Darran Lofthouse created ELY-2078: ------------------------------------- Summary: Add encryption and integrity support to FileSystemSecurityRealm Key: ELY-2078 URL: https://issues.redhat.com/browse/ELY-2078 Project: WildFly Elytron Issue Type: Feature Request Components: Realms Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 2.0.0.Alpha10 A minimal level of support would be for a SecretKey to be provided to the realm as it is initialised. We should consider the level of encryption required and different levels could have different policies. * Encryption of credentials. * Encryption of attributes. * Complete obfuscation of the username. * Signing of sections of an identity or the complete identity. * Integrity of the whole realm. ** If a realm gets large it would be expensive to recursively check the integrity of every identity in the realm so instead maybe an individual entry should have it's own signature when written and a master index then signed to represent the presence of each identity.  The entries should likely be versioned with the version a part of the master index to prevent an older entry being swapped back in. As realms already exist the tool could have a utility added to take a clear text realm and convert. -- This message was sent by Atlassian Jira (v8.13.1#813001)