${taskforce.name} Avatar
  1. OMG Task Force

Security 1.2 RTF — Closed Issues

  • Key: SEC12
  • Issues Count: 64
Open Closed All
Issues resolved by a task force and approved by Board

Issues Summary

Key Issue Reported Fixed Disposition Status
SEC12-64 Credentials in Security rev 1.2 are inconsistent SEC 1.1 SEC 1.2 Duplicate or Merged closed
SEC12-63 Service Context ID Assignment (scenario 2) SEC 1.1 SEC 1.2 Duplicate or Merged closed
SEC12-62 Service Context ID Assignment (scenario 1) SEC 1.1 SEC 1.2 Duplicate or Merged closed
SEC12-61 SecurityLevel2::Object SEC 1.1 SEC 1.2 Duplicate or Merged closed
SEC12-60 Current object question SEC 1.1 SEC 1.2 Duplicate or Merged closed
SEC12-59 Message Level Interceptors SEC 1.1 SEC 1.2 Duplicate or Merged closed
SEC12-58 Tag value of TAG_SSL_SEC_TRANS SEC 1.1 SEC 1.2 Resolved closed
SEC12-57 Typo on page 6 of SSL spec (orbos/97-02-04) SEC 1.1 SEC 1.2 Resolved closed
SEC12-56 Current and get_current() SEC 1.1 SEC 1.2 Resolved closed
SEC12-55 DomainAccessPolicy incorrectly inherits from CORBA SEC 1.1 SEC 1.2 Resolved closed
SEC12-53 What does "-" mean in "corba::-g"? SEC 1.1 SEC 1.2 Resolved closed
SEC12-54 Initiator is undefined on pg 145 SEC 1.1 SEC 1.2 Resolved closed
SEC12-48 Missing explanation of the use of MessageInContext message SEC 1.1 SEC 1.2 Resolved closed
SEC12-52 get_domain_policy SEC 1.1 SEC 1.2 Resolved closed
SEC12-49 Is enum EvidenceType intended to be a complete list? SEC 1.1 SEC 1.2 Resolved closed
SEC12-51 AssociationOption SEC 1.1 SEC 1.2 Resolved closed
SEC12-50 Definition of identity domains confusing SEC 1.1 SEC 1.2 Resolved closed
SEC12-46 Improve description of secure invocation policy rationalization SEC 1.1 SEC 1.2 Resolved closed
SEC12-45 CORBASEC IDL files in Appendix A SEC 1.1 SEC 1.2 Resolved closed
SEC12-47 Definition of MessageInContext needs to be cleared SEC 1.1 SEC 1.2 Resolved closed
SEC12-40 Problems related to "local constrainedness" of Cresentials (2) SEC 1.1 SEC 1.2 Resolved closed
SEC12-38 Const declarations missing for audit event types? SEC 1.1 SEC 1.2 Resolved closed
SEC12-43 SSL/CORBA-How does client choose to use SSL? SEC 1.1 SEC 1.2 Resolved closed
SEC12-42 Exceptions to be thrown by (administrative) operations SEC 1.1 SEC 1.2 Resolved closed
SEC12-44 Object side-effect semantics SEC 1.1 SEC 1.2 Resolved closed
SEC12-39 Problems related to "locally constrained" of Credentials (1) SEC 1.1 SEC 1.2 Resolved closed
SEC12-41 DomainAccessPolicy operation question SEC 1.1 SEC 1.2 Resolved closed
SEC12-24 What does get_audit_selectors return? SEC 1.1 SEC 1.2 Resolved closed
SEC12-23 What if there are no attribute mappings in a policy? SEC 1.1 SEC 1.2 Resolved closed
SEC12-16 make_domain_manager issue SEC 1.1 SEC 1.2 Resolved closed
