synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From indika kumara <indika.k...@gmail.com>
Subject Re: Supporting Multiple SSL Configurations at Sender
Date Mon, 20 Jul 2009 17:45:35 GMT
Same thing being done by multiple external services from different
administration domains. When we proxy these services, there may be
requirement for someone to have same capabilities in proxy service level -
visualize as services from multiple administration domains.

Indika

On Mon, Jul 20, 2009 at 11:09 PM, Andreas Veithen <andreas.veithen@gmail.com
> wrote:

> Indika,
>
> What do you mean exactly by "enable to represent multiple identities
> by synapse itself"?
>
> Andreas
>
> On Mon, Jul 20, 2009 at 18:49, indika kumara<indika.kuma@gmail.com> wrote:
> > I am agree with asankha ,
> >
> > Requirement is to enable to represent multiple identities by synapse
> itself
> > and also call to  external services whose  identities are different. For
> > first requirement it may need to expose identities at proxy services
> level.
> > For second requirement, it may need ability to specify and use multiple
> > client certificates at endpoint level when calling different external
> > services.
> >
> > Giving Multiple SSLContexts is the scalable solution. Specially, for the
> > requirement one, using reactor will not be scalable.  Even for second
> > requirement.
> >
> > But, it seems in the current IOreactor implementation it is only possible
> to
> > be given one SSLContext (with IOEventDispatch).
> >
> > Seems like we need a new IOEventDispatch implementation that take Map of
> > SSLContexts (or composite IOEventDispatch) and then within method,
> >
> > public void connected (final IOSession session)
> >
> > Based on information on IOSession session, pick the correct SSLContext.
> I
> > am not sure possibility of this, but Asankha or Oleg sure knows this.
> >
> > Thanks
> > Indika
> >
> >
> >>
> >> I guess the real use case is the ability to use multiple identity
> >> certificates when communicating out. A usual use case is that one
> >> organization would need to use an identity certificate A when talking to
> >> an
> >> endpoint of Company A, and another identity certificate B when talking
> to
> >> an
> >> endpoint of Company B etc, when using 2-way SSL. This does not
> necessarily
> >> require the support for multiple keystores, unless I have missed
> >> something.
> >>
> >> I have not yet looked into details.. but I do not directly see the need
> >> for
> >> multiple IO reactors to support this.. but just multiple SSLContexts.
> >>
> >> cheers
> >> asankha
> >>
> >> --
> >> Asankha C. Perera
> >> AdroitLogic, http://adroitlogic.org
> >>
> >> http://esbmagic.blogspot.com
> >>
> >>
> >>
> >>
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@synapse.apache.org
> For additional commands, e-mail: dev-help@synapse.apache.org
>
>

Mime
View raw message