Establishing Trust relationship between Backbone and Authority using mTLS

[boris-cremit]

Is there an existing issue for this?

• I have searched the existing issues

Reference Issues

No response

Problem

The authority server must notify the backbone server that it will be used as the authority server for ABE. If this process occurs without any authorization procedures, an authority server could be registered to the backbone without the administrator's permission. An arbitrarily registered authority server could complicate vault management and lead to secret leaks due to careless use. Therefore, the backbone server must establish authentication/authorization mechanisms for the authority server.

Describe the solution you'd like

This issue can be resolved by implementing communication between the backbone server and the authority server via mTLS, as follows:

1. The backbone server issues a certificate for mTLS communication.
2. Configure the issued certificate on the authority server.
3. The authority server attempts to establish an mTLS connection using the issued certificate when communicating with the backbone server.
4. The backbone server verifies whether the certificate presented by the authority server was issued by itself.

Additional context

No response