You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by "Francesco Chicchiriccò (Jira)" <ji...@apache.org> on 2019/11/12 15:57:00 UTC
[jira] [Assigned] (SYNCOPE-1510) Allow to store encrypted schema's
secret key externally
[ https://issues.apache.org/jira/browse/SYNCOPE-1510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Francesco Chicchiriccò reassigned SYNCOPE-1510:
-----------------------------------------------
Assignee: Francesco Chicchiriccò
> Allow to store encrypted schema's secret key externally
> -------------------------------------------------------
>
> Key: SYNCOPE-1510
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1510
> Project: Syncope
> Issue Type: Improvement
> Components: console, core, enduser
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Priority: Major
> Fix For: 2.1.6, 3.0.0
>
>
> Encrypted plain schema's secret key is used to encrypt the related attribute values.
> Currently, such key is stored alongside with other plain schema's definition items, as cipher algorithm for example.
> While functional, such approach breaks some security compliance rules, as (1) algorithm (2) secret key and (3) encrypted value are all in the same place (Syncope's internal storage).
> We should introduce the possibility to store at least the secret key in another place.
> Moreover, we could also consider, in the schema definition, a conversion pattern which allows, when set, to decrypt the values (if algorithm is compatible) for REST access; among other use cases, this would allow to transparently edit via Admin Console / Enduser UI the related attributes.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)