Resources for IT Professionals > Forums Home > Identity Management Forums > Identity Lifecycle Manager 2 > Integrity assurance (signature) and confidentiality (encryption) for mails sent by the FIM-service

Integrity assurance (signature) and confidentiality (encryption) for mails sent by the FIM-service

Wednesday, February 10, 2010 10:06 AMM-M-F

0
Sign In to Vote
Hi all,

I was wondering how you could implement an mechanism to ensure the integrity of the mails the FIM-service sends. As you all know,
quite important workflows may rely on mails and approvals, and a manipulation could lead to ramifications, that are more or less severe.

My first thought was - give the ILM service account a certificate from the internal CA (I think it already has one) and let's sign those mails.
Also, there may be sensitive information inside those mails. Let's encrypt the content for that too.

But I really don't exactly know whats going on behind the surface. As it's not an Exchange issue, how could I implement this?

Thanks for your advice,

Kind regards,

MMF
- Reply
- Quote

Answers

Thursday, February 18, 2010 6:26 PMJoe SchulmanMSFT

1
Sign In to Vote
The FIM service today requires that all mail be Kerberos authenticated by Exchange. It does not accept mail from any non-trusted source. Beyond the kerberos authentication, it is not possible to use digitally signed mail.
- Marked As Answer byMarkus VilcinskasMSFT, ModeratorThursday, February 18, 2010 7:06 PM
- Reply
- Quote

All Replies

Thursday, February 18, 2010 6:26 PMJoe SchulmanMSFT

1
Sign In to Vote
The FIM service today requires that all mail be Kerberos authenticated by Exchange. It does not accept mail from any non-trusted source. Beyond the kerberos authentication, it is not possible to use digitally signed mail.
- Marked As Answer byMarkus VilcinskasMSFT, ModeratorThursday, February 18, 2010 7:06 PM
- Reply
- Quote

Need Help with Forums? (FAQ)