tumstech / openid4java

Automatically exported from code.google.com/p/openid4java
Apache License 2.0
0 stars 0 forks source link

StatelessServerAssociationStore #193

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Right now OpenID4Java comes with two implementations for 
ServerAssociationStore, being the InMemoryServerAssociationStore and the 
JdbcServerAssociationStore. While these implementations work just fine for most 
deployments, they could pose some problems when there is a need for high 
scalability where you run multiple instances of your OP and you don't want the 
database to become a bottleneck.

For such deployments, a stateless implementation of the ServerAssociationStore 
could be interesting. Here all instances of ServerAssociationStore share an AES 
secret key. This secret key is used to encode all information of the 
association within the association handle itself. This way, multiple 
independent OP instances can work with the same associations, even without 
explicitly communicating them with each other (via database or some messaging 
system).

I've implemented such a StatelessServerAssociationStore as part of the eID IdP 
project. See also: http://code.google.com/p/eid-idp/source/detail?r=455

It would be interested if OpenID4Java provided a reference implementation of 
this mechanism.

Original issue reported on code.google.com by frank.co...@gmail.com on 25 Feb 2013 at 1:14

Attachments:

GoogleCodeExporter commented 9 years ago
Also included an optional HMAC for message integrity. Latest implementation 
available at: 
http://code.google.com/p/eid-idp/source/browse/trunk/eid-idp-protocol-openid/src
/main/java/be/fedict/eid/idp/protocol/openid/StatelessServerAssociationStore.jav
a

Original comment by frank.co...@gmail.com on 26 Feb 2013 at 1:04