cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <>
Subject Re: KMIP Support in CXF (ReST & SOAP)
Date Tue, 02 Jun 2015 15:59:15 GMT

Andrei Shakirin who worked on getting the XKMS code contribution added 
to CXF is off till next week, he may have an opinion; IMHO it is good to 
have multiple relevant options supported but I'm not sure how easy it is 
to do KMIP.

Cheers, Sergey

On 02/06/15 09:08, Yossi Cohen wrote:
> Hi,
> We are currently evaluating several technologies for public/private key
> distribution and rotation and I have two questions I was hoping CXF Dev.
> could address:
> 1.       I noticed CXF added support in XKMS for public keys (e.g., for
> SAML token validation). It appears though that the adoption of KMIP
> <> in
> industry is more extensive than the adoption of XKMS
> <>. Does it make sense for CXF to add
> support for KMIP? Are there any plans to add this capability and if yes in
> which version?
> 2.       For key rotation we need the previous public key to be left active
> side-by-side with the new public key until all signatures signed using the
> previous private key are no longer in use (e.g., after session expiration).
> To support that, we need to be able to customize CXF and implement logic
> that tries first to validate the signature using the new public and upon
> failure, attempt to re-validate the signature using the previous public
> key. That way we guarantee that we don’t break existing sessions. WDYT
> about the logic? If you come to implement KMIP support in CXF, please
> beware of such customization need.
>   *Best Regards,*
> *Yossi Cohen*

Sergey Beryozkin

Talend Community Coders


View raw message