[omniORB] Access control

Gustavo Niemeyer niemeyer@conectiva.com
Wed Dec 4 18:42:00 2002


Hello everyone!

I'm going to ask what I belive to be a rather common question on
that list, so I'll try to be as pleasant as possible while doing
so. Since I had that in mind, I have already done an extensive research
in the web, and found no satisfactory results. Thus, I'm taking my last
chance here.

Here is what I found so far:

1) The right way to do that kind of control is using a Security Service.
   OTOH, there is no such service for omniORB, nobody is currently
   working on that, and no reasonable public implementation either
   (perhaps some Java implementation, but that wouldn't be enough for my
   needs).

2) From an old message on that list: "... omniORB 4 provides you with the
   means to insert and extract service contexts that are passed on the
   wire per request. The service context is the perfect place to carry
   Kerberos tickets. What you also need is per-thread storage to store
   the identity of the client. This is provided by the latest omnithread
   library that accommodates omniORB 4. ..."

3) CORBASEC FAQ is a good reference:
   http://cadse.cs.fiu.edu/corba/corbasec/faq/single-page/CORBASEC-FAQ.html

Thusly, my real questions are:

a) Can someone please point me to, or describe superficially, some
   common access control patterns used with omniORB currently?

b) Can someone please describe the "context" pattern (mentioned in [2])
   in more detail?

I belive that many systems out there do that, so I'd like to avoid
reiventing the wheel, and perhaps going through the same errors
all over again.

Hopefully, I belive that this thread will be useful to many listeners
subscribed, and many googlers in the future.

Thank you very much!

-- 
Gustavo Niemeyer

[ 2AAC 7928 0FBF 0299 5EB5  60E2 2253 B29A 6664 3A0C ]