[ https://issues.apache.org/jira/browse/SYNCOPE-270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14029058#comment-14029058 ]
ASF subversion and git services commented on SYNCOPE-270: --------------------------------------------------------- Commit 1602129 from [~ilgrosso] in branch 'syncope/trunk' [ https://svn.apache.org/r1602129 ] [SYNCOPE-270] Implementation provided > Encrypted schema > ---------------- > > Key: SYNCOPE-270 > URL: https://issues.apache.org/jira/browse/SYNCOPE-270 > Project: Syncope > Issue Type: New Feature > Reporter: Francesco Chicchiriccò > Assignee: Francesco Chicchiriccò > Fix For: 1.2.0 > > > 1. Main purpose: store some arbitrary string values encrypted in the > database; this can be enforced by law, for example. > 2. When defining an encrypted schema, you must provide the cypher algorithm > to be used and a passphrase. > Such passphrase will be stored by Syncope as encrypted with an internal key > (more or less like we are already doing with user passwords). > 3. When creating an attribute with such schema, the value(s) will be > automatically encrypted by Syncope using the provided algorithm and > passphrase. > 4. When reading an attribute with such schema (e.g. contained in an > AttributeTO), the value(s) will be sent encrypted. > Only who knows the algorithm and the passphrase will be able to decrypt. > Moreover, you can think to make the admin console able to show such attribute > value(s) as encrypted by default and to decrypt them on demand after asking > for algorithm and passphase. > 5. When propagating / synchronizing attribute with such schema, GuardedString > will be used, not String. > 6. When changing algorithm or passpshase of an existing schema, new values > will be encrypted with these, old values will remain as they are. > Naturally, one can provide an update procedure. > [1] http://markmail.org/message/rg7ryeknkrzae4xj -- This message was sent by Atlassian JIRA (v6.2#6252)