[omniORB] Access control
Gustavo Niemeyer
niemeyer@conectiva.com
Wed Dec 4 18:42:00 2002
Hello everyone!
I'm going to ask what I belive to be a rather common question on
that list, so I'll try to be as pleasant as possible while doing
so. Since I had that in mind, I have already done an extensive research
in the web, and found no satisfactory results. Thus, I'm taking my last
chance here.
Here is what I found so far:
1) The right way to do that kind of control is using a Security Service.
OTOH, there is no such service for omniORB, nobody is currently
working on that, and no reasonable public implementation either
(perhaps some Java implementation, but that wouldn't be enough for my
needs).
2) From an old message on that list: "... omniORB 4 provides you with the
means to insert and extract service contexts that are passed on the
wire per request. The service context is the perfect place to carry
Kerberos tickets. What you also need is per-thread storage to store
the identity of the client. This is provided by the latest omnithread
library that accommodates omniORB 4. ..."
3) CORBASEC FAQ is a good reference:
http://cadse.cs.fiu.edu/corba/corbasec/faq/single-page/CORBASEC-FAQ.html
Thusly, my real questions are:
a) Can someone please point me to, or describe superficially, some
common access control patterns used with omniORB currently?
b) Can someone please describe the "context" pattern (mentioned in [2])
in more detail?
I belive that many systems out there do that, so I'd like to avoid
reiventing the wheel, and perhaps going through the same errors
all over again.
Hopefully, I belive that this thread will be useful to many listeners
subscribed, and many googlers in the future.
Thank you very much!
--
Gustavo Niemeyer
[ 2AAC 7928 0FBF 0299 5EB5 60E2 2253 B29A 6664 3A0C ]