Ted Ross created DISPATCH-204:
---------------------------------
Summary: Identity mapping from X.509 certificate data to a
descriptive nickname
Key: DISPATCH-204
URL: https://issues.apache.org/jira/browse/DISPATCH-204
Project: Qpid Dispatch
Issue Type: New Feature
Components: Container
Reporter: Ted Ross
Assignee: Ganesh Murthy
Fix For: 0.7
This is an enhancement for the feature introduced in DISPATCH-200 (Flexible
mapping from x.509 certificates to an identity).
There are cases in which the best identifier for a client certificate is the
fingerprint. Since the fingerprint is not very user/operator-friendly, it is
useful to provide a facility to map the DISPATCH-200 identifier to a more
people-friendly nickname.
The mappings shall be held in a persistent store (a json-file in the config
directory would be a good start). The only available management operation on
this data set shall be to reload the data file, presumably with updated
mappings. It would be a potential security vulnerability to provide direct
management access to the content of the mapping.
The identities that come from the mappings (i.e. the nicknames) shall be used
to annotate the AMQP connections (for management visibility) and to index into
the access/resource policy for each connection.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
