Dan L raised questions on call today about client authentication. @agentlewis why not describe how you are currently doing it in a comment.
We currently don't do anything like that, because of the potential issue with it busting anonymity for anyone with a compromised server, reports from users are intentionally not linked or linkable.
Dan A has suggested in the past using a client certificate which certifies the code, not the user, @danaronson - did you know how to do this, or just that it could be done ?
@jmday made it clear that priority of this is lower, i.e. need client working with this server first
Dan L raised questions on call today about client authentication. @agentlewis why not describe how you are currently doing it in a comment.
We currently don't do anything like that, because of the potential issue with it busting anonymity for anyone with a compromised server, reports from users are intentionally not linked or linkable.
Dan A has suggested in the past using a client certificate which certifies the code, not the user, @danaronson - did you know how to do this, or just that it could be done ?
@jmday made it clear that priority of this is lower, i.e. need client working with this server first