Details
-
Improvement
-
Resolution: Fixed
-
Major
-
5.0.0
-
Security Level: Public
Description
Some users of Couchbase Server encode the identity in client certificates in different ways for different kinds of users. E.g. for an application identity, the identity might be encoded in the SAN as:
URI: urn:coolbiz:appid:profileservice
|
Actual humans might be encoded as:
URI: urn:coolbiz:user:ketaki
|
It's desirable to have a scheme which is flexible enough to extract the identity out in either of these cases. It can be hard for Couchbase users to be able to always influence the way the SAN names are created.