(registered 2018-02-23, last updated 2018-02-23)

Scheme Name: spiffe

Status: Provisional

Applications/protocols that use this scheme name: A SPIFFE URI (or SPIFFE
ID) is used as an identity handle, primarily for datacenter workloads. It is
best described as a username for compute processes. Modeling this identity
handle as a URI serves two benefits: it allows operators to encode human
meaning in compute identity, and it helps distinguish the handle from
locators and resources on which an action can be performed.

This scheme is in active use by the Istio and SPIRE open source software
projects, and is defined as a specification under the SPIFFE specification
set.

Security Considerations: SPIFFE IDs themselves pose no security threat. They
act purely as an identifier, and no direct action can be taken on them. As a
result, the current specification does not include a Security Considerations
section as it relates to a SPIFFE ID, though one may be added if deemed
necessary.

Contact: Evan Gilman, evan&scytale.io

Change Controller: Scytale, Inc.

References:
Istio: https://github.com/istio/istio/tree/master/security
SPIRE: https://github.com/spiffe/spire
SPIFFE URI Specification:
https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#2-spiffe-identity