Hi Dmitry
Great question. The Transaction Token draft does allow for the use of
SPIFFE SVIDs (section 7.6 of [1]) when authenticating clients, so this is
definitely functionality we believe should be supported.
JWT-SVID as Client Authentication
---
The
So I’ve been thinking of similar
> On 13 Feb 2025, at 01:24, Dmitry Telegin wrote:
>
> (Background: exploring the possibility of using SPIFFE as client
> authentication mechanism at the Transaction Token service.)
>
> JWT-SVIDs, defined in SPIFFE, are regular JWTs, though with some
> peculiar
It sounds like the SPIRE server is the AS. Which means that it must already
have the clients registered and house their public keys or else the client
signing doesn't work.
Does SPIRE somehow not have this information already?
On Thu, Feb 13, 2025, 01:25 Dmitry Telegin wrote:
> (Background: exp
