Evan Gilman

Something like this would be super useful for us

You'd have to write code that would interact with the stream and send updates to the client as they occur. The client would not be a native observer. The approach...

Hello! Not sure if you saw, but draft-ietf-oauth-mtls now supports [SPIFFE IDs via SAN URI](https://tools.ietf.org/html/draft-ietf-oauth-mtls-14#section-2.1.2)

> We might also write this up as an academic paper or a blog and try to get > relevant folks at Microsoft to take a look... 😍 What can...

Small and tangential update for anyone who may be following along here: > With the introduction of Windows support is also support for a TCP-based listener. We did not want...

Hello again - we've been unable to get any non-maintainer review of this code so far. It was merged some weeks ago already, and will probably be officially released sometime...

Hi @lumjjb sorry for the delay, I've been out on leave We were never able to get a review of the code in question, but it's never too late and...

Thank you so much for opening this @noxora As I mentioned during our SIG-SPIRE call today, this problem is (as you've pointed out) pervasive. The outcome is a poor diagnostics...

I like option 3 because it feels like a solution to the underlying problem. I believe we already store timestamps in the DB under the covers, perhaps that can be...

One option could be to move the agent to use SPIFFE bundle for bootstrapping exclusively by introducing new config names and deprecating the old ones. The URL feature could then...