Great work Tyrell. This opens the door for many other features we can
add to the mashup server such as talking to external services using
WS-Security stuff. Currently we only support username/token but with
this solution in we should be able to do sign and encryption and more
security scenarios.
Thanks,
Keith.
Tyrell Perera wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Update:
Now a user can just type the URL of a trusted site and the certificate
chain will be retrieved and added to the user keystore by the Mashup
Server.
Tyrell
Tyrell Perera wrote:
| FYI
|
| We now have a keystore per user along with keystore management
| functionality exposed in the UI. It works as follows at present.
|
| ~ - A keystore is 'cloned' using the server keystore at user registration
| and stored in the registry.
|
| ~ - A user can manage the certificates in his/her keystore using the
| 'Certificate Manager' page, accessible through the 'Tasks' panel
|
| ~ - The management UI allows a user to add trusted certificates to sites
| ans delete them if required
|
| ~ - A custom protocol handler is in place, which retrieves a user
| keystore from the registry and uses the certificates stored within to
| make https connections on demand (Currently the Sharing service uses
this).
|
|
| Example scenario
| ----------------
|
| - User tries to share a mashup to another server in a separate domain.
| HTTPS is required and a certificate for that domain is not available in
| the user keystore.
|
| - Sharing fails. The dialog informs the user the reason for the failure
| along with a link to the 'Certificate Manager' page.
|
| ~ - The User obtains the public certificate for this domain and adds it
| to his/her keystore and retries. The sharing service picks up the new
| certificate and successfully shares the mashup.
|
|
| We can potentially extend this feature to obtain certificates just by
| giving the URL of a site. The WSRequest host object, will have to be
| changed to use the custom protocol handler as well.
|
|
| Tyrell
|
|
_______________________________________________
Mashup-dev mailing list
[email protected]
http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
- --
Tyrell Perera
Senior Software Engineer; WSO2, Inc.; http://www.wso2.com/
email: [EMAIL PROTECTED]; cell: +94 77 302 2505
"Oxygenating the Web Service Platform."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFILgGTehFdPcgGx7oRAqbcAKCyI/ry0uyoEFaKZ8WSeDIfVyd78gCfZlUW
anTe1X0Jbatu07kxwlmGXrk=
=Phsp
-----END PGP SIGNATURE-----
_______________________________________________
Mashup-dev mailing list
[email protected]
http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
_______________________________________________
Mashup-dev mailing list
[email protected]
http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
