synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Asankha C. Perera" <asan...@apache.org>
Subject Re: Supporting Multiple SSL Configurations at Sender
Date Mon, 20 Jul 2009 14:25:11 GMT
Hiranya Jayathilaka wrote:
> On Mon, Jul 20, 2009 at 6:34 PM, Andreas Veithen
> <andreas.veithen@gmail.com <mailto:andreas.veithen@gmail.com>> wrote:
>
>     Hiranya,
>
>     Before discussing the implementation, could you please explain the
>     use case?
>
>
> I have posted a link to a forum discussion in SYNASPE-563. You can get
> a rough idea of the requirement by going through the discussion there.
>
> In short this is the usecase we are trying to support. Lets say a user
> wants to proxy a set of web services using Synapse. Each web service
> is exposed over HTTPS and hence all the endpoint definitions in the
> Synapse config will be https endpoints. Instead of using a single key
> store to connect to each https endpoint we want to use different key
> stores. My proposal is a mechanism to select keystores at endpoint level.
>
Hiranya

I guess the real use case is the ability to use multiple identity
certificates when communicating out. A usual use case is that one
organization would need to use an identity certificate A when talking to
an endpoint of Company A, and another identity certificate B when
talking to an endpoint of Company B etc, when using 2-way SSL. This does
not necessarily require the support for multiple keystores, unless I
have missed something.

I have not yet looked into details.. but I do not directly see the need
for multiple IO reactors to support this.. but just multiple SSLContexts.

cheers
asankha

-- 
Asankha C. Perera
AdroitLogic, http://adroitlogic.org

http://esbmagic.blogspot.com




Mime
View raw message