|
|
Post by josephreynolds1 on Aug 13, 2020 1:58:00 GMT
What is Redfish's direction for supporting authentication schemes such as mTLS HTTPS and OAuth?
|
|
|
|
Post by josephreynolds1 on Aug 18, 2020 18:25:23 GMT
I see it now: DSP0266 version 1.9.1, section 13.3 (Authentication) states:
> Services:
> • Shall support both HTTP Basic authentication and Redfish session login authentication.
> • Shall not require a client that uses HTTP Basic authentication to create a session.
> • May implement other authentication mechanisms.
In this view, OpenBMC's mTLS implementation is an "other authentication mechanism". I don't need any spec changes for that.
OpenBMC has not yet started and is still looking for direction for OAuth.
|
|
|
|
Post by mraineri on Aug 25, 2020 15:49:55 GMT
From customer feedback, there has been a stated desire for password-less authentication. The Redfish Forum is looking to standardize on existing methodologies in this space. Currently there is a desire for adopting OAuth based on the prevalence of its usage in customer environments. The Redfish Forum is open to looking at other solutions in the future if there's a need to add support beyond OAuth.
|
|
|
|
Post by josephreynolds1 on Sept 28, 2020 17:52:12 GMT
|
|
