...
Other updates:
AAI will use AAF for Authentication/Authorization RBAC - currently planning on using Basic auth, since we haven't had success integrating with AAF to prove out a 2-way x509 cert exchange with AAF. We believe that this close to API freeze, forcing all clients to 2-way TLS is too steep a climb. We believe there also may be potential for integration with the proposed Pluggable Security Microservice, proposed by Andrew Baxter
...