[jira] [Comment Edited] (SLING-5760) Allow to support certificate based authentication in Distribution transport

Mon, 13 Jun 2016 06:24:39 -0700 

    [ 
https://issues.apache.org/jira/browse/SLING-5760?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15327351#comment-15327351
 ] 

Marius Petria edited comment on SLING-5760 at 6/13/16 1:23 PM:
---------------------------------------------------------------

Hi [~marett],
I briefly looked over the API. Note that {{distribution.core}} does not expose 
API so the {{SimpleDistributionTransportContext}} is not public, hence clients 
that implement a provider need to make their own implementation, and therefore 
they will implement also a {{DistributionContext}}. In my opinion that makes 
{{DistributionContext}} a {{ConsumerType}}.


was (Author: mpetria):
Hi [~marett],
I briefly looked over the API. Note that {{distribution.core}} does not expose 
API so the {{SimpleDistributionTransportContext}} is not public, hence clients 
that implement a provider need to make their own implementation, and therefore 
they will implement also a {{DistributionContext}}. In my opinion that makes 
{{DistributionContext} a {{ConsumerType}}.

> Allow to support certificate based authentication in Distribution transport
> ---------------------------------------------------------------------------
>
>                 Key: SLING-5760
>                 URL: https://issues.apache.org/jira/browse/SLING-5760
>             Project: Sling
>          Issue Type: Improvement
>          Components: Distribution
>    Affects Versions: Content Distribution Core 0.1.18
>            Reporter: Timothee Maret
>            Assignee: Timothee Maret
>             Fix For: Content Distribution 0.2.0
>
>         Attachments: SLING-5760.patch
>
>
> Certificate based authentication is an alternative to the basic 
> authentication currently available for Distribution transport. Certificate 
> based authentication is done during the SSL handshake iff the target instance 
> is configured to require or accept client client authentication. This client 
> authentication scheme is a logical complement when connecting to endpoints 
> serving over https. This result in authenticating both the source and the 
> target using SSL.
> The client certificate and private key are required to complete the SSL 
> handshake. By default, the JRE will use the default {{KeyStore}} to retrieve 
> those informations. However, in some platforms such as Adobe Granite, there 
> is the ability to specify custom {{KeyStore}} based on user. For those 
> platforms, the custom {{KeyStore}} can be provided with a 
> {{javax.net.ssl.SSLContext}} which also contains a custom {{TrustStore}}.
> This issue tracks allowing to leverage certificate based authentication using 
> a custom {{javax.net.ssl.SSLContext}} in Distribution transport.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to