ietf-wimse-ect

c/ietf-wimse-ect

Fork 0

Commit Graph

Author	SHA1	Message	Date
Christian Nennemann	8cf0d8aade	feat: polish draft-01 for submission — claim renames, review fixes, refimpl docs Draft improvements: - Rename ext -> ect_ext, clarify iss/aud requirements per level - Add algorithm agility guidance and RFC 8725 reference - Add HTTP header size constraints and body transport fallback - Add cross-level parent reference semantics - Add emerging agent protocols (A2A, MCP) to Related Work - Fix HTTP error handling (403 not 401), IANA +jwt suffix note - Add workflow consistency check to DAG validation - Add defense-in-depth note for acyclicity check Supporting files: - Fix blog post outdated claim names (par -> pred, ext -> ect_ext) - Update refimpl README with -00 vs -01 migration mapping - Add refimpl IMPROVEMENTS.md section 6 with -01 migration tasks	2026-04-03 07:49:36 +02:00
Chris Nennemann	998a7f2eb8	Add draft-nennemann-wimse-ect-01 with assurance levels and identity-framework agnostic design Introduces three assurance levels (L1 unsigned JSON, L2 JOSE signing, L3 JOSE signing with audit ledger) so deployments can choose the appropriate trade-off between simplicity and regulatory compliance. Decouples ECTs from WIMSE/SPIFFE hard dependencies by introducing an abstract identity binding model with concrete profiles for WIMSE, X.509, and JWK sets. The typ header moves from wimse-exec+jwt to exec+jwt (with backward compatibility). Includes blog article (blog-ect-assurance-levels.md) explaining the assurance levels change and identity-framework agnostic design. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-01 23:04:12 +01:00

Author

SHA1

Message

Date

Christian Nennemann

8cf0d8aade

feat: polish draft-01 for submission — claim renames, review fixes, refimpl docs

Draft improvements:
- Rename ext -> ect_ext, clarify iss/aud requirements per level
- Add algorithm agility guidance and RFC 8725 reference
- Add HTTP header size constraints and body transport fallback
- Add cross-level parent reference semantics
- Add emerging agent protocols (A2A, MCP) to Related Work
- Fix HTTP error handling (403 not 401), IANA +jwt suffix note
- Add workflow consistency check to DAG validation
- Add defense-in-depth note for acyclicity check

Supporting files:
- Fix blog post outdated claim names (par -> pred, ext -> ect_ext)
- Update refimpl README with -00 vs -01 migration mapping
- Add refimpl IMPROVEMENTS.md section 6 with -01 migration tasks

2026-04-03 07:49:36 +02:00

Chris Nennemann

998a7f2eb8

Add draft-nennemann-wimse-ect-01 with assurance levels and identity-framework agnostic design

Introduces three assurance levels (L1 unsigned JSON, L2 JOSE signing,
L3 JOSE signing with audit ledger) so deployments can choose the
appropriate trade-off between simplicity and regulatory compliance.

Decouples ECTs from WIMSE/SPIFFE hard dependencies by introducing an
abstract identity binding model with concrete profiles for WIMSE,
X.509, and JWK sets. The typ header moves from wimse-exec+jwt to
exec+jwt (with backward compatibility).

Includes blog article (blog-ect-assurance-levels.md) explaining the
assurance levels change and identity-framework agnostic design.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-01 23:04:12 +01:00

2 Commits