Mutually Authenticating TLS in the context of Federations (MATF) is a framework that secures machine-to-machine communications within a group of trusted networks, called a federation. It uses three main tools to build trust:
Signed Metadata: A central record—maintained by the federation operator—lists all trusted participants along with their security details (such as public key fingerprints and approved certificate issuers). This metadata is digitally signed to ensure it hasn’t been tampered with.
Public Key Pinning: Each trusted server or client has a known public key stored in the federation metadata. When a connection is made, the presented certificate’s public key is compared to the stored value. If they match, the connection proceeds; if not, it is dropped.
Mutual TLS: Both clients and servers present their certificates during a connection. This two-way check confirms the identity of both parties.
MATGS establishes a secure and self-contained trust model within a federation. Every member is vetted and must meet strict security requirements before being included in the trusted metadata repository. This structured approach enhances security, ensures interoperability, and simplifies service discovery, making it easier for organizations to establish secure connections.
✔ Signed Metadata – The centrally maintained, digitally signed record ensures that trust data is accurate and up to date.
✔ Mutual TLS – Both ends of every connection prove their identity with certificates, providing a solid two-way authentication.
✔ Decentralized Trust – Trust is established within the federation itself, starting with the metadata signing key as the trust anchor. Each member is carefully vetted and must follow defined security practices.
MATF is designed to be practical and scalable. Whether for small networks or large national systems, it provides a clear, simple method for establishing and maintaining secure connections between trusted entities.