Hi
IMO seems like
EntitlementMediato<https://svn.wso2.org/repos/wso2/carbon/platform/trunk/components/identity/org.wso2.carbon.identity.entitlement.mediator/src/main/java/org/wso2/carbon/identity/entitlement/mediator/EntitlementMediator.java>r
approach
quite suitable and handy and I would think what it does for the time being
is _ _okay _ _ since Entitlement component is NOT resides within synapse
(need expert suggestion form IS since they are the one who implemented the
current approach) , according to the discussion had (with Kasun at el)
thought how we could probably include the same approach for
the components resides in synapse.
There we have identified the approach which registry getting intercepted
could be useful [2].We thought of introducing a security related component
[3] a kind of extension point where the SecurityInteceptors will
be initialized during init() and readily available in
*synapseConfiguration* during serialization or during run-time and
with that we could
probably utilize the attributes which required
for encrypt with special character or sequence as shown [1]
anyway I am still doing a feasibility study of the
described approach, may be there we might have jump few hurdles to get this
done without harming synapse API ..
really appreciate thoughts from IS for this approach, do you guys feel
any _ _ better more reliable approach than this _ _ ?
e.g
[1]
<twitter.config>
<parameter name="*enc:*oauth.consumerSecret"
value="EvTEzc3jj9Z1Kx58ylNfkpnuXYuCeGgKhkVkziYNMs"/> (if used enc: then
during serialization those values encrypited same can be integrated for
UI's even this might not be any issue when use DevS approach as well)
[2]
<registry provider="org.wso2.carbon.mediation.registry.WSO2Registry">
<parameter name="cachableDuration">15000</parameter>
</registry>
[3]
<registry provider="org.wso2.carbon.security.*SecurityInterceptor*">
*SecurityInterceptor
(class name or package not finalized yet)*
<parameter name="cachableDuration">15000</parameter>
</registry>
On Sat, Jul 20, 2013 at 7:17 PM, Sanjiva Weerawarana <[email protected]>wrote:
> Dushan connector creds are going to be user specific. So that means they
> have to be able to configure them in a user-accessible way .. and then the
> data needs to be stored in a secure vault of some kind.
>
> For UI driven configs that's easy - we get the password in the UI, store
> in the vault and refer to it in the mediator config.
>
> For hand edited synapse.xml stuff you'd need to let the user do the same.
> Do we have a per-user vault type concept?
>
> Sanjiva.
>
>
> On Fri, Jul 19, 2013 at 11:18 AM, Dushan Abeyruwan <[email protected]>wrote:
>
>> Hi
>> Regarding $subject, what would be the best way to accomplish ?
>> According to the EntitlementMediator implementation it seems
>> we are using a different approach as shown below [1], any reason which
>> prevent us moving to synapse secure vault and also seems there are zero
>> documentation related to Synapse secure vault configuration.
>>
>>
>> [1]
>>
>> https://svn.wso2.org/repos/wso2/carbon/platform/trunk/components/identity/org.wso2.carbon.identity.entitlement.mediator/src/main/java/org/wso2/carbon/identity/entitlement/mediator/EntitlementMediator.java
>>
>>
>> public void setRemoteServicePassword(String remoteServicePassword) {
>> if (remoteServicePassword.startsWith("enc:")) {
>> try {
>> * this.remoteServicePassword = new
>> String(CryptoUtil.getDefaultCryptoUtil()*
>> *
>> .base64DecodeAndDecrypt(remoteServicePassword.substring(4)));*
>> } catch (CryptoException e) {
>> log.error(e);
>> }
>> } else {
>> this.remoteServicePassword = remoteServicePassword;
>> }
>> }
>>
>> Cheers,
>> Dushan Abeyruwan
>> Associate Tech Lead
>> *Integration Technologies Team*
>> *WSO2 Inc. http://wso2.com/*
>> *Mobile:(+94)714408632*
>>
>> _______________________________________________
>> Architecture mailing list
>> [email protected]
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> Sanjiva Weerawarana, Ph.D.
> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/
> email: [email protected]; phone: +94 11 763 9614; cell: +94 77 787 6880 | +1
> 650 265 8311
> blog: http://sanjiva.weerawarana.org/
>
> Lean . Enterprise . Middleware
>
> _______________________________________________
> Architecture mailing list
> [email protected]
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
--
Dushan Abeyruwan
Associate Tech Lead
*Integration Technologies Team*
*WSO2 Inc. http://wso2.com/*
*Mobile:(+94)714408632*
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
