SEC 1.4 NO IDEA Avatar
  1. OMG Issue

SEC14 — Security: Need to complete SecurityReplaceable

  • Key: SEC14-43
  • Legacy Issue Number: 2958
  • Status: open  
  • Source: Syracuse University ( Polar Humenn)
  • Summary:

    The Security Replaceablity interfaces are deficient in the aspect of
    creating the correct components for the IIOP profile of the IOR for the
    specified credentials.

    The Vault::init_security_context, takes a parameter, mech_data, which is
    the data component of the tagged component that was selected by the ORB
    from the IOR for which the mechanism that was used in starting the secure
    association.

    However, analogously on the accepting side, there is no way to create a
    tagged component for use in the IOR! Adding functionality to the vault
    will complete the security replaceablity and fill this hole.

    I suggest to add the following definitions to Security Replaceable.

    #include <IOP.idl>

    typedef sequence<IOP:TaggedComponent> TaggedComponentList;

    interface Vault

    { TaggedComponentList create_iiop_components( in SecurityLevel2::CredentialsList creds_list ); }

    ;

    The Vault produces the correct IOP tagged components for the set of
    credentials specified that will be placed in the IIOP profile.

    There is no definite 1 to 1 correlation between the credentials in the
    given list and the tagged components generated. The vault may determine
    that some credentials are redundant, irrelevant, or take precedence over
    other credentials.

  • Reported: SEC 1.4 — Tue, 26 Oct 1999 04:00 GMT
  • Updated: Fri, 6 Mar 2015 20:58 GMT