[jboss-jira] [JBoss JIRA] (JGRP-1883) Extend SASL protocol to handle Quality of Protection

Richard Achmatowicz (JIRA) issues at jboss.org
Fri Sep 26 11:02:02 EDT 2014 

    [ https://issues.jboss.org/browse/JGRP-1883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13006532#comment-13006532 ] 

Richard Achmatowicz commented on JGRP-1883:
-------------------------------------------

I intended "ENCRYPT is basically SSL/TLS for JGroups" to me in terms of its overall function, as an encryption/authentication layer based on certificates, not in terms of how it is implemented. 

I agree that my argument sounds like marketing, although in my defence, I do at least refer to committing to and adhering to a standard which may be a benefit to users who are familiar with using SASL for configuring security in non-clustering cases. You are right: there is no technical reason why we cannot say JGroups supports SASL authentication and use a separate ENCRYPT layer for integrity and confidentiality. Just as there is no technical reason why JGroups needs to support SASL at all, given that there are better, more flexible mechanisms at your disposal in the form of AUTH and ENCRYPT which are better tailored for the needs of group communication. Maybe the single advantage of SASL is that someone else (the Sasl provider) is responsible for keeping the implementation up to date.

I'll close the issue - there doesn't seem to be a lot in it.






> Extend SASL protocol to handle Quality of Protection 
> -----------------------------------------------------
>
>                 Key: JGRP-1883
>                 URL: https://issues.jboss.org/browse/JGRP-1883
>             Project: JGroups
>          Issue Type: Feature Request
>    Affects Versions: 3.5
>            Reporter: Richard Achmatowicz
>            Assignee: Bela Ban
>             Fix For: 3.6
>
>
> SASL implementations generally provide authentication and encryption services to communication protocols.
> At present, the JGroups SASL protocol layer handles only authentication of a client joining a group; it does not support encryption of messages (unicast and multicast) passing through the SASL layer. This is presently handled by the separate ENCRYPT layer.
> It would be nice to provide an integrated and complete solution for authentication and encryption for JGroups based on SASL. This could be achieved by adding functionality from ENCRYPT to the SASL layer. 



--
This message was sent by Atlassian JIRA
(v6.3.1#6329)

More information about the jboss-jira mailing list