< Previous by Date	Date Index	Next by Date >
	Thread Index

[reSIProcate] per-transport auth rules for repro

From: Daniel Pocock <daniel@xxxxxxxxxx>
Date: Fri, 24 Apr 2015 22:20:36 +0200


I've been thinking it may be useful to set different authentication
rules for each transport in the repro proxy.

Currently, the following options are only available globally:

DisableAuth
  - disables digest auth

EnableCertificateAuthenticator
  - enables checking from header against client/peer certs

WSCookieAuthSharedSecret
  - enables and requires a HMAC cookie on WebSockets


The only option available on a per-transport basis is:

Transport?TlsClientVerification = <'None'|'Optional'|'Mandatory'>


Per-transport settings may be useful for more precisely describing which
combination of auth methods are required on a given transport.  For
example, on a WebSocket (WS or WSS) transport you may want to insist
that any one of the three possible auth methods is used but it doesn't
matter which one.  On a regular TLS transport, you may want to specify
that either Digest or Cert is allowed and on another TLS transport you
may want to say it is Cert only.

It may look like this:

Transport1AuthSchemes = Cert, Digest

Or maybe it could be more elaborate like PAM in Linux

Has anybody else had any thoughts about this topic?

Prev by Date: [reSIProcate] [resiprocate] Update the Wants and After details for the reTurnServer service (#15)
Next by Date: Re: [reSIProcate] [resiprocate] Select HashMap implememnation based on libstdc++ version (#12)
Previous by thread: [reSIProcate] [resiprocate] Update the Wants and After details for the reTurnServer service (#15)
Next by thread: [reSIProcate] Need some help in Android.
Index(es):
- Date
- Thread