ietf-wg-wimse / draft-ietf-wimse-s2s-protocol

WIMSE Service to Service I-D
Other
3 stars 4 forks source link

X.509 fields #46

Open PieterKas opened 5 months ago

PieterKas commented 5 months ago

Commenting as identity enthusiast as opposed to WIMSE co-chair

Section 5 states that the identifier may be used in an X.509 certificate. From reading the draft, this may be a client or a server certificate. Should we included additional details about the certificates themeselves? Should a workload be able to use the same certificate for client authentication and as a server? What are the extended key usage parameters that should be supported (can a cert have both)?

jsalowey commented 1 month ago

PR#63 adds some of this. We may want to make more specification around what can be in the URI (no port, username; trust domain lowercase)