On Fri, Jan 5, 2018 at 10:08 AM, Hasintha Indrajee <[email protected]> wrote:
> > > On Thu, Jan 4, 2018 at 4:32 PM, Hasanthi Purnima Dissanayake < > [email protected]> wrote: > >> Hi All, >> >> Following tasks are identified for the implementation for the $subject. >> >> 1. Move the logic of validating the token API invocation request to >> validate required parameters for JWT client authentication to >> PrivatekeyJWTClientAuthHandler >> 2. Introduce a new interface to read the public certificate. >> - Certificate can be read from keystore >> - Certificate can be read from db >> > > So this has to work with SP wise certificates which we are planing to > implement and currently in progress. Given the timelines I think we can > implement this extension for reading certificate per SP from DB. Hence > let's add this also to the scope since it adds a value and also we don't > need to worry about restarting servers once a certificate is added. > > Anyway we need per SP certificate in this case. Hence the best approach is > to use this new feature which is done by Rushmin. Previous way of > implementation is just a workaround. Also we should support previous way as > well through a config in order to cater backward compatibility. > > Yes, we should align this task with the 'per SP certificate storing' feature. We had a discussion about this. (I will send a seperate mail on that.) The outcome was not to have a configuration. I will explain it on the other mail. > - Certificate can be read from any other means >> 3. Data which will be persisted in IDN_JWT_PRIVATE_KEY can be grown >> rapidly which may cause to some performance issues. So need to implement a >> cleanup script based on the expiration time of the JWT. >> 4. Honour the UI configuration for confidential applications which is >> discussed in mail [1] >> >> Apart from above need to consider on following tasks: >> 1. Improving the unit tests of the repository >> 2. Improve the documentations for the $subject. >> >> >> [1] Confidential Aplications in OAuth2 Flow >> >> Thanks, >> -- >> >> Hasanthi Dissanayake >> >> Senior Software Engineer | WSO2 >> >> E: [email protected] >> M :0718407133 <071%20840%207133>| http://wso2.com <http://wso2.com/> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Hasintha Indrajee > WSO2, Inc. > Mobile:+94 771892453 <+94%2077%20189%202453> > > -- *Best Regards* *Rushmin Fernando* *Technical Lead* WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware mobile : +94775615183
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
