I am agree with asankha , Requirement is to enable to represent multiple identities by synapse itself and also call to external services whose identities are different. For first requirement it may need to expose identities at proxy services level. For second requirement, it may need ability to specify and use multiple client certificates at endpoint level when calling different external services.
Giving Multiple SSLContexts is the scalable solution. Specially, for the requirement one, using reactor will not be scalable. Even for second requirement. But, it seems in the current IOreactor implementation it is only possible to be given one SSLContext (with IOEventDispatch). Seems like we need a new IOEventDispatch implementation that take Map of SSLContexts (or composite IOEventDispatch) and then within method, *public void connected (final IOSession session)* Based on information on IOSession session, pick the correct SSLContext. I am not sure possibility of this, but Asankha or Oleg sure knows this. Thanks Indika > > I guess the real use case is the ability to use multiple identity > certificates when communicating out. A usual use case is that one > organization would need to use an identity certificate A when talking to an > endpoint of Company A, and another identity certificate B when talking to an > endpoint of Company B etc, when using 2-way SSL. This does not necessarily > require the support for multiple keystores, unless I have missed something. > > I have not yet looked into details.. but I do not directly see the need for > multiple IO reactors to support this.. but just multiple SSLContexts. > > cheers > asankha > > -- > Asankha C. Perera > AdroitLogic, http://adroitlogic.org > > http://esbmagic.blogspot.com > > > >
