ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Kulp (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WSS-339) OCSP support
Date Thu, 16 Feb 2012 01:22:59 GMT

    [ https://issues.apache.org/jira/browse/WSS-339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13209042#comment-13209042
] 

Daniel Kulp commented on WSS-339:
---------------------------------


I agree with Colm on both issues.   These end up being global settings, not per request or
per application settings.   Thus, we should not be presenting even an illusion of them being
per application or it creates a lot of extra confusion.  

They create an app that turns this setting on and expect it to run.   Another application
gets deployed into the container (osgi container, tomcat, whatever....) that then turns if
off.   Suddenly, the first app, due to nothing that it did, is no longer meeting the security
requirements that it was expecting.  

So I disagree with configuring System properties or Security properties from contexts that
are supposed to be per service or per request which is pretty much what Colm was trying to
get at.   

                
> OCSP support
> ------------
>
>                 Key: WSS-339
>                 URL: https://issues.apache.org/jira/browse/WSS-339
>             Project: WSS4J
>          Issue Type: Improvement
>            Reporter: Freeman Fang
>            Assignee: Colm O hEigeartaigh
>         Attachments: WSS-339.patch
>
>
> currently WSS4J already support CRL for revocation check, it would be better that we
can also support OCSP through WSS4J configuration.
> Though we can set ocsp.enable property in $JAVA_HOME/jre/lib/security/java.security to
enable OCSP but it's effect JVM wide, I'd like to introduce a property in WSHandlerConstants
like enableOCSP which can trigger code like
> Security.setProperty("ocsp.enable", enableOCSP);
> This should be similar with the property enableRevocation,  the logic is
> if (enableRevocation && enableOCSP) {
>     //use OCSP to do revocation check.
> }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message