<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag -->
<!-- Email clients will render the images when the message is read so any image -->
<!-- must be made available on a public server, so that all recipients can load the image. -->
<a href="http://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
AS7: Sensitive Attributes Masking
</h3>
<span style="margin-bottom: 10px;">
created by <a href="http://community.jboss.org/people/anil.saldhana">Anil Saldhana</a> in <i>PicketBox Development</i> - <a href="http://community.jboss.org/message/619770#619770">View the full discussion</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><p>We can extend masking of passwords to all attributes that the user determines to be sensitive and not be displayed in clear text in the configuration files.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>There are two entities:</p><p>a) Sensitive Attribute Holder (SAH).</p><p>b) Requesting Party (RP).</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>The "SAH" will securely hold all the sensitive attributes in one place. Ideally using AES256+ type encryption.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>The Requesting Party is an entity in the AS that wants to get access to the secure attribute. </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>The challenge is to ensure the authenticity of the RP.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>How do we know RP is the real owner of the attribute?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h2></h2><h2>Some thoughts:</h2><ol><li style="text-align: start;">We can provide a shared key to the RP via an offline tool. The RP will configure the shared key (how do we secure this shared key?).</li><li style="text-align: start;">When the RP asks for the attribute, we can check the package of the RP and ensure that it matches the package that was used in generation of the shared key provided.</li></ol></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Reply to this message by <a href="http://community.jboss.org/message/619770#619770">going to Community</a></p>
<p style="margin: 0;">Start a new discussion in PicketBox Development at <a href="http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2088">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>