OSBAPI allows for extension: "... Platforms and Service Brokers MAY agree on an authentication mechanism other than basic authentication, but the specific agreements are not covered by this specification."
The proposal is to introduce mTLS based authentication as a standard authentication type supported by CAPI for communication with service brokers.
Last Call for Review
tbd
Proposal Name
mTLS for authentication between capi and service brokers
TL;DR Summary
CF API v3 and OSBAPI specify only basic authentication for calls from CAPI to service brokers:
OSBAPI allows for extension: "... Platforms and Service Brokers MAY agree on an authentication mechanism other than basic authentication, but the specific agreements are not covered by this specification."
The proposal is to introduce mTLS based authentication as a standard authentication type supported by CAPI for communication with service brokers.
Proposal URL
todo
Point of Contact
mathias.essenpreis@sap.com @stephanme (SAP)