Proposal: Declarative Platform to Broker Authentication

[Samze]

Background

The specification originally supported basic authentication as the only mechanism for a platform to access a service broker. Due to the problems with basic authentication, the specification began supporting opaque bearer tokens. While this has the advantage of providing better security over basic auth, it has made the process of authentication open ended as the specification states that the bearer token oauth flow must be agreed upon out of band.

Problem statement

With basic authentication the specification allowed the operators to get the broker URL, username, password and register it with the platform. For the bearer flows, the operators need to know more information that is not contained in the specification about the broker such as, how is the token obtained and if they need to install additional systems in the platform. For a platform that wishes to register a large number of brokers, this increases the burden on the operators.

We propose a platform independent solution for authenticating with service brokers that can be added to the specification.

Proposal doc: https://docs.google.com/document/d/1L7Kjy729H4OOOSJpbXRaATixR1Tak0cYh2i3_N5QohU/edit#heading=h.4o538jsmlxp6

Sam & Jatin(@tinygrasshopper)