Versions Compared

Old Version 26

changes.mady.by.user Anuj Garg

Saved on

compared with

New Version 27

changes.mady.by.user Farah Juma

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Contact(s) / potential mentors(s): Jean-Frederic Clere (jfclere AT redhat DOT com), George Zaronikas (gzaronik AT redhat DOT com)

WildFly Elytron: Adding Encryption to the Filesystem Security Realm

Summary of idea:

The WildFly Elytron project provides a set of APIs, SPIs, and implementation to the WildFly application server to provide the required security capabilities in an application server environment. WildFly Elytron was integrated back during the development of WildFly 11. We are now getting ready to make a WildFly Elytron based configuration the default within WildFly and are looking to define our new out of the box security policies.

One of the components provided by WildFly Elytron is a security realm used to store representations of identities and their credentials using the local filesystem. For our new policy, we are looking to make use of this security realm instead of the previous approach of using property files. A missing feature in the filesystem realm is the ability to securely encrypt the identities that are stored on the local filesystem. The purpose of this project is to work on the addition of this encryption support and related tasks required to make this available out of the box in WildFly.

A minimal level of support would be for a SecretKey to be provided to the filesystem realm as it is initialized. The level of encryption required will need to be determined. Different levels could have different policies. Some examples of things to consider include:

  • Encryption of credentials.
  • Encryption of attributes.
  • Complete obfuscation of the username.
  • Signing of sections of an identity or the complete identity.
  • Integrity of the whole realm.

Possible tasks for this project:

  • Research data at rest recommendations for user credentials and sensitive data.
  • Create a document that describes how you plan to approach the problem.
  • Implement the ability to securely encrypt identities that are stored in the filesystem security realm.
  • Implement appropriate test cases.
  • Write documentation.
  • Create a blog post that gives an overview of your project.
  • Add the ability for the WildFly Elytron Tool to take an existing clear text filesystem realm and convert it to an encrypted one.

Knowledge prerequisites:

  • Experience with Java
  • Git
  • Maven

Github repo: https://github.com/wildfly-security/wildfly-elytron

Elytron website: https://wildfly-security.github.io/wildfly-elytron

Elytron getting started guide: https://wildfly-security.github.io/wildfly-elytron/getting-started-for-developers

Skill level: Intermediate

Contact(s) / potential mentor(s): Darran Lofthouse (darran.lofthouse@redhat.com), Farah Juma (fjuma@redhat.com), and Diana Krepinska (dvilkola@redhat.com)

Associated JBoss community project(s): Elytron, WildFly