[jira] [Commented] (WSS-339) OCSP support

Wed, 15 Feb 2012 17:23:29 -0800 

    [ 
https://issues.apache.org/jira/browse/WSS-339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13209042#comment-13209042
 ] 

Daniel Kulp commented on WSS-339:
---------------------------------


I agree with Colm on both issues.   These end up being global settings, not per 
request or per application settings.   Thus, we should not be presenting even 
an illusion of them being per application or it creates a lot of extra 
confusion.  

They create an app that turns this setting on and expect it to run.   Another 
application gets deployed into the container (osgi container, tomcat, 
whatever....) that then turns if off.   Suddenly, the first app, due to nothing 
that it did, is no longer meeting the security requirements that it was 
expecting.  

So I disagree with configuring System properties or Security properties from 
contexts that are supposed to be per service or per request which is pretty 
much what Colm was trying to get at.   

                
> OCSP support
> ------------
>
>                 Key: WSS-339
>                 URL: https://issues.apache.org/jira/browse/WSS-339
>             Project: WSS4J
>          Issue Type: Improvement
>            Reporter: Freeman Fang
>            Assignee: Colm O hEigeartaigh
>         Attachments: WSS-339.patch
>
>
> currently WSS4J already support CRL for revocation check, it would be better 
> that we can also support OCSP through WSS4J configuration.
> Though we can set ocsp.enable property in 
> $JAVA_HOME/jre/lib/security/java.security to enable OCSP but it's effect JVM 
> wide, I'd like to introduce a property in WSHandlerConstants like enableOCSP 
> which can trigger code like
> Security.setProperty("ocsp.enable", enableOCSP);
> This should be similar with the property enableRevocation,  the logic is
> if (enableRevocation && enableOCSP) {
>     //use OCSP to do revocation check.
> }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to