On Thu, Apr 20, 2017 at 3:27 PM, Asela Pathberiya <[email protected]> wrote:
> > > On Tue, Apr 18, 2017 at 11:51 AM, Asela Pathberiya <[email protected]> wrote: > >> >> >> On Mon, Apr 17, 2017 at 12:00 PM, Godwin Shrimal <[email protected]> wrote: >> >>> +1 to have separate keystores for secure vault & token signing. Any >>> reason/use case to have separate kesytores for each token signing ? Will it >>> not add more overhead on deployment and maintenance ? With the custom >>> inbound authenticator feature you can plug your own inbound authenticator >>> and then we have to think which token signing keystore we use ? >>> >> >> Usually one private key is enough for token signing. But; if SP/IDP >> restricts to use a privatekey which is signed by a given CA (custom CA), >> we may need to configure more keystores.. >> >> >>> >>> >>> Thanks >>> Godwin >>> >>> On Wed, Apr 12, 2017 at 5:58 PM, Asela Pathberiya <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> >>>> According to the current design; KeyStore which is defined in the >>>> carbon.xml file is used for both secure vault & token signing >>>> (SAML/id_token) which is not a good design. We need to keep that separate >>>> keystore for secure vault as it can not be modified. >>>> >>>> Also; To add more flexibility; it is better to have separate keystore >>>> for each token signing. I know we can extend & achieve this, but default >>>> implementation would be great. >>>> >>>> Shall we add this to next WSO2IS release as this is a simple >>>> improvement ? >>>> >>> > Can someone confirm whether this is in WSO2IS road map ? > Are you referring to private key per SP or private key per inbound protocol? BTW, Shariq is implementing externalizing the siging and encryption part [1]. Private key per SP would be a extended implementation of this. I am not sure if we need private key per inbound protocol. If needed we can again extend the implementation. [1] https://redmine.wso2.com/issues/2156 Regards, Johann. > >> >>>> Thanks, >>>> Asela. >>>> >>>> -- >>>> Thanks & Regards, >>>> Asela >>>> >>>> ATL >>>> Mobile : +94 777 625 933 <+94%2077%20762%205933> >>>> +358 449 228 979 >>>> >>>> http://soasecurity.org/ >>>> http://xacmlinfo.org/ >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> *Godwin Amila Shrimal* >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: *+94772264165* >>> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* >>> twitter: https://twitter.com/godwinamila >>> <http://wso2.com/signature> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Thanks & Regards, >> Asela >> >> ATL >> Mobile : +94 777 625 933 <+94%2077%20762%205933> >> +358 449 228 979 >> >> http://soasecurity.org/ >> http://xacmlinfo.org/ >> > > > > -- > Thanks & Regards, > Asela > > ATL > Mobile : +94 777 625 933 <+94%2077%20762%205933> > +358 449 228 979 > > http://soasecurity.org/ > http://xacmlinfo.org/ > -- Thanks & Regards, *Johann Dilantha Nallathamby* Technical Lead & Product Lead of WSO2 Identity Server Governance Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
