Idea: Use keyring to authenticate?

[vdice]

Support for signing and verification of bindles, both on the client and server side, will soon be fully implemented. So, client and server both must have their own secret keys as well as access to keyrings with accepted public keys for signing and verification actions.

I'm wondering if we also want to use these same assets for the purposes of authentication between client and server? (Currently, bindle supports basic auth and oidc in this realm.)

The main use case I'm envisioning is a server configured with a keyring of approved public keys and operators wish to only allow endpoint requests (regardless of type) from this same set of identities.

Would this be muddying the waters and/or overextending the key/identity logic in bindle?

[thomastaylor312]

It might be muddying the waters, but I really like the idea. The initial setup would be a bit gnarly, but after that it could be nice. @fibonacci1729 or @technosophos any thoughts here?

[technosophos]

Effectively, yes... you could do that. Option A would be to say "any key in the keyring with roles (X, Y, Z) can be used to authenticate". Option B would be to retain a separate map that says that "users (A, B, C) can auth by verifying their key ownership"