SEC12-15 Use of NoDelegation is inconsistent with terms used on p 44 SEC 1.1 SEC 1.2 Resolved closed
SEC12-21 Current object needs further specification SEC 1.1 SEC 1.2 Resolved closed
SEC12-20 Editorial change SEC 1.1 SEC 1.2 Resolved closed
SEC12-22 How do add/delete RequiredRights interface entries? SEC 1.1 SEC 1.2 Resolved closed
SEC12-26 Credentials object underspecified SEC 1.1 SEC 1.2 Resolved closed
SEC12-25 SecurityLevel2::Object needs further specification SEC 1.1 SEC 1.2 Resolved closed
SEC12-18 Capabilities is under defined SEC 1.1 SEC 1.2 Resolved closed
SEC12-17 What does DetectMisordering mean for a multithreaded process? SEC 1.1 SEC 1.2 Resolved closed
SEC12-19 User Sponsor section should be rewritten SEC 1.1 SEC 1.2 Resolved closed
SEC12-1 Message Level interceptors SEC 1.1 SEC 1.2 Resolved closed
SEC12-33 Constant values for ServiceOptions (Section B.9.1) SEC 1.1 SEC 1.2 Resolved closed
SEC12-32 SSL Protocol SEC 1.1 SEC 1.2 Resolved closed
SEC12-36 Policy Object SEC 1.1 SEC 1.2 Resolved closed
SEC12-35 Policy types defined in B.9.2 pertain to Security SEC 1.1 SEC 1.2 Resolved closed
SEC12-31 IDL in text needs fully qualified names SEC 1.1 SEC 1.2 Resolved closed
SEC12-37 Access to AccessDecision and AuditDecision objects? SEC 1.1 SEC 1.2 Resolved closed
SEC12-29 Insufficient specification of Exceptions SEC 1.1 SEC 1.2 Resolved closed
SEC12-34 PolicyType declared as enum (section B.9.2) SEC 1.1 SEC 1.2 Resolved closed
SEC12-30 Inappropriate use of the word interface SEC 1.1 SEC 1.2 Resolved closed
SEC12-27 Missing IDL in Appendix A SEC 1.1 SEC 1.2 Resolved closed
SEC12-28 Life cycle of Policy object is not specified SEC 1.1 SEC 1.2 Resolved closed
SEC12-9 How do I get to a specific binding while making an invokation? SEC 1.1 SEC 1.2 Resolved closed
SEC12-8 Intermediate objects SEC 1.1 SEC 1.2 Resolved closed
SEC12-13 Meaning of "as specified object" SEC 1.1 SEC 1.2 Resolved closed
SEC12-12 What Security policy Domain during BOA::create? SEC 1.1 SEC 1.2 Resolved closed
SEC12-6 SECIOP protocol definition SEC 1.1 SEC 1.2 Resolved closed
SEC12-5 SECIOP servers cannot contact SECIOP clients SEC 1.1 SEC 1.2 Resolved closed
SEC12-11 Clarify what creating object is SEC 1.1 SEC 1.2 Resolved closed
SEC12-10 set_privileges adequate? SEC 1.1 SEC 1.2 Resolved closed
SEC12-3 Clarify language on Non-Repudiation delivery authority SEC 1.1 SEC 1.2 Resolved closed
SEC12-14 Is it intent of specification to only secure BOAs? SEC 1.1 SEC 1.2 Resolved closed
SEC12-2 Provide a "day_of_week" audit event selector SEC 1.1 SEC 1.2 Resolved closed
SEC12-7 SECIOP conformant server timed out SEC 1.1 SEC 1.2 Resolved closed
SEC12-4 Provide message identification information SEC 1.1 SEC 1.2 Resolved closed

