You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2014/06/12 13:37:02 UTC
[jira] [Commented] (SYNCOPE-270) Encrypted schema
[ https://issues.apache.org/jira/browse/SYNCOPE-270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14029058#comment-14029058 ]
ASF subversion and git services commented on SYNCOPE-270:
---------------------------------------------------------
Commit 1602129 from [~ilgrosso] in branch 'syncope/trunk'
[ https://svn.apache.org/r1602129 ]
[SYNCOPE-270] Implementation provided
> Encrypted schema
> ----------------
>
> Key: SYNCOPE-270
> URL: https://issues.apache.org/jira/browse/SYNCOPE-270
> Project: Syncope
> Issue Type: New Feature
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Fix For: 1.2.0
>
>
> 1. Main purpose: store some arbitrary string values encrypted in the database; this can be enforced by law, for example.
> 2. When defining an encrypted schema, you must provide the cypher algorithm to be used and a passphrase.
> Such passphrase will be stored by Syncope as encrypted with an internal key (more or less like we are already doing with user passwords).
> 3. When creating an attribute with such schema, the value(s) will be automatically encrypted by Syncope using the provided algorithm and passphrase.
> 4. When reading an attribute with such schema (e.g. contained in an AttributeTO), the value(s) will be sent encrypted.
> Only who knows the algorithm and the passphrase will be able to decrypt.
> Moreover, you can think to make the admin console able to show such attribute value(s) as encrypted by default and to decrypt them on demand after asking for algorithm and passphase.
> 5. When propagating / synchronizing attribute with such schema, GuardedString will be used, not String.
> 6. When changing algorithm or passpshase of an existing schema, new values will be encrypted with these, old values will remain as they are.
> Naturally, one can provide an update procedure.
> [1] http://markmail.org/message/rg7ryeknkrzae4xj
--
This message was sent by Atlassian JIRA
(v6.2#6252)