February 5, 2025

Agenda

Joonas introduces background on an RFC for workload identity.
- Infrastructure-agnostic.
- Standards-based: interoperable across platforms.
- Cryptographically verifiable.
- To the extent possible, fully automated. Workloads should only have to request identity for it to be available to them.
Use-cases:
- Securing NATS connectivity.
- Dynamic, secret-less OCI artifact pulls.
- Secret-less access to third party resources.
- Mutual authN for host and provider communication.
- Establishing trust across clusters.
Implementation in three steps:
- Host
- Providers
- Components
What's next?
- RCF/Proposal
- POC demonstration of host integration
- Tracking issue + work items
Question: Would this be mandatory or optional?
- Answer: The goal is definitely to make this optional.

Taylor introduces background on an RFC for plugin-ifying wash
The RFC is available on GitHub: https://github.com/wasmCloud/wasmCloud/issues/4059
"This enables more flexibility for things like auth providers and custom extensions for those running wasmCloud in production."
This would replace current plugin model.
Question: Current plugin model limits ability to use multi-tier subcommand. Would the new model be able to get around this limitation?
- Answer: Yes, this should add increased flexibility to do all of the things you would expect.
Question: What would our recommendations to contributors be if they wanted to add a feature to wash?
- Answer: If this goes through, my thought would be that we recommend contributors implement the feature as a plugin.