Issues Descriptions

Credentials in Security rev 1.2 are inconsistent

  • Key: SEC12-64
  • Legacy Issue Number: 634
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Section 15.5.4[2], 15.5.3[3], 15.5.7[12]: what was meant is that Credential cannot be exported to non-security service object, can only be imported to client.

  • Reported: SEC 1.1 — Tue, 29 Jul 1997 04:00 GMT
  • Disposition: Duplicate or Merged — SEC 1.2
  • Disposition Summary:

    resolved close issue

  • Updated: Sat, 7 Mar 2015 09:03 GMT

Service Context ID Assignment (scenario 2)

  • Key: SEC12-63
  • Legacy Issue Number: 308
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Need to flow Security context information and would like to have a service context ID assigned. We need flow security contexts over IIOP.

  • Reported: SEC 1.1 — Wed, 13 Nov 1996 05:00 GMT
  • Disposition: Duplicate or Merged — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Sat, 7 Mar 2015 09:03 GMT

Service Context ID Assignment (scenario 1)

  • Key: SEC12-62
  • Legacy Issue Number: 307
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: CORBA spec sec 10.6.6 Object Service Context. We need to flow service context information for propietary services. IDs should be assigned by OMG. Prevents conflicts with future OMGassignments

  • Reported: SEC 1.1 — Wed, 13 Nov 1996 05:00 GMT
  • Disposition: Duplicate or Merged — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Sat, 7 Mar 2015 09:03 GMT

SecurityLevel2::Object

  • Key: SEC12-61
  • Legacy Issue Number: 152
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: In a SecurityLevel2 compliant ORB, can any object be narrowed to a SecurityLevel2:Object in order to access the additional operations?

  • Reported: SEC 1.1 — Thu, 3 Oct 1996 04:00 GMT
  • Disposition: Duplicate or Merged — SEC 1.2
  • Disposition Summary:

    Closed issue, same as issue # 381

  • Updated: Sat, 7 Mar 2015 09:03 GMT

Current object question

  • Key: SEC12-60
  • Legacy Issue Number: 151
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Is the Current object intended to be a pseudo-object or a real object? If it"s a pseudo-object, how does the programmer narrow a CORBA::Current returned by ORB::get_current()?

  • Reported: SEC 1.1 — Thu, 3 Oct 1996 04:00 GMT
  • Disposition: Duplicate or Merged — SEC 1.2
  • Disposition Summary:

    Closed issue, same as issue 370

  • Updated: Sat, 7 Mar 2015 09:03 GMT

Message Level Interceptors

  • Key: SEC12-59
  • Legacy Issue Number: 138
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Where is the parameter of type Message defined, other than the PIDL?

  • Reported: SEC 1.1 — Fri, 27 Sep 1996 04:00 GMT
  • Disposition: Duplicate or Merged — SEC 1.2
  • Disposition Summary:

    closed issue, same as issue 282

  • Updated: Sat, 7 Mar 2015 09:03 GMT

Tag value of TAG_SSL_SEC_TRANS

  • Key: SEC12-58
  • Legacy Issue Number: 713
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: In the RFP submission, SSL/CORBA Security (orbos/97-02-04), the mechanism TAG, TAG_SSL_SEC_TRANS, was not given a tag value. It"s not defined in CORBA V2.1 either

  • Reported: SEC 1.1 — Wed, 27 Aug 1997 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 21:34 GMT

Typo on page 6 of SSL spec (orbos/97-02-04)

  • Key: SEC12-57
  • Legacy Issue Number: 661
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: There is a typo on page six of the SSL spec (orbos/97-02-04). Both occurences of "traget" should be changed to "target"

  • Reported: SEC 1.1 — Fri, 8 Aug 1997 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 21:34 GMT

Current and get_current()

  • Key: SEC12-56
  • Legacy Issue Number: 536
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Security spec uses CORBA::Current, while our (transactions?) spec says CORBA::ORB::Current. Anybody involved in all 3 (CosTx, CosSec,Core)to make sure inconsistency gets cleared-up?

  • Reported: SEC 1.1 — Wed, 19 Mar 1997 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 21:34 GMT

DomainAccessPolicy incorrectly inherits from CORBA

  • Key: SEC12-55
  • Legacy Issue Number: 372
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: IDL on p225 [15-205] doesn"t inherit from AccessPolicy (disagrees with p150 [15-132] description)

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    already fixed, close issue

  • Updated: Fri, 6 Mar 2015 21:34 GMT

What does "-" mean in "corba::-g"?

