On Fri, Feb 25, 2011 at 1:17 AM, Prabath Siriwardana <prab...@wso2.com>wrote:
> Further we need to maintain trust stores on Tenant basis.. > > There can be a case - Tenant-A trusts Service - A and needs to add > Service-A's cert to the trust store - currently this is not possible - since > we do not have the concept of tenant based trust stores.. > > +1. This will be very useful. Also from Carbon point of view, it is better if we can get rid of the trust store and key store system properties completely and solely depend on the key stores defined in configurations for each case. Thanks, Thilina > Thanks & regards, > -Prabath > > > On Fri, Feb 25, 2011 at 1:11 AM, Prabath Siriwardana <prab...@wso2.com>wrote: > >> Currently - the JGSS API reads these configuration files as system >> properties.. So we would be able to setup a single KDC. We need to invest >> some time on this to find out a ways of doing this with out system >> properties.. >> >> Same issues exists there when a tenant - for example wants to talk to an >> external service secured with Mutual Authentication. Here we are setting a >> system property for the key store - and if the external service allows >> access to a tenant - that means it should let access to the stratos - in >> other words to the all the tenants.. >> >> Same applies - if some wants to secure a service with mutual auth.. I >> guess this is not possible currently per tenant.. >> >> I have look in to the mutual auth issue - and it is possible to get rid of >> the key store system property... we will work on these to get multitenant >> ready.. >> >> Thanks & regards, >> -Prabath >> >> On Fri, Feb 25, 2011 at 12:16 AM, Afkham Azeez <az...@wso2.com> wrote: >> >>> So, my usual question, how does this work in a multitenant environment? >>> How are you going to provide tenant specific conf files? >>> >>> Azeez >>> >>> On Thu, Feb 24, 2011 at 11:36 PM, Amila Jayasekara <ami...@wso2.com>wrote: >>> >>>> Hi All, >>>> As some of you may know, there is a Kerberos KDC server with latest IS >>>> build. In-order to complete the use case we added kerberos based >>>> security scenario to security-mgt component. Now there is a security >>>> scenario 16. See screen-shot for more details. Now users can easily >>>> secure services using Kerberos security policy by selecting scenario >>>> 16. >>>> But this change is not yet in trunk as kerberos related rampart >>>> changes are not yet in trunk (Currently i am doing changes in 3.0.1 >>>> support branch). But hopefully by next week we will be adding these >>>> changes to the trunk. >>>> >>>> Please review the attached screen shot and let me know, if any of the >>>> text needs to be changed. >>>> >>>> Also we need to add two more config files to support, scenario 16. >>>> They are krb5.conf (Contains parameters related to requesting ticket) >>>> and jaas.conf (Authorization properties). >>>> I am planning to add above mentioned files to esb's conf directory. >>>> Please let me know if you have any concerns. >>>> >>>> Also i have a sample which demonstrate the use of KDC in IS and usage >>>> of scenario 16, in esb. Since this sample is related to 2 products, i >>>> am not sure where should i place the sample. Will be great if you >>>> could give feedback on where to place sample program (In IS or ESB ?). >>>> >>>> Thanks >>>> AmilaJ >>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> Carbon-dev@wso2.org >>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>>> >>> >>> >>> -- >>> *Afkham Azeez* >>> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com >>> , >>> * >>> * >>> *Member; Apache Software Foundation; >>> **http://www.apache.org/*<http://www.apache.org/> >>> * >>> email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919 >>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>> * >>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>> * >>> * >>> *Lean . Enterprise . Middleware* >>> >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> Carbon-dev@wso2.org >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> > > > > -- > Thanks & Regards, > Prabath > > http://blog.facilelogin.com > http://RampartFAQ.com > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Thilina Buddhika Senior Software Engineer WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
