On Tue, Jul 21, 2009 at 09:42:00AM +0530, Hiranya Jayathilaka wrote: > Hi Indika, > > On Mon, Jul 20, 2009 at 10:19 PM, indika kumara <[email protected]>wrote: > > > I am agree with asankha , > > > > Requirement is to enable to represent multiple identities by synapse itself > > and also call to external services whose identities are different. For > > first requirement it may need to expose identities at proxy services level. > > For second requirement, it may need ability to specify and use multiple > > client certificates at endpoint level when calling different external > > services. > > > > Giving Multiple SSLContexts is the scalable solution. Specially, for the > > requirement one, using reactor will not be scalable. Even for second > > requirement. > > > > But, it seems in the current IOreactor implementation it is only possible > > to be given one SSLContext (with IOEventDispatch). > > > > Seems like we need a new IOEventDispatch implementation that take Map of > > SSLContexts (or composite IOEventDispatch) and then within method, > > > +1 to this approach. I think this is the best possible solution if it's > doable. > > Thanks, > Hiranya > >
Custom IOEventDispatch is the way to go. Essentially all you want is ability to create a specific SSL context for each newly IOSession based on a particular set of criteria such as remote peer's IP or DNS name. Cheers Oleg > > > > > > *public void connected (final IOSession session)* > > > > Based on information on IOSession session, pick the correct SSLContext. I > > am not sure possibility of this, but Asankha or Oleg sure knows this. > > > > Thanks > > Indika > > > > > > > > > > I guess the real use case is the ability to use multiple identity > > > certificates when communicating out. A usual use case is that one > > > organization would need to use an identity certificate A when talking to > > an > > > endpoint of Company A, and another identity certificate B when talking to > > an > > > endpoint of Company B etc, when using 2-way SSL. This does not > > necessarily > > > require the support for multiple keystores, unless I have missed > > something. > > > > > > I have not yet looked into details.. but I do not directly see the need > > for > > > multiple IO reactors to support this.. but just multiple SSLContexts. > > > > > > cheers > > > asankha > > > > > > -- > > > Asankha C. Perera > > > AdroitLogic, http://adroitlogic.org > > > > > > http://esbmagic.blogspot.com > > > > > > > > > > > > > > > > > > > -- > Hiranya Jayathilaka > Software Engineer; > WSO2 Inc.; http://wso2.org > E-mail: [email protected]; Mobile: +94 77 633 3491 > Blog: http://techfeast-hiranya.blogspot.com --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