  • Key: SEC12-53
  • Legacy Issue Number: 368
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: What does "" mean in "corba:g"? If it means "doesn"t have s" then why isn"t there a "-" for m?

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 21:34 GMT

Initiator is undefined on pg 145

  • Key: SEC12-54
  • Legacy Issue Number: 369
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: p 145: "initiator" is undefined. It could mean the immediate parent in the call chain, or the top of the call chain

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 21:34 GMT

Missing explanation of the use of MessageInContext message

  • Key: SEC12-48
  • Legacy Issue Number: 346
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: What may be missing from text is that if reply or reply fgragment is available to be sent whe complete_establish_context message is returned to client mesaage must be sent with MessageInContext.

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 21:34 GMT

get_domain_policy

  • Key: SEC12-52
  • Legacy Issue Number: 367
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: The get_domain_policy returns a Policy yet the comment says "get policies for objects...". It"s just a little bit confusing to read plural where the singular is intended.

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 21:34 GMT

Is enum EvidenceType intended to be a complete list?

  • Key: SEC12-49
  • Legacy Issue Number: 356
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: If it is not intended to be a complete list, then the normal way to do this is to have a value with "const" for the known values, reserving range, having range for applications

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 21:34 GMT

AssociationOption

  • Key: SEC12-51
  • Legacy Issue Number: 366
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: The const"s for AssociationOption are powers of two, but the only use of AssociationOption are in the sequence AssociationOptions. Presence of sequence AssociationOptions was a bug. Was removed.

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 21:34 GMT

Definition of identity domains confusing

  • Key: SEC12-50
  • Legacy Issue Number: 363
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: "Identity domains: these are domains where objects can share a security identity as objects in the same identity domain." HUH??

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 21:34 GMT

Improve description of secure invocation policy rationalization

  • Key: SEC12-46
  • Legacy Issue Number: 340
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Improve description of secure invocation policy rationalization

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 21:34 GMT

CORBASEC IDL files in Appendix A

  • Key: SEC12-45
  • Legacy Issue Number: 180
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: IOP and TimeBase modules are onle referenced in OMG CORBASEC, Security::SelectorSequence not defined in Security module IDL file, synyax error

  • Reported: SEC 1.1 — Fri, 11 Oct 1996 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    closed issue, resolved

  • Updated: Fri, 6 Mar 2015 21:34 GMT

Definition of MessageInContext needs to be cleared

  • Key: SEC12-47
  • Legacy Issue Number: 345
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Ran across an ambiguity in definition of MessageInContext that needs to be cleared up. Is length of this "higher level" message included? It should be.

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 21:34 GMT

Problems related to "local constrainedness" of Cresentials (2)

  • Key: SEC12-40
  • Legacy Issue Number: 650
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: In interface SecurityLevel2::AuditChannel operation audit_write, which has CredentialsList parameter. If problem is fixed, it appears in SecurityAdmin::AuditPolicy operation set_audit_channel

  • Reported: SEC 1.1 — Fri, 1 Aug 1997 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    This issue was fixed in revision 1.2

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Const declarations missing for audit event types?

  • Key: SEC12-38
  • Legacy Issue Number: 635
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: A.9.3 specifies series of System audit events. Should these have declarations in Security.idl or can these be assigned any values. For consistency I am leaning toward the former

  • Reported: SEC 1.1 — Tue, 29 Jul 1997 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

SSL/CORBA-How does client choose to use SSL?

  • Key: SEC12-43
  • Legacy Issue Number: 718
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Was intent for the AssociationOption, target_requires, to be the only determining factor for the client to use when making the decision to use SSL? (orbos/97-02-04 1st sentence, last para, p.6)

  • Reported: SEC 1.1 — Wed, 27 Aug 1997 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    same as issue 714---closed

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Exceptions to be thrown by (administrative) operations

  • Key: SEC12-42
  • Legacy Issue Number: 717
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: DomainAccessPolicy operation revoke_rights doesn"t specify exceptions to be thrown in case "no rights granted for that attribute"and in to-be-revoked RightsList for some/all rights

  • Reported: SEC 1.1 — Thu, 28 Aug 1997 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Object side-effect semantics

  • Key: SEC12-44
  • Legacy Issue Number: 720
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: I am confused about semantics of the side-effecting override_default_* operations on CORBA::Objects. Are these overrides attached to the reference or to the destination?

