Open oberstet opened 2 years ago
rgd the goal of adding above trustroot feature - in Crossbar.io, there are 3 types of internal connections, that is connections between workers and nodes of Crossbar.io itself:
All of these connection types
Thus, all connection types are working single-realm-multiple-session (when MUXed).
Since all connection types work single-realm (either single or multiple sessions), it makes sense to bind the trustroot connections are authenticated against with that realm.
Case 1:
realm = federated
trustroots = different domains, associated via frealm
Case 2:
realm = plain
trustroots = same domain
That is:
One element to add is auto-generating node certificate files key.sig
as part of node auto-discovery:
key.sig
should contain the node authid, pubkey and address, and should be signed by the master node eth key.
The master node address should be included in key.pub
as trustroot
default.