PieterKas
PieterKas
https://github.com/SGNL-ai/authzapi/blob/5937da2ca3a3ed189bb066ce2f75c9bd5e0a380d/authorization-api-1_0.md?plain=1#L177C1-L177C1 It would be good to include details of how the extensibility might work.
I have seen machine identities used to mean all non-human entities (including devices and workloads). Still not perfect, but perhaps better than robotic?
https://github.com/SGNL-ai/authzapi/blob/5937da2ca3a3ed189bb066ce2f75c9bd5e0a380d/authorization-api-1_0.md?plain=1#L319 This feels like it will be error prone in implementation. I onder if we can avoid that risk by prohibiting overlapping scopes?
https://github.com/SGNL-ai/authzapi/blob/5937da2ca3a3ed189bb066ce2f75c9bd5e0a380d/authorization-api-1_0.md?plain=1#L103C12-L103C12 The header inidcates that this is about Authorization but then proceeds to reference authentication. Perhaps alternative wording can avoid this (e.g. "API calls SHALL be authorized with OAuth 2.0...
**Background** As part of the review of the Trust Bundle Map PR (https://github.com/spiffe/spiffe/pull/304) the topic of how to protect the trust bundle map came up. A common approach relies on...
The draft has extensive reference to access tokens in the security considerations section, but appears silent on refresh tokens. Consider adding a security considerations for Refresh tokens that references the...