source: TI12-security/trunk/python/conf/mapConfig.xml @ 737

Subversion URL:
Revision 737, 421 bytes checked in by pjkersha, 14 years ago (diff) fixed slight typo.

mapConfig.xml: added pubKey tag to allow client to Attribute Authority to use it to encrypt
outbound messages to it.

  • include code to set public key of Attribute Authority so that Session Manager can encrypt

messages to it.

  • -r/--req-autho option now requires the AA WSDL URI. -a is now used to set the AA pub key
  • see previous point.

  • Changed tag 'clntCert' to 'encrCert' so as to be consistent with code.

  • Moved encrypt/decrypt code here from AttAuthority? class to be consistent with


  • Now inherits from dict to allow convenient access to properties file parameters as dictionary


  • Added code to include pubKey tag from mapConfig file in trustedHostInfo returned from


output XML.

  • Shifted test code into separate file in Tests/


  • Added aaPubKey to reqAuthorisation method - see above re. passing AA public key for

encryption of messages.

  • Changes to comments.

private key info of client to allow encrypt of responses from other WSs that SessionMgr? calls.
These are actually passed into CredWallet? instance of UserSession?.

  • AA Public key is passed into reqAuthorisation. This is written to a temp file for use by

XMLSec encryption code.


  • CredWalletAuthorisationDenied? - make sure extAttCertList gets set to []
  • Added pub/private functionality for encryption of messages to and from Attribute Authorities.
  • reqAuthorisation and getAATrustedHostInfo methods - read in client public key using

straight open/read: using X509Cert.asString() misses out the actual MIME encoded cert text(!)

  • Changed reqAuthorisation() - a required role is now optional with mapFromTrustedHosts flag set.

It does help though with finding a suitable AttCert? for mapping.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
1<?xml version="1.0" encoding="utf-8"?>
3    <trusted name="BODC">
4        <wsdl>bodcAttAuthorityURI</wsdl>
5        <pubKey>bodcAttAuthorityPubKeyURI</pubKey>
6        <role remote="aBODCrole" local="aLocalRole"/>
7    </trusted>
8    <trusted name="escience">
9        <wsdl>eScienceAttAuthorityURI</wsdl>
10        <pubKey>eScienceAttAuthorityURI</pubKey>
11        <role remote="anEScienceRole" local="anotherLocalRole"/>
12    </trusted>
Note: See TracBrowser for help on using the repository browser.