[jira] [Commented] (WSS-339) OCSP support

Wed, 15 Feb 2012 16:53:28 -0800 

    [ 
https://issues.apache.org/jira/browse/WSS-339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13209029#comment-13209029
 ] 

Freeman Fang commented on WSS-339:
----------------------------------

Hi Colm,

Thanks for your reply.
But this issue is different with the case tracked by WSS-338. 
As this isn't controlled by a system property, it's Security property, so we 
have to specify ocsp.enable property in 
$JAVA_HOME/jre/lib/security/java.security which will affect whole JDK or left 
end user to use Security.setProperty("ocsp.enable", "true") programmatically.

Specify it in $JAVA_HOME/jre/lib/security/java.security isn't acceptable 
normally as it will affect whole JDK, we can easily run into the problem that 
one JVM process wanna ocsp.enable=true but the other doesn't.

Also only let end user programmatically use Security.setProperty isn't 
acceptable too as we do need provide a configurable way to specify ocsp.enable, 
that why I introduce  enableOCSP property for WSHanlder here, so end user can 
control everything they want just through wss4j typical configuration way.

WDYT?

Best Regards
Freeman 
                
> OCSP support
> ------------
>
>                 Key: WSS-339
>                 URL: https://issues.apache.org/jira/browse/WSS-339
>             Project: WSS4J
>          Issue Type: Improvement
>            Reporter: Freeman Fang
>            Assignee: Colm O hEigeartaigh
>         Attachments: WSS-339.patch
>
>
> currently WSS4J already support CRL for revocation check, it would be better 
> that we can also support OCSP through WSS4J configuration.
> Though we can set ocsp.enable property in 
> $JAVA_HOME/jre/lib/security/java.security to enable OCSP but it's effect JVM 
> wide, I'd like to introduce a property in WSHandlerConstants like enableOCSP 
> which can trigger code like
> Security.setProperty("ocsp.enable", enableOCSP);
> This should be similar with the property enableRevocation,  the logic is
> if (enableRevocation && enableOCSP) {
>     //use OCSP to do revocation check.
> }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to