[Improvement] Add authentication with mTLS and/or OAuth 2.0

shapeshifter / shapeshifter-specification

This repository contains the Shapeshifter specification. Files in this repository are used to generate an easily readable and navigable specification, that can be accessed using the link below

https://shapeshifter.github.io/shapeshifter-specification/

Apache License 2.0

6 stars 7 forks source link

[Improvement] Add authentication with mTLS and/or OAuth 2.0 #84

Open tomwetjens opened 1 year ago

tomwetjens commented 1 year ago

Describe the improvement

Add section on optional authentication using mTLS and/or OAuth 2.0

Additional context

Reducing the attack surface by authenticating before XML is parsed, easier to prevent DDoS.

Expected behavior

Section added to the spec describing how we want to do mTLS or OAuth 2.0 if required by the implementors.

Additional context This has been proposed by Dutch grid operators Alliander, Enexis and EDSN

RobbenRiksen commented 10 months ago

Temporary solution with mTLS has been implemented by GOPACS and Liander. Discussion in the TSC about a desirable solution for Shapeshifter is ongoing and will be addressed in the coming TSC meetings.