+1 to have separate keystores for secure vault & token signing. Any reason/use case to have separate kesytores for each token signing ? Will it not add more overhead on deployment and maintenance ? With the custom inbound authenticator feature you can plug your own inbound authenticator and then we have to think which token signing keystore we use ?
Thanks Godwin On Wed, Apr 12, 2017 at 5:58 PM, Asela Pathberiya <[email protected]> wrote: > Hi All, > > According to the current design; KeyStore which is defined in the > carbon.xml file is used for both secure vault & token signing > (SAML/id_token) which is not a good design. We need to keep that separate > keystore for secure vault as it can not be modified. > > Also; To add more flexibility; it is better to have separate keystore for > each token signing. I know we can extend & achieve this, but default > implementation would be great. > > Shall we add this to next WSO2IS release as this is a simple improvement ? > > Thanks, > Asela. > > -- > Thanks & Regards, > Asela > > ATL > Mobile : +94 777 625 933 <+94%2077%20762%205933> > +358 449 228 979 > > http://soasecurity.org/ > http://xacmlinfo.org/ > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Godwin Amila Shrimal* WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: *+94772264165* linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* twitter: https://twitter.com/godwinamila <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
