[jira] Commented: (DERBY-528) Support for DRDA Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme

Thu, 24 Aug 2006 16:43:15 -0700 

    [ 
http://issues.apache.org/jira/browse/DERBY-528?page=comments#action_12430331 ] 
            
Francois Orsini commented on DERBY-528:
---------------------------------------

DERBY-1747 is the documentation JIRA for this feature.

> Support for DRDA Strong User ID and Password Substitute Authentication 
> (USRSSBPWD) scheme
> -----------------------------------------------------------------------------------------
>
>                 Key: DERBY-528
>                 URL: http://issues.apache.org/jira/browse/DERBY-528
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security
>    Affects Versions: 10.1.1.0
>            Reporter: Francois Orsini
>         Assigned To: Francois Orsini
>             Fix For: 10.2.1.0
>
>         Attachments: 528_diff_v1.txt, 528_diff_v2.txt, 528_diff_v3.txt, 
> 528_diff_v4.txt, 528_diff_v5.txt, 528_SecMec_Testing_Table.txt, 
> 528_stat_v1.txt, 528_stat_v2.txt, 528_stat_v3.txt, 528_stat_v4.txt, 
> 528_stat_v5.txt
>
>
> This JIRA will add support for (DRDA) Strong User ID and Password Substitute 
> Authentication (USRSSBPWD) scheme in the network client/server driver layers.
> Current Derby DRDA network client  driver supports encrypted userid/password 
> (EUSRIDPWD) via the use of DH key-agreement protocol - however current Open 
> Group DRDA specifications imposes small prime and base generator values (256 
> bits) that prevents other JCE's  to be used as java cryptography providers - 
> typical minimum security requirements is usually of 1024 bits (512-bit 
> absolute minimum) when using DH key-agreement protocol to generate a session 
> key.
> Strong User ID and Password Substitute Authentication (USRSSBPWD) is part of 
> DRDA specifications as another alternative to provide ciphered passwords 
> across the wire.
> Support of USRSSBPWD authentication scheme will enable additional JCE's to  
> be used when encrypted passwords are required across the wire.
> USRSSBPWD authentication scheme will be specified by a Derby network client 
> user via the securityMechanism property on the connection UR - A new property 
> value such as ENCRYPTED_PASSWORD_SECURITY will be defined in order to support 
> this new (DRDA) authentication scheme.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to