Service Account custom attributes

#1

Is there any way to add custom attributes (claims) to a Service Account? Specifically I am looking for a way that when Namespace1.ServiceA makes a request to Namespce2.ServiceB, SerivceB can identify who (which service) is making that call and act accordingly. Previously we were using a JwtToken with each request to build a identity but I am hoping that we can replace that flow with something from Istio. I can read the namespace and service account from the x-forwarded-client-cert header and then reading the URI subelement and parsing that URI. While this works, it feels like that is not the intended use of that header and I am worried about relying on something like that. Basically I am hoping that Istio can inject a set of custom attributes based on the config of the service account or some other means.

Thanks.