You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Ganesh Murthy (JIRA)" <ji...@apache.org> on 2016/04/15 19:08:25 UTC

[jira] [Commented] (DISPATCH-204) Identity mapping from X.509 certificate data to a descriptive nickname

    [ https://issues.apache.org/jira/browse/DISPATCH-204?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15243235#comment-15243235 ] 

Ganesh Murthy commented on DISPATCH-204:
----------------------------------------

This was fixed as part of the checkin for DISPATCH-200

> Identity mapping from X.509 certificate data to a descriptive nickname
> ----------------------------------------------------------------------
>
>                 Key: DISPATCH-204
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-204
>             Project: Qpid Dispatch
>          Issue Type: New Feature
>          Components: Container
>            Reporter: Ted Ross
>            Assignee: Ganesh Murthy
>             Fix For: 0.7
>
>
> This is an enhancement for the feature introduced in DISPATCH-200 (Flexible mapping from x.509 certificates to an identity).
> There are cases in which the best identifier for a client certificate is the fingerprint.  Since the fingerprint is not very user/operator-friendly, it is useful to provide a facility to map the DISPATCH-200 identifier to a more people-friendly nickname.
> The mappings shall be held in a persistent store (a json-file in the config directory would be a good start).  The only available management operation on this data set shall be to reload the data file, presumably with updated mappings.  It would be a potential security vulnerability to provide direct management access to the content of the mapping.
> The identities that come from the mappings (i.e. the nicknames) shall be used to annotate the AMQP connections (for management visibility) and to index into the access/resource policy for each connection.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org