[
https://issues.jboss.org/browse/JGRP-1883?page=com.atlassian.jira.plugin....
]
Richard Achmatowicz commented on JGRP-1883:
-------------------------------------------
I intended "ENCRYPT is basically SSL/TLS for JGroups" to me in terms of its
overall function, as an encryption/authentication layer based on certificates, not in
terms of how it is implemented.
I agree that my argument sounds like marketing, although in my defence, I do at least
refer to committing to and adhering to a standard which may be a benefit to users who are
familiar with using SASL for configuring security in non-clustering cases. You are right:
there is no technical reason why we cannot say JGroups supports SASL authentication and
use a separate ENCRYPT layer for integrity and confidentiality. Just as there is no
technical reason why JGroups needs to support SASL at all, given that there are better,
more flexible mechanisms at your disposal in the form of AUTH and ENCRYPT which are better
tailored for the needs of group communication. Maybe the single advantage of SASL is that
someone else (the Sasl provider) is responsible for keeping the implementation up to
date.
I'll close the issue - there doesn't seem to be a lot in it.
Extend SASL protocol to handle Quality of Protection
-----------------------------------------------------
Key: JGRP-1883
URL:
https://issues.jboss.org/browse/JGRP-1883
Project: JGroups
Issue Type: Feature Request
Affects Versions: 3.5
Reporter: Richard Achmatowicz
Assignee: Bela Ban
Fix For: 3.6
SASL implementations generally provide authentication and encryption services to
communication protocols.
At present, the JGroups SASL protocol layer handles only authentication of a client
joining a group; it does not support encryption of messages (unicast and multicast)
passing through the SASL layer. This is presently handled by the separate ENCRYPT layer.
It would be nice to provide an integrated and complete solution for authentication and
encryption for JGroups based on SASL. This could be achieved by adding functionality from
ENCRYPT to the SASL layer.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)