Darran Lofthouse created ELY-2078:
Summary: Add encryption and integrity support to FileSystemSecurityRealm
Project: WildFly Elytron
Issue Type: Feature Request
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: 2.0.0.Alpha10
A minimal level of support would be for a SecretKey to be provided to the realm as it is
We should consider the level of encryption required and different levels could have
* Encryption of credentials.
* Encryption of attributes.
* Complete obfuscation of the username.
* Signing of sections of an identity or the complete identity.
* Integrity of the whole realm.
** If a realm gets large it would be expensive to recursively check the integrity of
every identity in the realm so instead maybe an individual entry should have it's own
signature when written and a master index then signed to represent the presence of each
identity. The entries should likely be versioned with the version a part of the master
index to prevent an older entry being swapped back in.
As realms already exist the tool could have a utility added to take a clear text realm and
This message was sent by Atlassian Jira