NationalAustraliaBank
commented
5 years ago NAB is supportive of the proposal - i.e to use private key JWT for client authentication.
Closed lukepopp closed 5 years ago
NationalAustraliaBank
commented
5 years ago NAB is supportive of the proposal - i.e to use private key JWT for client authentication.
MacquarieBank
commented
5 years ago Macquarie Bank also strongly endorses and supports the proposal that only private key JWT client authentication will be supported under the CDR InfoSec profile.
lukepopp
commented
5 years ago Commonwealth Bank's response:
Commonwealth Bank supports the use of mutual TLS and private_key_JWT for client authentication and to enable the sending of certificate bound access tokens.
lukepopp
commented
5 years ago There is broad support for this proposal and this will be reflected in the InfoSec profile.
At present, the profile supports Client Authentication via private key JWT and Mutual Authentication TLS (MTLS). This means that Holders will need to support both methods. It is proposed that only private key JWT client authentication will be supported under the profile. This does not mean that MTLS as a Holder of Key Mechanism will no longer be required - it is required regardless of this proposal. Furthermore, Server/client certs must be issued by the CDR CA.