Indika, What do you mean exactly by "enable to represent multiple identities by synapse itself"?
Andreas On Mon, Jul 20, 2009 at 18:49, indika kumara<[email protected]> wrote: > I am agree with asankha , > > Requirement is to enable to represent multiple identities by synapse itself > and also call to external services whose identities are different. For > first requirement it may need to expose identities at proxy services level. > For second requirement, it may need ability to specify and use multiple > client certificates at endpoint level when calling different external > services. > > Giving Multiple SSLContexts is the scalable solution. Specially, for the > requirement one, using reactor will not be scalable. Even for second > requirement. > > But, it seems in the current IOreactor implementation it is only possible to > be given one SSLContext (with IOEventDispatch). > > Seems like we need a new IOEventDispatch implementation that take Map of > SSLContexts (or composite IOEventDispatch) and then within method, > > public void connected (final IOSession session) > > Based on information on IOSession session, pick the correct SSLContext. I > am not sure possibility of this, but Asankha or Oleg sure knows this. > > Thanks > Indika > > >> >> I guess the real use case is the ability to use multiple identity >> certificates when communicating out. A usual use case is that one >> organization would need to use an identity certificate A when talking to >> an >> endpoint of Company A, and another identity certificate B when talking to >> an >> endpoint of Company B etc, when using 2-way SSL. This does not necessarily >> require the support for multiple keystores, unless I have missed >> something. >> >> I have not yet looked into details.. but I do not directly see the need >> for >> multiple IO reactors to support this.. but just multiple SSLContexts. >> >> cheers >> asankha >> >> -- >> Asankha C. Perera >> AdroitLogic, http://adroitlogic.org >> >> http://esbmagic.blogspot.com >> >> >> >> > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
