Re: Features for 1.1 release

[Asankha C. Perera]

It should be possible within the next 4 ~ 6 weeks is my guess, Since its going to be a point release mostly with bug fixes and performance improvements etc. asankha legolas wrote: If it is possible, I want to ask whether you have estimation about when version 1.0.1 could be production ready, I just want to know an estimation to arrange my planes with it. asankha wrote: Hi Legolas Apache Synapse is a good project and I am planing to use synapse for a project and I want to vote for minor release model that was suggested, I mean it would be good to have 1.0.1, 1.0.2, and so on. Cool.. I agree and I think we will be heading in that path soon with a 1.0.1 with some minor fixes and performance improvements etc. A feature that I want to vote for is mutual authentication using digital certifications (SSL mutual authentication). Let me explain what do i mean by ssl mutual authentication: with my reading and researches it means that we have a certDB in server side (Synapse side) and it contain one or more CA's certifications and in client side we have a certification signed by one of those CA's . now when a client want to connect to Synapse Synapse can check to see whether the client has a certification signed by one of those CA's which are present in its certDB or not. if it is singed by one of them then Synapse will answer otherwise it will not. We already do have this support in the 1.0 release, but this is disabled by default. If you setup your certificate stores (defaults are trust.jks and identity.jks) properly and uncomment the "<parameter name="SSLVerifyClient">require</parameter>" from the axis2.xml's https transport listener configuration, it will do exactly what you have explained. Also there should be some mechanism not to allow all clients with such certification to connect to the server (I do not know how we should do this). I agree.. let me check with the HttpCore project how this may be possible.. thanks for suggesting this Also In client side we should have some mechanism to check and see whether we are connecting to a server which has correct certification or not (I think we can do this by assigning a certification to synapse and adding the issuer CA which issued synapse certification to client JKS file), is it correct? Right now we support hostname verification. Again this is commented by default on the axis2.xml's https transport sender configuration. "<parameter name="HostnameVerifier">DefaultAndLocalhost</parameter>" If you specify strict, the host name verification would be performed. asankha --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]