On Tue, Apr 18, 2017 at 11:51 AM, Asela Pathberiya <[email protected]> wrote:
> > > On Mon, Apr 17, 2017 at 12:00 PM, Godwin Shrimal <[email protected]> wrote: > >> +1 to have separate keystores for secure vault & token signing. Any >> reason/use case to have separate kesytores for each token signing ? Will it >> not add more overhead on deployment and maintenance ? With the custom >> inbound authenticator feature you can plug your own inbound authenticator >> and then we have to think which token signing keystore we use ? >> > > Usually one private key is enough for token signing. But; if SP/IDP > restricts to use a privatekey which is signed by a given CA (custom CA), > we may need to configure more keystores.. > > >> >> >> Thanks >> Godwin >> >> On Wed, Apr 12, 2017 at 5:58 PM, Asela Pathberiya <[email protected]> wrote: >> >>> Hi All, >>> >>> According to the current design; KeyStore which is defined in the >>> carbon.xml file is used for both secure vault & token signing >>> (SAML/id_token) which is not a good design. We need to keep that separate >>> keystore for secure vault as it can not be modified. >>> >>> Also; To add more flexibility; it is better to have separate keystore >>> for each token signing. I know we can extend & achieve this, but default >>> implementation would be great. >>> >>> Shall we add this to next WSO2IS release as this is a simple improvement >>> ? >>> >> Can someone confirm whether this is in WSO2IS road map ? > >>> Thanks, >>> Asela. >>> >>> -- >>> Thanks & Regards, >>> Asela >>> >>> ATL >>> Mobile : +94 777 625 933 <+94%2077%20762%205933> >>> +358 449 228 979 >>> >>> http://soasecurity.org/ >>> http://xacmlinfo.org/ >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> *Godwin Amila Shrimal* >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> >> mobile: *+94772264165* >> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* >> twitter: https://twitter.com/godwinamila >> <http://wso2.com/signature> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Thanks & Regards, > Asela > > ATL > Mobile : +94 777 625 933 <+94%2077%20762%205933> > +358 449 228 979 > > http://soasecurity.org/ > http://xacmlinfo.org/ > -- Thanks & Regards, Asela ATL Mobile : +94 777 625 933 +358 449 228 979 http://soasecurity.org/ http://xacmlinfo.org/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
