Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-2078

Add encryption and integrity support to FileSystemSecurityRealm

    XMLWordPrintable

Details

    • Feature Request
    • Status: Pull Request Sent (View Workflow)
    • Major
    • Resolution: Unresolved
    • None
    • 2.0.0.Alpha11
    • Realms
    • None

    Description

      A minimal level of support would be for a SecretKey to be provided to the realm as it is initialised.

      We should consider the level of encryption required and different levels could have different policies.

      • Encryption of credentials.
      • Encryption of attributes.
      • Complete obfuscation of the username.
      • Signing of sections of an identity or the complete identity.
      • Integrity of the whole realm.
        • If a realm gets large it would be expensive to recursively check the integrity of every identity in the realm so instead maybe an individual entry should have it's own signature when written and a master index then signed to represent the presence of each identity.  The entries should likely be versioned with the version a part of the master index to prevent an older entry being swapped back in.

      As realms already exist the tool could have a utility added to take a clear text realm and convert.

      Attachments

        Issue Links

          Activity

            People

              araskar@redhat.com Ashpan Raskar
              darran.lofthouse@redhat.com Darran Lofthouse
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: