On Mon, Apr 17, 2017 at 12:00 PM, Godwin Shrimal <[email protected]> wrote:
> +1 to have separate keystores for secure vault & token signing. Any > reason/use case to have separate kesytores for each token signing ? Will it > not add more overhead on deployment and maintenance ? With the custom > inbound authenticator feature you can plug your own inbound authenticator > and then we have to think which token signing keystore we use ? > Usually one private key is enough for token signing. But; if SP/IDP restricts to use a privatekey which is signed by a given CA (custom CA), we may need to configure more keystores.. > > > Thanks > Godwin > > On Wed, Apr 12, 2017 at 5:58 PM, Asela Pathberiya <[email protected]> wrote: > >> Hi All, >> >> According to the current design; KeyStore which is defined in the >> carbon.xml file is used for both secure vault & token signing >> (SAML/id_token) which is not a good design. We need to keep that separate >> keystore for secure vault as it can not be modified. >> >> Also; To add more flexibility; it is better to have separate keystore >> for each token signing. I know we can extend & achieve this, but default >> implementation would be great. >> >> Shall we add this to next WSO2IS release as this is a simple improvement ? >> >> Thanks, >> Asela. >> >> -- >> Thanks & Regards, >> Asela >> >> ATL >> Mobile : +94 777 625 933 <+94%2077%20762%205933> >> +358 449 228 979 >> >> http://soasecurity.org/ >> http://xacmlinfo.org/ >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > *Godwin Amila Shrimal* > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94772264165* > linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* > twitter: https://twitter.com/godwinamila > <http://wso2.com/signature> > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thanks & Regards, Asela ATL Mobile : +94 777 625 933 +358 449 228 979 http://soasecurity.org/ http://xacmlinfo.org/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
