mhamann commented on issue #130: For the identity propagation, used a signed JWT to carry the credential downstream URL: https://github.com/apache/incubator-openwhisk-apigateway/issues/130#issuecomment-304536399 @shiup I think a signed JWT is probably the right way to go. If we sign it asymmetrically, that should enable the downstream server to validate it with a public key. If we do that, then we just have to figure out how to distribute said key. I think it should just be an endpoint that the gateway provides, which makes for easy retrieval by the downstream. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
With regards, Apache Git Services
