[
https://issues.apache.org/jira/browse/SYNCOPE-270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francesco Chicchiriccò updated SYNCOPE-270:
-------------------------------------------
Description:
1. Main purpose: store some arbitrary string values encrypted in the database;
this can be enforced by law, for example.
2. When defining an encrypted schema, you must provide the cypher algorithm to
be used and a passphrase.
Such passphrase will be stored by Syncope as encrypted with an internal key
(more or less like we are already doing with user passwords).
3. When creating an attribute with such schema, the value(s) will be
automatically encrypted by Syncope using the provided algorithm and passphrase.
4. When reading an attribute with such schema (e.g. contained in an
AttributeTO), the value(s) will be sent encrypted.
Only who knows the algorithm and the passphrase will be able to decrypt.
-Moreover, you can think to make the admin console able to show such attribute
value(s) as encrypted by default and to decrypt them on demand after asking for
algorithm and passphase.-
-5. When propagating / synchronizing attribute with such schema, GuardedString
will be used, not String.-
6. When changing algorithm or passpshase of an existing schema, new values will
be encrypted with these, old values will remain as they are.
Naturally, one can provide an update procedure.
[1] http://markmail.org/message/rg7ryeknkrzae4xj
was:
1. Main purpose: store some arbitrary string values encrypted in the database;
this can be enforced by law, for example.
2. When defining an encrypted schema, you must provide the cypher algorithm to
be used and a passphrase.
Such passphrase will be stored by Syncope as encrypted with an internal key
(more or less like we are already doing with user passwords).
3. When creating an attribute with such schema, the value(s) will be
automatically encrypted by Syncope using the provided algorithm and passphrase.
4. When reading an attribute with such schema (e.g. contained in an
AttributeTO), the value(s) will be sent encrypted.
Only who knows the algorithm and the passphrase will be able to decrypt.
Moreover, you can think to make the admin console able to show such attribute
value(s) as encrypted by default and to decrypt them on demand after asking for
algorithm and passphase.
5. When propagating / synchronizing attribute with such schema, GuardedString
will be used, not String.
6. When changing algorithm or passpshase of an existing schema, new values will
be encrypted with these, old values will remain as they are.
Naturally, one can provide an update procedure.
[1] http://markmail.org/message/rg7ryeknkrzae4xj
> Encrypted schema
> ----------------
>
> Key: SYNCOPE-270
> URL: https://issues.apache.org/jira/browse/SYNCOPE-270
> Project: Syncope
> Issue Type: New Feature
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Fix For: 1.2.0
>
>
> 1. Main purpose: store some arbitrary string values encrypted in the
> database; this can be enforced by law, for example.
> 2. When defining an encrypted schema, you must provide the cypher algorithm
> to be used and a passphrase.
> Such passphrase will be stored by Syncope as encrypted with an internal key
> (more or less like we are already doing with user passwords).
> 3. When creating an attribute with such schema, the value(s) will be
> automatically encrypted by Syncope using the provided algorithm and
> passphrase.
> 4. When reading an attribute with such schema (e.g. contained in an
> AttributeTO), the value(s) will be sent encrypted.
> Only who knows the algorithm and the passphrase will be able to decrypt.
> -Moreover, you can think to make the admin console able to show such
> attribute value(s) as encrypted by default and to decrypt them on demand
> after asking for algorithm and passphase.-
> -5. When propagating / synchronizing attribute with such schema,
> GuardedString will be used, not String.-
> 6. When changing algorithm or passpshase of an existing schema, new values
> will be encrypted with these, old values will remain as they are.
> Naturally, one can provide an update procedure.
> [1] http://markmail.org/message/rg7ryeknkrzae4xj
--
This message was sent by Atlassian JIRA
(v6.2#6252)
