[omniORB] Periodic OmniORB & Security Service inquiry

Sai-Lai Lo S.Lo@uk.research.att.com
12 Mar 2001 15:54:40 +0000


David,

Here is the status update.

For the past couple of months, I've been doing a major rewrite of the
transport/GIOP engine in omniORB 4, which will be the next major omniORB
release. I actually had the various transport and giop version extensions
done by extending the original code but in doing so the internal APIs became
very awkward. In the end, it made sense to me to bite the bullet to come
up with a cleaner design.

In the next few weeks I'll check-in most of my changes to the cvs (under
the omni4_0_develop branch). SSL is one of the transport that the new code
supports. You are welcome to give it a try when it is ready.

Even though SSL is supported, I have not added the facility to do client
and server side authentication. However, this should be doable mostly by
passing GIOP service contexts. There are interceptors available to do that.

The interceptors are omniORB specific. There is no plan at this stage to
implement the portable interceptor spec. If you are willing to contribute
an implementation of the portable interceptor, please email me so that I
can give you some pointers as to where to start.

In terms of time scale, omniORB 4 has a fair bit of new code and I would
give it a few months to be feature complete and stable.

The security service spec. is a big beast with various holes in the spec
that makes interoperability very difficult.

A company www.objectsecurity.com seems to have an implementation of a
subset of the spec. on top of MICO. If you are to do something about
security, it may worth your while to contact them for the source code and
see how portable it is to be useful on omniORB. I believe they intend to
release their source under LGPL.

Sai-Lai


>>>>> david fox writes:

> Someone I work with has been building a distributed application using
> omniORB, and I've been asked to look at adding user authentication and
> access control to the prototype. I'm new to Corba, but I see that the
> "Corba Security Service" specification looks like there will some day be
> a useful standardized framework for doing things just like this.

> In searching the omniORB mailing list archives, it looks like someone
> pops up every couple years to ask about the security service, and so now
> it's my turn.

> Has anyone been working on security service related issues since the last
> mention I see on the list in November 1999?

> Is anyone working on adding Interceptor support, which seems to be useful
> (if not quite necessary, apparently) for implementing the security
> service?

> How about IIOP over SSL changes? I see some messages from June 2000 that
> seem to suggest that several people were working on (or thinking of
> working on) adding IIOP over SSL support. Did anything come of that?






-- 
Sai-Lai Lo                                   S.Lo@uk.research.att.com
AT&T Laboratories Cambridge           WWW:   http://www.uk.research.att.com 
24a Trumpington Street                Tel:   +44 1223 343000
Cambridge CB2 1QA                     Fax:   +44 1223 313542
ENGLAND