An update on the HTTPS client certificate issue

Attention conservation notice: If you’re here for the food, you can skip this post — maybe another recipe post coming towards the end of the month.

I wrote a while back about moves in the browser world to deprecate client certificate authentication. Things have moved on a bit, and at work today I did a presentation and community discussion about the issue and what we’re going to do about it. (Summary: in the near term, we’ll be adopting OpenID Connect to centralize the actual authentication piece of this, which will allow us to swap in other mechanisms — or delegate the actual authentication to someone else — as alternatives become available.) My slides are available although (because of the room it was held in) neither the talk itself nor the discussion afterward were recorded.

This entry was posted in Computing and tagged , , , . Bookmark the permalink.