On Wed, May 29, 2013 at 11:59 AM, Prabath Siriwardena <[email protected]>wrote:
> > > On Wed, May 29, 2013 at 11:47 AM, Amila Suriarachchi <[email protected]>wrote: > >> >> >> >> On Wed, May 29, 2013 at 11:19 AM, Paul Fremantle <[email protected]> wrote: >> >>> I understand the picture. What I don't understand is the statement "it >>> will be more convenient". Can you please explain why Mutual SSL is more >>> convenient than OAuth? It certainly is less convenient for the ops guys who >>> has to set it up! >>> >> >> If we use OAuth we need to have an access token. How to generate this >> access token and where to store that? If we compare this with mutual SSL >> there is a standard way to generate the certificates .Company may already >> have a certificate and we can use jks to store them. >> >> The problem with the Mutual SSL is once we enable Mutual SSL for a port >> we can not communicate with that port through a browser. So we may need to >> use two ports one for browser and other for mutual SSL. >> > > You can make mutual SSL optional and validate it at the application level. > In that case there won't be any issue when access from the browser. This is > how we mutual for selected services in ESB. > > Can we have a quick meeting with the security team regarding this today?
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
