identity in Multi System Environments) draft. Each refimpl provides ECT creation, verification, DAG validation, and an in-memory audit ledger.
@@ -26,7 +26,7 @@ This directory contains **reference implementations** of Execution Context Token
- **ECT format**: JWT (JWS Compact Serialization) with required/optional claims per the spec.
- **Creation**: Build and sign ECTs with ES256; `kid` and `typ` in the JOSE header.
- **Verification**: Full verification procedure (parse, typ/alg, key resolution, signature, claims, optional DAG).
- **DAG validation**: Uniqueness, parent existence, temporal ordering, acyclicity, parent policy.
- **DAG validation**: Uniqueness, predecessor existence, temporal ordering, acyclicity, predecessor policy.
- **Ledger**: Interface plus in-memory append-only store.
No WIT/WPT issuance or full WIMSE stack; refimpls use key resolution only. Suitable for conformance testing and as a template for production integrations.
@@ -54,7 +54,7 @@ python3 -m pytest tests/ -v
## Specification
- **Current draft**: `draft-nennemann-wimse-ect-01`
- **Refimpl implements**: `-00` claim names (see migration note above)
- **Refimpl implements**: `-01` claim names
## License