Commenting as identity enthusiast as opposed to WIMSE co-chair
Section 5 states that the identifier may be used in an X.509 certificate. From reading the draft, this may be a client or a server certificate. Should we included additional details about the certificates themeselves? Should a workload be able to use the same certificate for client authentication and as a server? What are the extended key usage parameters that should be supported (can a cert have both)?
Commenting as identity enthusiast as opposed to WIMSE co-chair
Section 5 states that the identifier may be used in an X.509 certificate. From reading the draft, this may be a client or a server certificate. Should we included additional details about the certificates themeselves? Should a workload be able to use the same certificate for client authentication and as a server? What are the extended key usage parameters that should be supported (can a cert have both)?