Skip to content

GEP: Client Certificate Verification for Gateway Listeners #91

New issue
New issue
Open
Feature
#2080
Open
GEP: Client Certificate Verification for Gateway Listeners#91
Feature
#2080
Assignees
arkodg
Labels
kind/featureCategorizes issue or PR as related to a new feature.kind/gepPRs related to Gateway Enhancement Proposal(GEP)kind/user-storyCategorizes an issue as capturing a user storypriority/backlogHigher priority than priority/awaiting-more-evidence.priority/important-longtermImportant over the long term, but may not be staffed and/or may need multiple releases to complete.
Milestone
 
v1.4.0
@jpeach

Description

@jpeach
jpeach
opened on Feb 14, 2020

What would you like to be added:

The ability for a HTTPS (or TLS generally) endpoint to require that the client present a certificate that can be validated according to some configurable policy.

Why is this needed:

As an application developer, I want to restrict access to my application to a certain audience of clients. The audience is defined by one or more of

  • a collection of specific TLS certificates (maybe by hash)
  • a collection of subject names in certificates
  • a collection of certificates issued by a specific (unique) CA

I want the infrastructure to guarantee that I only receive client traffic that originates from this audience.

/kind user-story

Metadata

Metadata

Assignees

Labels

kind/featureCategorizes issue or PR as related to a new feature.kind/gepPRs related to Gateway Enhancement Proposal(GEP)kind/user-storyCategorizes an issue as capturing a user storypriority/backlogHigher priority than priority/awaiting-more-evidence.priority/important-longtermImportant over the long term, but may not be staffed and/or may need multiple releases to complete.

Type

Projects

Gateway API Enhancement Proposals (GEPs)

Status

Provisional
Release v1.4.0

Status

Next

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions