Hiranya Jayathilaka wrote: > On Mon, Jul 20, 2009 at 6:34 PM, Andreas Veithen > <[email protected] <mailto:[email protected]>> wrote: > > Hiranya, > > Before discussing the implementation, could you please explain the > use case? > > > I have posted a link to a forum discussion in SYNASPE-563. You can get > a rough idea of the requirement by going through the discussion there. > > In short this is the usecase we are trying to support. Lets say a user > wants to proxy a set of web services using Synapse. Each web service > is exposed over HTTPS and hence all the endpoint definitions in the > Synapse config will be https endpoints. Instead of using a single key > store to connect to each https endpoint we want to use different key > stores. My proposal is a mechanism to select keystores at endpoint level. > Hiranya
I guess the real use case is the ability to use multiple identity certificates when communicating out. A usual use case is that one organization would need to use an identity certificate A when talking to an endpoint of Company A, and another identity certificate B when talking to an endpoint of Company B etc, when using 2-way SSL. This does not necessarily require the support for multiple keystores, unless I have missed something. I have not yet looked into details.. but I do not directly see the need for multiple IO reactors to support this.. but just multiple SSLContexts. cheers asankha -- Asankha C. Perera AdroitLogic, http://adroitlogic.org http://esbmagic.blogspot.com
