User story
As a deployer, I want to choose how the Edge Cookie identity is derived, or run with none, so that identity is a deliberate configuration choice rather than a fixed behavior.
Description
The Edge Cookie identity is currently hard-wired as an HMAC-SHA256 value over the client IP. Introduce an EdgeCookieProvider interface selected by configuration, with a built-in HMAC provider that preserves today's behavior. There is no default selection, so with no provider chosen Trusted Server runs statelessly. Trusted Server stays neutral on policy here, and the deployer decides whether to derive an identity and how.
Done when
- An
EdgeCookieProvider interface is selected by [ec] provider.
- A built-in HMAC provider reproduces the current identifier.
- With no provider selected, no Edge Cookie is created and the request proceeds.
- Identifier comparison is a provider operation, so a provider whose identifiers wrap the same payload in different envelopes can compare by payload.
- A provider can return response headers (for example to request more client evidence on a later request).
References
User story
As a deployer, I want to choose how the Edge Cookie identity is derived, or run with none, so that identity is a deliberate configuration choice rather than a fixed behavior.
Description
The Edge Cookie identity is currently hard-wired as an HMAC-SHA256 value over the client IP. Introduce an
EdgeCookieProviderinterface selected by configuration, with a built-in HMAC provider that preserves today's behavior. There is no default selection, so with no provider chosen Trusted Server runs statelessly. Trusted Server stays neutral on policy here, and the deployer decides whether to derive an identity and how.Done when
EdgeCookieProviderinterface is selected by[ec] provider.References