Dimitrij Drus

Thanks for the question, Eddie! This presentation is part of my effort to align heimdall more closely with the CNCF security community, as suggested by the TOC. While I previously...

Work on this PR will continue as soon as #1534 is merged

Just to ensure my assumptions are correct as we didn't talk about the actual usage options. I see the following ones: 1. Using a finalizer, which would sign parts of...

Ok. Thank you for clarification. In that case we're talking about the so called authentication strategy which can be applied to an endpoint (https://dadrus.github.io/heimdall/v0.14.2-alpha/docs/configuration/types/#_authentication_strategy). Should we rename the FR to...

@aslafy-z: Thank you very much for the FR. I’ve added it to the "Future" backlog for now. This means that once the currently planned release is ready and published, I’ll...

Frankly speaking, the original intent behind its implementation was to support multiple different sources for authentication data (like e.g. possible with kratos) and handle scenarios involving header/cookie splitting. I have...

After reviewing the current implementation and evaluating the alternatives outlined in the description, I believe it’s better to take the necessary time for a well-thought-out design. While I initially called...

I'm indeed using an approach similar to the one you've mentioned right now - setting a specific field. IMO it is not the optimal one.

I recently added the ossf scorecard to my project (https://github.com/dadrus/heimdall) and unfortunately was hit by the lack of keyless signing support, which obviously provides the required attestation. Without this support,...

@laurentsimon: Could you please share a link to the corresponding PR? I would like to understand whether it would solve the issue I'm currently facing. .sigstore file doesn't say anything...