FW: New Version Notification for draft-ietf-wimse-http-signature-03.txt from Yaron Sheffer on 2026-04-15 (ietf-http-wg@w3.org from April to June 2026)

From: Yaron Sheffer <yaronf.ietf@gmail.com>
Date: Wed, 15 Apr 2026 09:33:53 +0000
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
CC: Joe Salowey <joe@salowey.net>
Message-ID: <GVYP280MB086149862BD152417D3ADEBBA9222@GVYP280MB0861.SWEP280.PROD.OUTLOOK.COM>

Hi httpbis folks,

This draft is being discussed at WIMSE, however since we’re proposing a new HTTP Signature Parameter, we thought people on this list might be interested.

Please respond to the WIMSE mailing list.

Thanks,
      Yaron

From: Yaron Sheffer <yaronf.ietf@gmail.com>
Date: Wednesday, 8 April 2026 at 12:52
To: wimse@ietf.org <wimse@ietf.org>
Subject: FW: New Version Notification for draft-ietf-wimse-http-signature-03.txt

This version retains the “aud” construct, but instead of having it as an HTTP header we now use a custom HTTP Signature Parameter (Sec. 3.1). All other changes are regenerated sample values.

Thanks,
      Yaron

From: internet-drafts@ietf.org <internet-drafts@ietf.org>
Date: Tuesday, 7 April 2026 at 18:10
To: Joe Salowey <joe@salowey.net>, Joseph Salowey <joe@salowey.net>, Yaron Sheffer <yaronf.ietf@gmail.com>
Subject: New Version Notification for draft-ietf-wimse-http-signature-03.txt

A new version of Internet-Draft draft-ietf-wimse-http-signature-03.txt has
been successfully submitted by Yaron Sheffer and posted to the
IETF repository.

Name:     draft-ietf-wimse-http-signature
Revision: 03
Title:    WIMSE Workload-to-Workload Authentication with HTTP Signatures
Date:     2026-04-07
Group:    wimse
Pages:    19
URL:      https://www.ietf.org/archive/id/draft-ietf-wimse-http-signature-03.txt

Status:   https://datatracker.ietf.org/doc/draft-ietf-wimse-http-signature/

HTML:     https://www.ietf.org/archive/id/draft-ietf-wimse-http-signature-03.html

HTMLized: https://datatracker.ietf.org/doc/html/draft-ietf-wimse-http-signature

Diff:     https://author-tools.ietf.org/iddiff?url2=draft-ietf-wimse-http-signature-03


Abstract:

   The WIMSE architecture defines authentication and authorization for
   software workloads in a variety of runtime environments, from the
   most basic ones to complex multi-service, multi-cloud, multi-tenant
   deployments.  This document defines one of the mechanisms to provide
   workload authentication, using HTTP Signatures.  While only
   applicable to HTTP traffic, the protocol provides end-to-end
   protection of requests (and optionally, responses), even when service
   traffic is not end-to-end encrypted, that is, when TLS proxies and
   load balancers are used.  Authentication is based on the Workload
   Identity Token (WIT).



The IETF Secretariat

Received on Wednesday, 15 April 2026 09:47:57 UTC