We need the ability for external clients (clients in another trusted environment) to connect to the an esp service with a certificate (the new DFS service is the use case).
Some of this may already be in place/doable, but I think we need:
1) a mechanism to generate and export certificates for external use.(admin only).
2) Allow for client esp interfaces to plug these certificates into their use of the client interfaces.
e.g. an external client creates an instance of a IClientWsDfs, and it needs to provide the certificate which allows it to connect to the service url.
I presume that certificate will be stored in a secret on the client side which the engines will use when connecting to the remote DFS service.
afishbeck - probably needs further discussion.