Closed lukepopp closed 5 years ago
NAB is supportive of the proposal - i.e to use private key JWT for client authentication.
Macquarie Bank also strongly endorses and supports the proposal that only private key JWT client authentication will be supported under the CDR InfoSec profile.
Commonwealth Bank's response:
Commonwealth Bank supports the use of mutual TLS and private_key_JWT for client authentication and to enable the sending of certificate bound access tokens.
There is broad support for this proposal and this will be reflected in the InfoSec profile.
At present, the profile supports Client Authentication via private key JWT and Mutual Authentication TLS (MTLS). This means that Holders will need to support both methods. It is proposed that only private key JWT client authentication will be supported under the profile. This does not mean that MTLS as a Holder of Key Mechanism will no longer be required - it is required regardless of this proposal. Furthermore, Server/client certs must be issued by the CDR CA.