Workload Identity OAuth (or otherwise) Reverse Proxy
Enables fine grained access control around what a workload can do with an API, more so than fine grained tokens, control specific POST data or query parameters allowed. Or potentially response filtering.
For traceability the SCITT policy engine can be used on each OIDC claims validation. The claims can be added to the transparency service.
ATProto can be a place to store SCITT messages, and SCRAPI can be built on top of it. This enables federation.
SCITT content addressable URIs are still interesting for this use case. Need to pull from old version of spec because microsoft didn't like the
:character (yes it's that dumb)
Using ATProto as the graph
No private accounts yet, these would be ideal for networked ssh-ai swarms
AT-SMS could be promising in that direction
gobengo wasup