[omniORB] IIOP Security (SSL)

Sai-Lai Lo S.Lo@uk.research.att.com
10 May 1999 12:45:25 +0100


On the subject of IIOP over SSL, I think Eric Dumas solution of tunnelling 
through HTTP/SSL is a satisfactory solution while we stay with GIOP 1.0.

My plan is to add  GIOP 1.1 and 1.2 support in the next couple of months.
The target is to have a beta in mid-July and a release shortly afterwards.
(I probably would regret putting this on the record on this mail list :-))

The nice things GIOP 1.2 give you are:
1. properly incorporate SSL into the protocol framework
2. Being able to do callback from behind a firewall using the same
   connection the client comes in.
3. Hooks in place to interoperate with GIOP proxy on the firewall.

On the subject of hooking up to a security service more sophisticated than
SSL, and interceptors:

I don't like it but we'll do interceptors at some stage.
I have not spent enough time to keep up with the security service
revisions. Could someone in the know tell me whether there is now
a way of hooking up a security mechanism (say Kerberos) that every ORB
implementation will abide to? If not, I may just go for something that will
interoperate with ILU. 

Sai-Lai

-- 
Sai-Lai Lo                                   S.Lo@uk.research.att.com
AT&T Laboratories Cambridge           WWW:   http://www.uk.research.att.com 
24a Trumpington Street                Tel:   +44 223 343000
Cambridge CB2 1QA                     Fax:   +44 223 313542
ENGLAND