<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:8pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;" dir="ltr">
<p style="margin-top:0;margin-bottom:0">I am trying to wrap my head around what that means... is it encrypted in any way? Does it transit outside K8s?<br>
</p>
<p style="margin-top:0;margin-bottom:0"><br>
</p>
<div id="Signature">
<div id="divtagdefaultwrapper" style="font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); font-family: Inconsolata, "EmojiFont", "Apple Color Emoji", "Segoe UI Emoji", NotoColorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSymbols;">
<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">
<div style="font-size:13px; font-family:Tahoma">
<div class="BodyFragment"><font size="2">
<div class="PlainText">Felipe Polo-Wood<br>
Sr. Manager Clinical Applications Technical Services</div>
<div class="PlainText">Duke Health Technology Solutions</div>
<div class="PlainText">3100 Tower Blvd. Office 270</div>
<div class="PlainText">Durham, NC 27707</div>
<div class="PlainText">Office: +1.919.668.2268<br>
Mobile: +1.919.741.4213<br>
</div>
</font></div>
</div>
</div>
</div>
</div>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> mitreid-connect-bounces@mit.edu <mitreid-connect-bounces@mit.edu> on behalf of Luiz Omori <luiz.omori@duke.edu><br>
<b>Sent:</b> Monday, February 26, 2018 11:29:41 AM<br>
<b>To:</b> mitreid-connect@mit.edu<br>
<b>Subject:</b> [mitreid-connect] Kubernetes Authorization with MitreID OIDC Server</font>
<div> </div>
</div>
<style>
<!--
@font-face
        {font-family:"Cambria Math"}
@font-face
        {font-family:Calibri}
p.x_MsoNormal, li.x_MsoNormal, div.x_MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Calibri",sans-serif}
a:x_link, span.x_MsoHyperlink
        {color:#0563C1;
        text-decoration:underline}
a:x_visited, span.x_MsoHyperlinkFollowed
        {color:#954F72;
        text-decoration:underline}
span.x_EmailStyle17
        {font-family:"Calibri",sans-serif;
        color:windowtext}
span.x_msoIns
        {text-decoration:underline;
        color:teal}
.x_MsoChpDefault
        {font-family:"Calibri",sans-serif}
@page WordSection1
        {margin:1.0in 1.0in 1.0in 1.0in}
div.x_WordSection1
        {}
-->
</style>
<div lang="EN-US" link="#0563C1" vlink="#954F72" style="background-color:white">
<div class="x_WordSection1">
<p class="x_MsoNormal"><span style="font-size:11.0pt">Yes, it works. See instructions here:
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__kubernetes.io_docs_admin_authentication_-23openid-2Dconnect-2Dtokens&d=DwMGaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=A3Yhle7nZIqZWq2hnFMxKnnaih9e8isMynaYEUQaOec&m=846ABQIAO1ZXrQn4e8wK8AbEOeHQ6rF5OfB1raTTgHw&s=fKQIqQm8cL4BhJX8iGpB5d1UnlpJA0VhILB7dvYnuZk&e=">
https://kubernetes.io/docs/admin/authentication/#openid-connect-tokens</a></span></p>
<p class="x_MsoNormal"><span style="font-size:11.0pt"> </span></p>
<p class="x_MsoNormal"><span style="font-size:11.0pt">Just one caveat: Kubernetes is using the ID Token as the Bearer. Not sure if I’ve seen any applications doing that before. Is this OK?</span></p>
<p class="x_MsoNormal"><span style="font-size:11.0pt"> </span></p>
<p class="x_MsoNormal"><span style="font-size:11.0pt">Regards,</span></p>
<p class="x_MsoNormal"><span style="font-size:11.0pt">Luiz</span></p>
</div>
</div>
</body>
</html>