Write ADR for X509 Verification of Matrix devices
Problem:
- To increase trust against other users and avoid expose of personal data it is required that only authorized devices can connect to BundID services.
Goal:
Define how X509 device verification will work for public agencies.
ACs:
- Outline X509 device verification process.
- Discuss security considerations (Do we have to discuss server side or X509 certificate issuing threats?)
- Requirements for multi device (verification for each device versus verification on signing key base).
- Create ADR.
- Document ADR here -> https://gitlab.opencode.de/fitko/matrix-g2x/solution-architecture/-/blob/main/09_architecture_decisions.md
Notes/ resources:
- Related ticket: #2
- Requirements uIDs: Zapuk_109; LB_32; LB_36; LB_38
Edited by icarl