  • Reported: SEC 1.1 — Fri, 12 Sep 1997 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Problems related to "locally constrained" of Credentials (1)

  • Key: SEC12-39
  • Legacy Issue Number: 649
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: In interface SecurityAdmin::AccessPolicy, operation get_effective_rights which passes in an argument of type CredentialsList

  • Reported: SEC 1.1 — Fri, 1 Aug 1997 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

DomainAccessPolicy operation question

  • Key: SEC12-41
  • Legacy Issue Number: 712
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: We are not clear on meaning of rights_family argument to operations grant_rights, revoke_rights, replace_rights. How is the additional argument used?

  • Reported: SEC 1.1 — Tue, 26 Aug 1997 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    same as issue 373--closed

  • Updated: Fri, 6 Mar 2015 20:58 GMT

What does get_audit_selectors return?

  • Key: SEC12-24
  • Legacy Issue Number: 377
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Shouldn"t this just operate on a single event type? I could return all selector values for all event types. but how would caller distinguish which ones were set for which event?

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    issue closed

  • Updated: Fri, 6 Mar 2015 20:58 GMT

What if there are no attribute mappings in a policy?

  • Key: SEC12-23
  • Legacy Issue Number: 376
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Mapping Attributes to rights: what should happen if a given right in the Credentials doesn"t have a mapped right? Eithe fail the get_effective_rights or ignore it. The latter sounds better..

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    Just ignore it

  • Updated: Fri, 6 Mar 2015 20:58 GMT

make_domain_manager issue

  • Key: SEC12-16
  • Legacy Issue Number: 358
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: make_domain_manager forces the default to be making a new domain manager for every new instance of this interface. There is no inverse operation. Adding a boolean for enable/disable?

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Use of NoDelegation is inconsistent with terms used on p 44

  • Key: SEC12-15
  • Legacy Issue Number: 355
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Discussion on top of page is inconsistent with terms used on p.44 NoDelegation is used to select which credentials. This is either reusing same term differently (wrong) or inconsistent with use p44

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Current object needs further specification

  • Key: SEC12-21
  • Legacy Issue Number: 370
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Is current object intended to be pseudo object or real object? If pseude object, how does programmer narrow a CORBA::Current returned by ORB::get_current()to SecurityLevel::current?

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Editorial change

  • Key: SEC12-20
  • Legacy Issue Number: 365
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: "as at the client". I find the mixing up of what the client sees as current obscures the meaning of this.Last para of the section mixes up clients and servers.

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

How do add/delete RequiredRights interface entries?

  • Key: SEC12-22
  • Legacy Issue Number: 375
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: There is only a single set_required_rights method on the RR interface in contrast to rich grant/revoke/replace set on DomAccPolicy and AuditPolicy. Should set add entries?

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    Close issue 375: How do add/delete RequiredRights interface entries.

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Credentials object underspecified

  • Key: SEC12-26
  • Legacy Issue Number: 475
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Lifecycle of Credentials object isn"t clearly specified in CORBAsecurity spec rev 1.1 , e.g when can they be safely destroyed, who is responsible for such an act?

  • Reported: SEC 1.1 — Tue, 21 Jan 1997 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

SecurityLevel2::Object needs further specification

  • Key: SEC12-25
  • Legacy Issue Number: 381
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: How about SecurityLevel2::Object? Can any object be narrowed to be a SecurityLevel2:Object in order to access additional operations in a SecurityLevel2 compliant ORB?

