httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: Small things to do
Date Wed, 09 Nov 2011 10:02:46 GMT
On 09 Nov 2011, at 1:52 AM, Daniel Ruggeri wrote:

>   One thing I know for certain that does not fall in line with this is
> if some.where.back.there and some.where.different are signed out of  
> the
> same CA, but you wish to send different client certs based on path  
> (such
> a use case exists, silly as it may seem in my eyes).

That would be the use case, yes.

We have a service oriented platform that is hardened end to end, in  
other words services are client cert protected, and apps must strongly  
authenticate to use the service using their own client cert. Sometimes  
the apps need to expose the URL space of the service directly (for the  
benefit of ajax, etc), but currently can't using a simple proxypass  
because the app next door needs to expose a different service with a  
different client cert.

As to the use case being silly, we live in an age of the cloud, where  
one app at location A is referencing a service in location B, with an  
unsecured network in between. Times have changed :)

Regards,
Graham
--


Mime
View raw message