Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-2078

Add encryption and integrity support to FileSystemSecurityRealm

    XMLWordPrintable

    Details

    • Type: Feature Request
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 2.0.0.Alpha11
    • Component/s: Realms
    • Labels:
      None

      Description

      A minimal level of support would be for a SecretKey to be provided to the realm as it is initialised.

      We should consider the level of encryption required and different levels could have different policies.

      • Encryption of credentials.
      • Encryption of attributes.
      • Complete obfuscation of the username.
      • Signing of sections of an identity or the complete identity.
      • Integrity of the whole realm.
        • If a realm gets large it would be expensive to recursively check the integrity of every identity in the realm so instead maybe an individual entry should have it's own signature when written and a master index then signed to represent the presence of each identity.  The entries should likely be versioned with the version a part of the master index to prevent an older entry being swapped back in.

      As realms already exist the tool could have a utility added to take a clear text realm and convert.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            dlofthouse Darran Lofthouse
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: