Il giorno 09/gen/2013, alle ore 14.23, Jan Bernhardt ha scritto: > Hi Denis, > > who will be the owner of the private key, and why does syncope needs to know > that the value inside a field is encrypted? > > If syncope does not have a key to decrypt the value, then syncope does not > even need to know that this field is encrypted is simply a BASE64 encoded > String (for example). > > So from my point of view the only usecase that actually would make sense for > such a schema attribute, is if syncope knows the private key (properly > generated that key) and the goal is to store encrypted values in a remote > system. But why storing information in a remote system, if that system should > not be able to read this information? > > So at this point I can't see a real usecase that would actually benefit from > such an attribute. Can you provide an example please.
Agree, probably this feature is not so useful BTW it could be interesting. Actually, in the past I have had some experience with encrypted attribute values. +1 to implement this feature. Anyway, I'm looking forward to read a possible use case from Denis. @Francesco, I think that this attribute should be visible on the console if and only if 1. is encrypted using a reversible algorithm 2. the owner specify it explicitly In any case, its propagation should be encrypted. Regards, F. > Best regards > Jan > >> -----Original Message----- >> From: Denis Signoretto [mailto:[email protected]] >> Sent: Mittwoch, 9. Januar 2013 13:02 >> To: [email protected] >> Subject: Support for encripted schema attributes >> >> Hi Syncopers, >> >> At the moment, for our purpose, it's not a actual requirement. >> >> I'm wondering if in the roadmap could be added a schema attribute which >> Syncope stores encrypted so neither the administrator can view the real >> value. >> >> WDYT ? >> >> Regards, >> Denis. >> >> <http://www.intesys.it/firme/logo_intesys.jpg> >> >> Denis Signoretto | Senior Project Manager >> >> Intesys - Via Roveggia 122 A - 37136 Verona Tel. 045 503663 | Fax 045 503604 >> [email protected] www.intesys.it <http://www.intesys.it/> >> >> Le informazioni contenute nella presente e-mail e nei suoi allegati >> potrebbero essere confidenziali/riservate e sono dirette unicamente ai >> destinatari sopra indicati. In caso di ricezione da parte di persona diversa >> è >> vietato qualunque tipo di divulgazione o copia anche parziale. Chi riceva >> questo messaggio per errore è pregato di inoltrarlo al mittente e di >> cancellare >> questa e-mail. >> >> This e-mail and its attachments may contain confidential/reserved >> information and is intended only for the use of the address(es) named >> above. If the reader of this message is not the intended recipient of this >> message, please note that distribution or copying of this communication is >> forbidden. Anyone who receives this communication in error should return it >> immediately to the sender and delete the message. >> >>
