Hi Senaka, On Wed, Nov 2, 2011 at 8:51 AM, Senaka Fernando <[email protected]> wrote: >> * The URL, username and password of each remote instance are stored as a >> registry artifact in plain text. > > We need to encrypt this or find a better solution than storing in > plain-text. This is just at the POC-level yet, hence its easier when its > plain-text, so we'll get step #1 done right and then move to step #2. > > Thilina/Prabath, as in SSH, can't we have some form of Certificate-based > authentication for carbon? Do we always need WS-Security to do that? or > can't we just expose a non WS-Security based API for this using > AuthenticationAdmin.
Current authentication is based on - sending credentials over HTTPS - no ws-security involved - we can also write an authenticator for BE which can authenticate using client certs... Thanks & regards, -Prabath > > Thanks, > Senaka. >> >> How can I improve the above given scenarios ? Suggestions please. >> >> >> thanks, >> --Pradeep >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> > > > > -- > Senaka Fernando > Product Manager - WSO2 Governance Registry; > Associate Technical Lead; WSO2 Inc.; http://wso2.com > Member; Apache Software Foundation; http://apache.org > > E-mail: senaka AT wso2.com > P: +1 408 754 7388; ext: 51736; M: +94 77 322 1818 > Linked-In: http://linkedin.com/in/senakafernando > > Lean . Enterprise . Middleware > > -- Thanks & Regards, Prabath http://blog.facilelogin.com http://RampartFAQ.com _______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
