Yes, that’s exactly what we’re going for!
Our use case is fairly specific (or at least I think so), our clients are banking institutions which are notoriously slow to adopt new technologies, which makes adopting JWT or even OAuth very difficult, the particular service that is going to implement this is going to be called from a Cobol application that won’t support any form of authentication.
We also decided against Basic auth or API keys because our clients rarely secure them or use them correctly (that’s without taking into account all security issues).
We don’t have a specific requirement for it to be a fingerprint auth, what we need is client authentication via SSL certificates (this would include mTLS + checking client identity via SSL certificate), which, to my understanding isn’t fully done by enabling mTLS.
I think it if Istio could auth against an IP/Cert hash/Cert fingerprint list would be great, but I can’t ascertain how popular would that auth method be.