> -----Messaggio originale----- > Da: Fabio Martelli [mailto:[email protected]] > Inviato: mercoledì 9 gennaio 2013 17:21 > A: [email protected] > Oggetto: Re: Support for encripted schema attributes > > > > Il giorno 09/gen/2013, alle ore 14.23, Jan Bernhardt ha scritto: > > > Hi Denis, > > > > who will be the owner of the private key, and why does > syncope needs to know that the value inside a field is encrypted? > > > > If syncope does not have a key to decrypt the value, then > syncope does not even need to know that this field is > encrypted is simply a BASE64 encoded String (for example). > > > > So from my point of view the only usecase that actually > would make sense for such a schema attribute, is if syncope > knows the private key (properly generated that key) and the > goal is to store encrypted values in a remote system. But why > storing information in a remote system, if that system should > not be able to read this information? > > > > So at this point I can't see a real usecase that would > actually benefit from such an attribute. Can you provide an > example please. > > Agree, probably this feature is not so useful BTW it could be > interesting. > Actually, in the past I have had some experience with > encrypted attribute values. > > +1 to implement this feature. > Anyway, I'm looking forward to read a possible use case from Denis. >
I agree with Fabio, probably this feature it's not so useful in most of common cases. I was imagining a general use cases where some user attributes, for security reasons or law restrictons, can't be stored cleartext; e.g. a sort of sencondary password or a PIN to use for instance to open doors or to enable a payment (some online banking use a secondary PIN to confirm a payment operation). > @Francesco, I think that this attribute should be visible on > the console if and only if > 1. is encrypted using a reversible algorithm > 2. the owner specify it explicitly > In any case, its propagation should be encrypted. > > Regards, > F. > > > Best regards > > Jan > > > >> -----Original Message----- > >> From: Denis Signoretto [mailto:[email protected]] > >> Sent: Mittwoch, 9. Januar 2013 13:02 > >> To: [email protected] > >> Subject: Support for encripted schema attributes > >> > >> Hi Syncopers, > >> > >> At the moment, for our purpose, it's not a actual requirement. > >> > >> I'm wondering if in the roadmap could be added a schema > attribute which > >> Syncope stores encrypted so neither the administrator can > view the real > >> value. > >> > >> WDYT ? > >> > >> Regards, > >> Denis. > >> > >> <http://www.intesys.it/firme/logo_intesys.jpg> > >> > >> Denis Signoretto | Senior Project Manager > >> > >> Intesys - Via Roveggia 122 A - 37136 Verona Tel. 045 > 503663 | Fax 045 503604 > >> [email protected] www.intesys.it <http://www.intesys.it/> > >> > >> Le informazioni contenute nella presente e-mail e nei suoi allegati > >> potrebbero essere confidenziali/riservate e sono dirette > unicamente ai > >> destinatari sopra indicati. In caso di ricezione da parte > di persona diversa è > >> vietato qualunque tipo di divulgazione o copia anche > parziale. Chi riceva > >> questo messaggio per errore è pregato di inoltrarlo al > mittente e di cancellare > >> questa e-mail. > >> > >> This e-mail and its attachments may contain confidential/reserved > >> information and is intended only for the use of the > address(es) named > >> above. If the reader of this message is not the intended > recipient of this > >> message, please note that distribution or copying of this > communication is > >> forbidden. Anyone who receives this communication in error > should return it > >> immediately to the sender and delete the message. > >> > >> > >
