shindig-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stanton Sievers (Updated) (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SHINDIG-1636) Create a KeyProvider to provide an encryption key to the SecurityToken workflow
Date Tue, 01 Nov 2011 17:13:32 GMT

     [ https://issues.apache.org/jira/browse/SHINDIG-1636?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Stanton Sievers updated SHINDIG-1636:
-------------------------------------

    Description: 
Currently, org.apache.shindig.auth.BlobCrypterSecurityTokenCodec.loadContainers(ContainerConfig,
Collection<String>, Map<String, BlobCrypter>, Map<String, String>) reads
an encryption key from a keyfile to instantiate the BlobCrypter.  The keyfile is defined in
the container.js.  An improvement to this behavior would be to provide an injectable KeyProvider
class that can return the key.  This would allow the key to reside anywhere instead of in
a static keyfile.

Update:
The old approach was to provide a KeyProvider class but that turned out to be a little too
heavy and there was some contention over the best implementation.  Until there is a consensus
on the best way to implement that abstraction, we can simply add another config value to the
container.js that is the key itself and have the codec read and use that value if it exists.

  was:Currently, org.apache.shindig.auth.BlobCrypterSecurityTokenCodec.loadContainers(ContainerConfig,
Collection<String>, Map<String, BlobCrypter>, Map<String, String>) reads
an encryption key from a keyfile to instantiate the BlobCrypter.  The keyfile is defined in
the container.js.  An improvement to this behavior would be to provide an injectable KeyProvider
class that can return the key.  This would allow the key to reside anywhere instead of in
a static keyfile.

    
> Create a KeyProvider to provide an encryption key to the SecurityToken workflow
> -------------------------------------------------------------------------------
>
>                 Key: SHINDIG-1636
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-1636
>             Project: Shindig
>          Issue Type: Improvement
>          Components: Java
>            Reporter: Stanton Sievers
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> Currently, org.apache.shindig.auth.BlobCrypterSecurityTokenCodec.loadContainers(ContainerConfig,
Collection<String>, Map<String, BlobCrypter>, Map<String, String>) reads
an encryption key from a keyfile to instantiate the BlobCrypter.  The keyfile is defined in
the container.js.  An improvement to this behavior would be to provide an injectable KeyProvider
class that can return the key.  This would allow the key to reside anywhere instead of in
a static keyfile.
> Update:
> The old approach was to provide a KeyProvider class but that turned out to be a little
too heavy and there was some contention over the best implementation.  Until there is a consensus
on the best way to implement that abstraction, we can simply add another config value to the
container.js that is the key itself and have the codec read and use that value if it exists.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message