On Feb 6, 2006, at 12:12 PM, Simon Godik wrote:
My impression is that CORBA security implementation (csi-v2) is not
integrated well with the Geronimo login service (please correct me
if I'm
wrong). I plan to integrate csi-v2 security with the Geronimo login
service
by having csi-v2 interceptor authenticate with the login service
and thus
have consistent role mappings; Trust rules will also be moved out into
trust-manager gbean configured into the security realm
I don't remember the exact terms used in the corba spec, but IIRC
there is forward and backward (reverse?) authentication propagation.
IIUC we are required only to implement forward, in which we trust the
server sending the identity token, whereas backward where we log in
the propagated identity ourselves is optional. Can you elaborate
how we will support both forward and backward styles using the login
service for both? When I worked on this it seemed really odd that we
only got one principal through csiv2, but I didn't see how to add more.
many thanks
david jencks
Simon
