Darran Lofthouse created ELY-2078:
-------------------------------------
Summary: Add encryption and integrity support to FileSystemSecurityRealm
Key: ELY-2078
URL:
https://issues.redhat.com/browse/ELY-2078
Project: WildFly Elytron
Issue Type: Feature Request
Components: Realms
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: 2.0.0.Alpha10
A minimal level of support would be for a SecretKey to be provided to the realm as it is
initialised.
We should consider the level of encryption required and different levels could have
different policies.
* Encryption of credentials.
* Encryption of attributes.
* Complete obfuscation of the username.
* Signing of sections of an identity or the complete identity.
* Integrity of the whole realm.
** If a realm gets large it would be expensive to recursively check the integrity of
every identity in the realm so instead maybe an individual entry should have it's own
signature when written and a master index then signed to represent the presence of each
identity. The entries should likely be versioned with the version a part of the master
index to prevent an older entry being swapped back in.
As realms already exist the tool could have a utility added to take a clear text realm and
convert.
--
This message was sent by Atlassian Jira
(v8.13.1#813001)