Add backend mTLS authentication to HTTP dataplane

[arnoweiss]

TX EDC adapts to backend HTTP APIs by implementing the client flow for a set of authentication technologies. For example, a Data Provider can configure static API keys and credentials for the OAuth2 client credential grant. When a TransferProcess finalizes, the dataplane exchanges the EDR-tokens against whatever authZ/authN is required by the backend.

Some backend API servers require presentation of a certificate according to the mTLS handshake. I haven't found a way to configure client certificates in an EDC asset. When implementing, this might be achieved by loading certificates from the vault.

[ndr-brt]

This feature is definitely not provided out of the box by the EDC.

This could require a completely different DataAdress type, like HttpTls or similar, because there will be the need of a custom client to be used for that specific call (see okhttp-tls).

[arnoweiss]

Thanks for the context, I'll consider building a PoC