[omniORB] IIOP Security (SSL)
Sai-Lai Lo
S.Lo@uk.research.att.com
10 May 1999 12:45:25 +0100
On the subject of IIOP over SSL, I think Eric Dumas solution of tunnelling
through HTTP/SSL is a satisfactory solution while we stay with GIOP 1.0.
My plan is to add GIOP 1.1 and 1.2 support in the next couple of months.
The target is to have a beta in mid-July and a release shortly afterwards.
(I probably would regret putting this on the record on this mail list :-))
The nice things GIOP 1.2 give you are:
1. properly incorporate SSL into the protocol framework
2. Being able to do callback from behind a firewall using the same
connection the client comes in.
3. Hooks in place to interoperate with GIOP proxy on the firewall.
On the subject of hooking up to a security service more sophisticated than
SSL, and interceptors:
I don't like it but we'll do interceptors at some stage.
I have not spent enough time to keep up with the security service
revisions. Could someone in the know tell me whether there is now
a way of hooking up a security mechanism (say Kerberos) that every ORB
implementation will abide to? If not, I may just go for something that will
interoperate with ILU.
Sai-Lai
--
Sai-Lai Lo S.Lo@uk.research.att.com
AT&T Laboratories Cambridge WWW: http://www.uk.research.att.com
24a Trumpington Street Tel: +44 223 343000
Cambridge CB2 1QA Fax: +44 223 313542
ENGLAND