[omniORB] Re: IIOP Secure Communications

Sai-Lai Lo S.Lo@uk.research.att.com
03 Feb 2000 11:53:22 +0000


Thomas,

I just posted a message to the mailing list regarding the current status of
the GIOP 1.2 implementation so I won't repeat here.

SSL support is near the top of my list and I hope to do some SSL work this
month.

My concern is not that we cannot add SSL support but whether our
implementation can interoperate with another ORB.

I have no idea what capabilities the ORB in JDK 2 has. If it supports GIOP
1.2 and supports SSL, then we have a better chance to interoperate successfully.
Could you see if you can find out more on this issue?

It is rather depressing that after all these years we still have no sure way to
interoperate among different ORBs securely. I can do secure comms with
omniORB but both clients and servers have to be omniORB. The HTTP
tunnelling work done by tumbleweed serves the purpose but only works when
both the client and the server runs omniORB. The picture is pretty much the
same when you look at other ORBs.

Sai-Lai



> I am curently using omniORB 2.6.1 and will now migrate my servers to 2.8.0.
> They all run on NT and I need some time to get the environment ready to
> automatically check-out with CVS and just compile. 

> Now I have the problem, that my server deals with sensitive data which
> should only pass the wire in an encrypted manner. The problem is, that the
> clients are written in Java using idltojava which comes with JDK 2. With
> 2.6.1 just as it was released from you (without SSL) this all works fine. I
> have no Idea whether the SSL solution of Eric Dumas would work together with
> Java. Another idea is to use GSS instead of SSL, but I fear this would
> require native methods on the Java side. On the other hand I don't know how
> far you are with GIOP 1.2 and if this would help solving my problem. If I
> remember it correctly this is scheduled for omniORB 3, is it?

> I would be very grateful to you if you could inform me about the current
> status of GIOP 1.2 and what could be a possible solution to add encrypted
> communication to omniORB keeping in mind that the clients are written in
> Java (application and servlets).



-- 
Sai-Lai Lo                                   S.Lo@uk.research.att.com
AT&T Laboratories Cambridge           WWW:   http://www.uk.research.att.com 
24a Trumpington Street                Tel:   +44 1223 343000
Cambridge CB2 1QA                     Fax:   +44 1223 313542
ENGLAND