This repository contains the Shapeshifter specification. Files in this repository are used to generate an easily readable and navigable specification, that can be accessed using the link below
Temporary solution with mTLS has been implemented by GOPACS and Liander. Discussion in the TSC about a desirable solution for Shapeshifter is ongoing and will be addressed in the coming TSC meetings.
Describe the improvement
Add section on optional authentication using mTLS and/or OAuth 2.0
Additional context
Reducing the attack surface by authenticating before XML is parsed, easier to prevent DDoS.
Expected behavior
Section added to the spec describing how we want to do mTLS or OAuth 2.0 if required by the implementors.
Additional context This has been proposed by Dutch grid operators Alliander, Enexis and EDSN