- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Thu, 10 Jun 2021 10:54:43 -0400
- To: public-credentials@w3.org
On 6/10/21 9:59 AM, David Chadwick wrote: > one solution will be to require mutual TLS, where the authz token is the > caller's X.509 PKC, since this can address both authn and authz Yes, this was brought up by one of the other implementers and is a good example of "things we don't want to prevent from happening". Many enterprises depend on mutual TLS to secure API endpoints and it would be a mistake for the spec to say that doing so is not an appropriate mechanism for securing the endpoints. -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. blog: Veres One Decentralized Identifier Blockchain Launches https://tinyurl.com/veres-one-launches
Received on Thursday, 10 June 2021 14:57:26 UTC