[jboss-jira] [JBoss JIRA] (ELY-1257) Remove credentials key-pair and public-key-pem from Elytron client configuration file

Farah Juma (JIRA) issues at jboss.org
Tue Sep 12 17:01:01 EDT 2017 

     [ https://issues.jboss.org/browse/ELY-1257?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Farah Juma resolved ELY-1257.
-----------------------------
    Resolution: Rejected


Resolving this issue since the corresponding JBEAP issue was rejected (it was decided that key-pair and public-key-pem didn't need to be removed). 

> Remove credentials key-pair and public-key-pem from Elytron client configuration file
> -------------------------------------------------------------------------------------
>
>                 Key: ELY-1257
>                 URL: https://issues.jboss.org/browse/ELY-1257
>             Project: WildFly Elytron
>          Issue Type: Bug
>    Affects Versions: 1.1.0.Beta52
>            Reporter: Ondrej Lukas
>            Priority: Critical
>
> Based on following discussion with [~dmlloyd]:
> {quote}
> > - key-pair - what is the reason for this credential element? How it can be used?
> This is for key-based authentication mechanisms, like SSH.  We're also 
> developing a key-based SASL mechanism [1] that will hopefully make some 
> progress in the next quarter (and is open to contribution from all).
> > - public-key-pem - I do not understand reason of this credentials on client side. I would be able to understand private-key-pem. Is this element correct or should be removed?
> A public key could be used for the purposes of server verification.  We 
> don't yet have a way to establish a means to authenticate servers 
> though, other than using a trust store; this is something that will 
> probably be developed in conjunction with [1].
> [1] https://github.com/dmlloyd/pk-rfc
> {quote}
> we suggest to remove {{key-pair}} and {{public-key-pem}} from {{configuration.authentication-client.authentication-configurations.configuration.credentials}} in Elytron client configuration file. We can introduce those credentials once it will be implemented. Provided credentials for mechanisms which are currently not supported in Elytron can be confusing and can result in incorrect client configuration.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list