>There was mutually-authenticated SSL, but the required key distribution seemed too hard, especially at scale.
>There are several open source security services out there. Use them!
Something like https://www.vaultproject.io/ would be a solid foundation for either running your own CA with narrowly scoped / time limited TLS client certs, or managing secrets for generating signed identity assertions, e.g. a JWT.
>There are several open source security services out there. Use them!
Something like https://www.vaultproject.io/ would be a solid foundation for either running your own CA with narrowly scoped / time limited TLS client certs, or managing secrets for generating signed identity assertions, e.g. a JWT.