Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-27154

Flexible way to extract identity from Client Certificates

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Major
    • 5.1.0, 5.5.0
    • 5.0.0
    • ns_server
    • Security Level: Public

    Description

      Some users of Couchbase Server encode the identity in client certificates in different ways for different kinds of users. E.g. for an application identity, the identity might be encoded in the SAN as:

      URI: urn:coolbiz:appid:profileservice

      Actual humans might be encoded as:

      URI: urn:coolbiz:user:ketaki

      It's desirable to have a scheme which is flexible enough to extract the identity out in either of these cases. It can be hard for Couchbase users to be able to always influence the way the SAN names are created.

      Attachments

        Issue Links

          blocks

          Improvement - An improvement or enhancement to an existing feature or task. MB-27232 Support for multiple {path, prefix, delimiter} tuples in client cert auth in kv_engine

          • Major - Major loss of function.
          • Closed
          depends on

          Improvement - An improvement or enhancement to an existing feature or task. MB-27231 Support for multiple {path, prefix, delimiter} tuples in client cert auth in ns_server

          • Major - Major loss of function.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              bharath.gp Bharath G P
              ketaki Ketaki Gangal (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty