cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yossi Cohen <Yoss...@Amdocs.com>
Subject KMIP Support in CXF (ReST & SOAP)
Date Thu, 28 May 2015 15:39:18 GMT
Hi,

We are currently evaluating several technologies for public/private key distribution and rotation
and I have two questions I was hoping CXF Dev. could address:


1.       I noticed CXF added support in XKMS for public keys (e.g., for SAML token validation).
It appears though that the adoption of KMIP<http://en.wikipedia.org/wiki/Key_Management_Interoperability_Protocol>
in industry is more extensive than the adoption of XKMS<http://en.wikipedia.org/wiki/XKMS>.
Does it make sense for CXF to add support for KMIP? Are there any plans to add this capability
and if yes in which version?

2.       For key rotation we need the previous public key to be left active side-by-side with
the new public key until all signatures signed using the previous private key are no longer
in use (e.g., after session expiration). To support that, we need to be able to customize
CXF and implement logic that tries first to validate the signature using the new public and
upon failure, attempt to re-validate the signature using the previous public key. That way
we guarantee that we don't break existing sessions. WDYT about the logic? If you come to implement
KMIP support in CXF, please beware of such customization need.

Best Regards,
Yossi Cohen

This message and the information contained herein is proprietary and confidential and subject
to the Amdocs policy statement,
you may review at http://www.amdocs.com/email_disclaimer.asp

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message