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Capabilities is under defined

  • Key: SEC12-18
  • Legacy Issue Number: 362
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: capabilities is under defined. This term is used in various ways so it should be crisply defined. Text in section 3.5.3 could be expanded.

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

What does DetectMisordering mean for a multithreaded process?

  • Key: SEC12-17
  • Legacy Issue Number: 361
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: DetectMisordering: What does this mean for a multithreaded process calling another multithreaded process? Is it meaningful?

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    issue closed

  • Updated: Fri, 6 Mar 2015 20:58 GMT

User Sponsor section should be rewritten

  • Key: SEC12-19
  • Legacy Issue Number: 364
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: I recommend that the User Sponsor section be rewritten. It does not adequqtely define the User Sponsor. It talks about the User Sponsor.

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Message Level interceptors

  • Key: SEC12-1
  • Legacy Issue Number: 282
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: In CORBASEC the two methods in MessageInterceptor interface are shown as taking an parameter of type Message. Where is this type defined?

  • Reported: SEC 1.1 — Mon, 21 Oct 1996 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Constant values for ServiceOptions (Section B.9.1)

  • Key: SEC12-33
  • Legacy Issue Number: 552
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Constant values for ServiceOptions defined pertain to Security Service, have nothing to do with core ORB. Move them from CORBA module to the Security module.

  • Reported: SEC 1.1 — Thu, 24 Apr 1997 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

SSL Protocol

  • Key: SEC12-32
  • Legacy Issue Number: 544
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: For interop it is essential that clients connecting to SSL-secure servers know when and how to execute SSL handshake. One submission does not mention when SSL handshake occurs.

  • Reported: SEC 1.1 — Thu, 17 Apr 1997 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    closed issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Policy Object

  • Key: SEC12-36
  • Legacy Issue Number: 555
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: GIven a Policy object there is no way of telling what PolicyType it is of. Add " readonly attribute PolicyType policy_type; " to the Policy Interface.

  • Reported: SEC 1.1 — Thu, 24 Apr 1997 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Policy types defined in B.9.2 pertain to Security

  • Key: SEC12-35
  • Legacy Issue Number: 554
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Is there a problem in moving the const declarations out of CORBA module and into Security module?

  • Reported: SEC 1.1 — Thu, 24 Apr 1997 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

IDL in text needs fully qualified names

  • Key: SEC12-31
  • Legacy Issue Number: 539
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: IDL presented within the text contains unqualified names of types and interfaces..makes it hard to read and place within overall context of various modules constituting Sec spec IDL specification

  • Reported: SEC 1.1 — Thu, 10 Apr 1997 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Access to AccessDecision and AuditDecision objects?

  • Key: SEC12-37
  • Legacy Issue Number: 630
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: How does user application get hold of object references to AccessDecision and the AuditDecision object? Spec does not provide any means for poor application to get access

  • Reported: SEC 1.1 — Wed, 16 Jul 1997 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Insufficient specification of Exceptions

  • Key: SEC12-29
  • Legacy Issue Number: 537
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Explanations associated with many operations allude to fact that they raise standard exceptions without elicidating on circumstances under which such exceptions are raised.

  • Reported: SEC 1.1 — Thu, 10 Apr 1997 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, issue closed

  • Updated: Fri, 6 Mar 2015 20:58 GMT

PolicyType declared as enum (section B.9.2)

  • Key: SEC12-34
  • Legacy Issue Number: 553
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: PolicyType is declared as enum thus making it not easy to extend. Define it as "unsigned long", and then define the various PolicyTypes as const values

  • Reported: SEC 1.1 — Thu, 24 Apr 1997 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Inappropriate use of the word interface

  • Key: SEC12-30
  • Legacy Issue Number: 538
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: In many places in the security specification that word interface is used to refer to things that OMA would call operations. This should be fixed

  • Reported: SEC 1.1 — Thu, 10 Apr 1997 04:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Missing IDL in Appendix A

  • Key: SEC12-27
  • Legacy Issue Number: 487
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: IDL for the accept_security_context () method in the Vault interface is missing the Security Context output, as described in section 15.7.4.

