syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Chicchiriccò (Jira) <j...@apache.org>
Subject [jira] [Created] (SYNCOPE-1510) Allow to store encrypted schema's secret key externally
Date Fri, 08 Nov 2019 11:43:00 GMT
Francesco Chicchiriccò created SYNCOPE-1510:
-----------------------------------------------

             Summary: Allow to store encrypted schema's secret key externally
                 Key: SYNCOPE-1510
                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1510
             Project: Syncope
          Issue Type: Improvement
          Components: console, core, enduser
            Reporter: Francesco Chicchiriccò
             Fix For: 2.1.6, 3.0.0


Encrypted plain schema's secret key is used to encrypt the related attribute values.

Currently, such key is stored alongside with other plain schema's definition items, as cipher
algorithm for example.

While functional, such approach breaks some security compliance rules, as (1) algorithm (2)
secret key and (3) encrypted value are all in the same place (Syncope's internal storage).

We should introduce the possibility to store at least the secret key in another place.

Moreover, we could also consider, in the schema definition, a conversion pattern which allows,
when set, to decrypt the values (if algorithm is compatible) for REST access; among other
use cases, this would allow to transparently edit via Admin Console / Enduser UI the related
attributes.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message