synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hiranya Jayathilaka <hiranya...@gmail.com>
Subject Re: Supporting Multiple SSL Configurations at Sender
Date Tue, 21 Jul 2009 04:12:00 GMT
Hi Indika,

On Mon, Jul 20, 2009 at 10:19 PM, indika kumara <indika.kuma@gmail.com>wrote:

> I am agree with asankha ,
>
> Requirement is to enable to represent multiple identities by synapse itself
> and also call to  external services whose  identities are different. For
> first requirement it may need to expose identities at proxy services level.
> For second requirement, it may need ability to specify and use multiple
> client certificates at endpoint level when calling different external
> services.
>
> Giving Multiple SSLContexts is the scalable solution. Specially, for the
> requirement one, using reactor will not be scalable.  Even for second
> requirement.
>
> But, it seems in the current IOreactor implementation it is only possible
> to be given one SSLContext (with IOEventDispatch).
>
> Seems like we need a new IOEventDispatch implementation that take Map of
> SSLContexts (or composite IOEventDispatch) and then within method,


+1 to this approach. I think this is the best possible solution if it's
doable.

Thanks,
Hiranya


>
>
> *public void connected (final IOSession session)*
>
> Based on information on IOSession session, pick the correct SSLContext.   I
> am not sure possibility of this, but Asankha or Oleg sure knows this.
>
> Thanks
> Indika
>
>
> >
> > I guess the real use case is the ability to use multiple identity
> > certificates when communicating out. A usual use case is that one
> > organization would need to use an identity certificate A when talking to
> an
> > endpoint of Company A, and another identity certificate B when talking to
> an
> > endpoint of Company B etc, when using 2-way SSL. This does not
> necessarily
> > require the support for multiple keystores, unless I have missed
> something.
> >
> > I have not yet looked into details.. but I do not directly see the need
> for
> > multiple IO reactors to support this.. but just multiple SSLContexts.
> >
> > cheers
> > asankha
> >
> > --
> > Asankha C. Perera
> > AdroitLogic, http://adroitlogic.org
> >
> > http://esbmagic.blogspot.com
> >
> >
> >
> >
>
>


-- 
Hiranya Jayathilaka
Software Engineer;
WSO2 Inc.;  http://wso2.org
E-mail: hiranya@wso2.com;  Mobile: +94 77 633 3491
Blog: http://techfeast-hiranya.blogspot.com

Mime
View raw message