  • Reported: SEC 1.1 — Mon, 3 Feb 1997 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Life cycle of Policy object is not specified

  • Key: SEC12-28
  • Legacy Issue Number: 534
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: The issue of absence of a specification of life cycle of Policy object is going to be addressed and resolved by RTF

  • Reported: SEC 1.1 — Tue, 25 Mar 1997 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

How do I get to a specific binding while making an invokation?

  • Key: SEC12-9
  • Legacy Issue Number: 349
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Binding stuff is still a problem.Current object, or something in it will be used during a call to select binding. There may be several bindings that are concurrently available for an object

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Intermediate objects

  • Key: SEC12-8
  • Legacy Issue Number: 348
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: For delegation, it is assumed that the "intermediate object" is in fact a single object. What we want is to be able to construct an object that uses other objects in its implementation

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Meaning of "as specified object"

  • Key: SEC12-13
  • Legacy Issue Number: 353
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: What does the "as specified object" mean in "The construction policy controls whether a new domain is needed as well as the specified object."?

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

What Security policy Domain during BOA::create?

  • Key: SEC12-12
  • Legacy Issue Number: 352
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: When I asked how to write a portable application, I was pointed at page 91. I don"t see how it works. What Security Policy Domain is associated with new object during BOA::create?

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    close issue, resolved

  • Updated: Fri, 6 Mar 2015 20:58 GMT

SECIOP protocol definition

  • Key: SEC12-6
  • Legacy Issue Number: 343
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: The SECIOP protocol definition is ambiguous about the meaning of a DiscardContext message received by a client. not specified whether server lost context before/after processing message

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

SECIOP servers cannot contact SECIOP clients

  • Key: SEC12-5
  • Legacy Issue Number: 342
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: SECIOP servers cannot contact SECIOP clients in order to send DiscardContext messages since clients are not listening on TCP ports to receive such messages

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Clarify what creating object is

  • Key: SEC12-11
  • Legacy Issue Number: 351
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Application object calls BOA::create to create new object reference. ORB gets construction policy associated with the creating object. There is no application or creating object>

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

set_privileges adequate?

  • Key: SEC12-10
  • Legacy Issue Number: 350
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: set_privileges says "restricted to ones this principal is permitted to have." Is this adequate? Principals have several identities and privilege attributes Weren"t they restricted?

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Clarify language on Non-Repudiation delivery authority

  • Key: SEC12-3
  • Legacy Issue Number: 338
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Clarify language on Non-Repudiation delivery authority. What is supported by the specification?

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Is it intent of specification to only secure BOAs?

  • Key: SEC12-14
  • Legacy Issue Number: 354
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Section deals with the BOA. Is it the intent of the spec to only have secure BOA objects or may other OAs have secure objects? There should be some words about non-BOA OAs either hereor App: G

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Provide a "day_of_week" audit event selector

  • Key: SEC12-2
  • Legacy Issue Number: 337
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: Provide a "day_of week" audit event selector

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    issue resolved, close

  • Updated: Fri, 6 Mar 2015 20:58 GMT

SECIOP conformant server timed out

  • Key: SEC12-7
  • Legacy Issue Number: 344
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: A SECIOP conformant server whose context has timed out may send a DiscardContext message in response to a client"s IIOP CancelRequest or MessageError message in unpredictable way

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    resolved, close issue

  • Updated: Fri, 6 Mar 2015 20:58 GMT

Provide message identification information

  • Key: SEC12-4
  • Legacy Issue Number: 339
  • Status: closed  
  • Source: Anonymous
  • Summary:

    Summary: [Provide message identification information sufficient to determine which security context was used to protect MessageInContext

  • Reported: SEC 1.1 — Mon, 18 Nov 1996 05:00 GMT
  • Disposition: Resolved — SEC 1.2
  • Disposition Summary:

    Close issue 339: Provide message identification information

  • Updated: Fri, 6 Mar 2015 20:58 GMT