You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@syncope.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2014/06/12 13:37:02 UTC

[jira] [Commented] (SYNCOPE-270) Encrypted schema

    [ https://issues.apache.org/jira/browse/SYNCOPE-270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14029058#comment-14029058 ] 

ASF subversion and git services commented on SYNCOPE-270:
---------------------------------------------------------

Commit 1602129 from [~ilgrosso] in branch 'syncope/trunk'
[ https://svn.apache.org/r1602129 ]

[SYNCOPE-270] Implementation provided

> Encrypted schema
> ----------------
>
>                 Key: SYNCOPE-270
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-270
>             Project: Syncope
>          Issue Type: New Feature
>            Reporter: Francesco Chicchiriccò
>            Assignee: Francesco Chicchiriccò
>             Fix For: 1.2.0
>
>
> 1. Main purpose: store some arbitrary string values encrypted in the database; this can be enforced by law, for example.
> 2. When defining an encrypted schema, you must provide the cypher  algorithm to be used and a passphrase.
> Such passphrase will be stored by Syncope as encrypted with an internal key (more or less like we are already doing with user passwords).
> 3. When creating an attribute with such schema, the value(s) will be automatically encrypted by Syncope using the provided algorithm and passphrase.
> 4. When reading an attribute with such schema (e.g. contained in an AttributeTO), the value(s) will be sent encrypted.
> Only who knows the algorithm and the passphrase will be able to decrypt.
> Moreover, you can think to make the admin console able to show such attribute value(s) as encrypted by default and to decrypt them on demand after asking for algorithm and passphase.
> 5. When propagating / synchronizing attribute with such schema, GuardedString will be used, not String.
> 6. When changing algorithm or passpshase of an existing schema, new values will be encrypted with these, old values will remain as they are. 
> Naturally, one can provide an update procedure.
> [1] http://markmail.org/message/rg7ryeknkrzae4xj



--
This message was sent by Atlassian JIRA
(v6.2#6252)