[omniORB] Periodic OmniORB & Security Service inquiry

Rudolf Schreiner ras@objectsecurity.com
Mon, 12 Mar 2001 17:44:57 +0100 (CET)


On Mon, 12 Mar 2001, Sai-Lai Lo wrote:

> The security service spec. is a big beast with various holes in the spec
> that makes interoperability very difficult.

Interoperability should be no problem, I think we all are willing to do
some tests and adapt the code, if necessary. 
We are not commercial vendors...

The spec is indeed a big beast with lots of "issues", but with some
modifications it should do the job. Esp. we are quite optimistic that
domain based security enforcement solves the evil MDI problem. 
 
> A company www.objectsecurity.com seems to have an implementation of a
> subset of the spec. on top of MICO. 

Currently the free implementation does L2 authentication, message
protection and simple auditing. The internal research version also
supports object domain mapping. Domain based access control and auditing
should be finished in May.

> If you are to do something about
> security, it may worth your while to contact them for the source code and
> see how portable it is to be useful on omniORB. 

It should be quite portable. Our implementation mainly reuses MICO's SSL
with just a couple of interfaces. Setting SSL policies could be tricky. 

> I believe they intend to
> release their source under LGPL.

Yep.
If somebody wants the code just send me a mail.

Cheers,
Rudi
------------------------------------------------------------------------
Rudolf Schreiner, CTO, ObjectSecurity Ltd.
St John's Innovation Centre, Cowley Rd., Cambridge CB4 0WS
Tel. +44 1223 420252, Fax. +44 1223 420844 
ras@objectsecurity.com, www.objectsecurity.com
------------------------------------------------------------------------