c/ietf-wimse-ect
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add draft-nennemann-wimse-ect-01 with assurance levels and identity-framework agnostic design

Browse Source 
Introduces three assurance levels (L1 unsigned JSON, L2 JOSE signing,
L3 JOSE signing with audit ledger) so deployments can choose the
appropriate trade-off between simplicity and regulatory compliance.

Decouples ECTs from WIMSE/SPIFFE hard dependencies by introducing an
abstract identity binding model with concrete profiles for WIMSE,
X.509, and JWK sets. The typ header moves from wimse-exec+jwt to
exec+jwt (with backward compatibility).

Includes blog article (blog-ect-assurance-levels.md) explaining the
assurance levels change and identity-framework agnostic design.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Chris Nennemann
2026-03-01 23:04:12 +01:00
parent 6e5eba641a
commit 998a7f2eb8
3 changed files with 1641 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
build.sh
View File

@@ -1,7 +1,7 @@
#!/bin/bash
set -e
DRAFT="draft-nennemann-wimse-ect-00"
DRAFT="draft-nennemann-wimse-ect-01"
DIR="$(cd "$(dirname "$0")" && pwd)"
# Tool paths