On Tue, Mar 15, 2011 at 4:56 PM, Dimuthu Leelarathne <[email protected]>wrote:
> > Hi, > > On Tue, Mar 15, 2011 at 2:30 PM, Paul Fremantle <[email protected]> wrote: > >> 1) I'm still having trouble building :-( >> >> 2) Is there a way we can display the "amqp://etc" url for the queue in the >> List Queues page? This would help coders a LOT getting it right. >> >> 3) At the moment, the queue permissions are based on users, for all >> aspects. >> a) This just won't work when this is plugged into LDAP. We need another >> approach. >> b) I agree that MessageBox and JMS-Created queues should have user based >> permissions, but if I create a queue via the admin console, permissions >> should be based on role. >> c) Even when its based on user the column title says "Role" >> >> 3) I don't understand the SQS secret key part. >> a) I'd expect to see both an access key and a secret key >> > > I need to clarify something regarding this "access key" and "secret key". > Right now access key is username and secret key is D for SQS. I think we can > keep it the same and implement your algorithm with minimal changes to UM. So > here is the implementation, > > 1) Generate X on server on first server start up and store it securely. We > can encrypt it using server's public key > 2) When user request for a SQS key, generate D and store it in UM using > userStore.addUser(String username, String password) as follows. > userStore.addUser(SecureHash(U+X), D+X) - we store password hashed. > 3) Show D to user. User's access key is username and user's secret key is D > 4) When user sends SQS requests using D, check the validity as follows. > userStore.authenticate(SecureHash(U+X), D+X) > hi Dimuthu, SQS users do not send their secret key with the request message. They will send Acesskey + signature of (Timestamp + action) with the secret key. (In other word secret key is a shared secret between the client and server which is used as a symatric key). So from the UM there should be a mechanisum to get the scret key by providing the access key in order to do the signature verification. Currently this secret key is stored in the registry. What we disscussed was to derive this from the password and access from the UM. thanks, Amila. > 5) If the user is validated (i.e. authenticate is passed) the signature is > generated using D+X > > If it is done this way we need not show two keys to user. Of cause we can > show to keys to user as well, i.e. in place of username we can show > SecureHash(U+X). But is it a requirement? > > Thanks, > Dimuthu > > > > >> b) I don't expect the user to change these: I thought they were going to >> be calculated. >> >> More feedback when I finally get it to build :-) >> >> Paul >> >> -- >> Paul Fremantle >> CTO and Co-Founder, WSO2 >> OASIS WS-RX TC Co-chair, VP, Apache Synapse >> >> Office: <%2B44%20844%20484%208143>+44 844 484 8143 >> Cell: <%2B44%20798%20447%204618>+44 798 447 4618 >> >> blog: http://pzf.fremantle.org >> twitter.com/pzfreo >> [email protected] >> >> wso2.com Lean Enterprise Middleware >> >> Disclaimer: This communication may contain privileged or other >> confidential information and is intended exclusively for the addressee/s. If >> you are not the intended recipient/s, or believe that you may have received >> this communication in error, please reply to the sender indicating that fact >> and delete the copy you received and in addition, you should not print, >> copy, retransmit, disseminate, or otherwise use the information contained in >> this communication. Internet communications cannot be guaranteed to be >> timely, secure, error or virus-free. The sender does not accept liability >> for any errors or omissions. >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
