[JBoss JIRA] (ELY-66) SASL Proxy
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-66?page=com.atlassian.jira.plugin.sys... ]
Darran Lofthouse moved SASL-55 to ELY-66:
-----------------------------------------
Project: WildFly Elytron (was: WildFly SASL Provider)
Key: ELY-66 (was: SASL-55)
Workflow: GIT Pull Request workflow (was: classic default workflow)
Fix Version/s: 1.0.0.Beta1
(was: 2.0.0.Alpha1)
> SASL Proxy
> ----------
>
> Key: ELY-66
> URL: https://issues.jboss.org/browse/ELY-66
> Project: WildFly Elytron
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Reporter: Darran Lofthouse
> Assignee: David Lloyd
> Fix For: 1.0.0.Beta1
>
>
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years, 10 months
[JBoss JIRA] (ELY-57) Transition to enabling mechanisms to be 'managed' in server environment.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-57?page=com.atlassian.jira.plugin.sys... ]
Darran Lofthouse moved SASL-66 to ELY-57:
-----------------------------------------
Project: WildFly Elytron (was: WildFly SASL Provider)
Key: ELY-57 (was: SASL-66)
Workflow: GIT Pull Request workflow (was: classic default workflow)
Fix Version/s: 1.0.0.Beta1
(was: 2.0.0.Alpha1)
> Transition to enabling mechanisms to be 'managed' in server environment.
> ------------------------------------------------------------------------
>
> Key: ELY-57
> URL: https://issues.jboss.org/browse/ELY-57
> Project: WildFly Elytron
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Reporter: Darran Lofthouse
> Fix For: 1.0.0.Beta1
>
>
> For some mechanisms there is a fair amount of initialisation that needs to be performed each time the mechanism is used, e.g. for GSSAPI we have GSSName instances, GSSCredential instances etc...
> The existing convention for SASL mechanisms is that this initialisation occurs when the mechanism is instantiated which is at the time the relevant SaslServerFactory or SaslClientFactory is called. This convention really fits with the mechanisms being used in a JSE environment but once we move to a managed environment we are not so constrained.
> A few options: -
> - Provide a way a mechanism can cache something it has created so if called again it can re-use it.
> - Provide access to a factory / inject certain resources.
> - Make the mechanism fully managed in the server, when create is called the bulk of initialisation would have already occurred and what is returned handles the bare minimum state related to an authentication attemp (client or server side).
> One additional comment if we do consider something like this, some mechanisms may have items cached that once cached would never change for the lifetime of the process - for others we may have additional timeouts to consider such as Kerberos ticket expiration which may mean we want to regenerate cached resources at certain points.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years, 10 months
[JBoss JIRA] (ELY-59) Custom properties within mechanism selection
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-59?page=com.atlassian.jira.plugin.sys... ]
Darran Lofthouse moved SASL-65 to ELY-59:
-----------------------------------------
Project: WildFly Elytron (was: WildFly SASL Provider)
Key: ELY-59 (was: SASL-65)
Workflow: GIT Pull Request workflow (was: classic default workflow)
Component/s: SASL
(was: Util)
Fix Version/s: 1.0.0.Beta1
(was: 2.0.0.Alpha1)
> Custom properties within mechanism selection
> --------------------------------------------
>
> Key: ELY-59
> URL: https://issues.jboss.org/browse/ELY-59
> Project: WildFly Elytron
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Components: SASL
> Reporter: Darran Lofthouse
> Fix For: 1.0.0.Beta1
>
>
> Some custom properties should maybe impact on mechanism selection e.g. wildfly.sasl.channel-binding.mode if set to required GSSAPI should be excluded as it does not support channel binding.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years, 10 months
[JBoss JIRA] (ELY-53) GSSAPI Make Delegated Credential Available
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-53?page=com.atlassian.jira.plugin.sys... ]
Darran Lofthouse moved SASL-68 to ELY-53:
-----------------------------------------
Project: WildFly Elytron (was: WildFly SASL Provider)
Key: ELY-53 (was: SASL-68)
Workflow: GIT Pull Request workflow (was: classic default workflow)
Component/s: SASL
(was: GSSAPI Mechanism)
Fix Version/s: 1.0.0.Beta1
(was: 2.0.0.Alpha1)
> GSSAPI Make Delegated Credential Available
> ------------------------------------------
>
> Key: ELY-53
> URL: https://issues.jboss.org/browse/ELY-53
> Project: WildFly Elytron
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: SASL
> Reporter: Darran Lofthouse
> Fix For: 1.0.0.Beta1
>
>
> The server side of the mechanism can receive a delegated credential but there is no way to obtain it, we should provide a way for it to be obtained or provided.
> _Note: This may be an Elytron integration point rather than something supported in the pure SASL mechanism._
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years, 10 months
[JBoss JIRA] (ELY-54) Support for stronger hashes as alternatives to MD5
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-54?page=com.atlassian.jira.plugin.sys... ]
Darran Lofthouse moved SASL-39 to ELY-54:
-----------------------------------------
Project: WildFly Elytron (was: WildFly SASL Provider)
Key: ELY-54 (was: SASL-39)
Workflow: GIT Pull Request workflow (was: classic default workflow)
Fix Version/s: 1.0.0.Beta1
(was: 2.0.0.Alpha1)
> Support for stronger hashes as alternatives to MD5
> --------------------------------------------------
>
> Key: ELY-54
> URL: https://issues.jboss.org/browse/ELY-54
> Project: WildFly Elytron
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.0.0.Beta1
>
>
> Presently Digest authentication is based on MD5 - however we should either update the mechanism or add new mechanisms to support the use of stronger hashes.
> As this library is used both client and server side installations that require the stronger hashes can just ensure the client and server have the latest version of this library - installations that still require interaction with MD5 will need to ensure that it is still available as a mechanism.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years, 10 months