synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Veithen <andreas.veit...@gmail.com>
Subject Re: Supporting Multiple SSL Configurations at Sender
Date Mon, 20 Jul 2009 17:39:11 GMT
Indika,

What do you mean exactly by "enable to represent multiple identities
by synapse itself"?

Andreas

On Mon, Jul 20, 2009 at 18:49, indika kumara<indika.kuma@gmail.com> wrote:
> I am agree with asankha ,
>
> Requirement is to enable to represent multiple identities by synapse itself
> and also call to  external services whose  identities are different. For
> first requirement it may need to expose identities at proxy services level.
> For second requirement, it may need ability to specify and use multiple
> client certificates at endpoint level when calling different external
> services.
>
> Giving Multiple SSLContexts is the scalable solution. Specially, for the
> requirement one, using reactor will not be scalable.  Even for second
> requirement.
>
> But, it seems in the current IOreactor implementation it is only possible to
> be given one SSLContext (with IOEventDispatch).
>
> Seems like we need a new IOEventDispatch implementation that take Map of
> SSLContexts (or composite IOEventDispatch) and then within method,
>
> public void connected (final IOSession session)
>
> Based on information on IOSession session, pick the correct SSLContext.   I
> am not sure possibility of this, but Asankha or Oleg sure knows this.
>
> Thanks
> Indika
>
>
>>
>> I guess the real use case is the ability to use multiple identity
>> certificates when communicating out. A usual use case is that one
>> organization would need to use an identity certificate A when talking to
>> an
>> endpoint of Company A, and another identity certificate B when talking to
>> an
>> endpoint of Company B etc, when using 2-way SSL. This does not necessarily
>> require the support for multiple keystores, unless I have missed
>> something.
>>
>> I have not yet looked into details.. but I do not directly see the need
>> for
>> multiple IO reactors to support this.. but just multiple SSLContexts.
>>
>> cheers
>> asankha
>>
>> --
>> Asankha C. Perera
>> AdroitLogic, http://adroitlogic.org
>>
>> http://esbmagic.blogspot.com
>>
>>
>>
>>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@synapse.apache.org
For additional commands, e-mail: dev-help@synapse.apache.org


Mime
View raw message