On 8/16/07, Yang Paulex <[EMAIL PROTECTED]> wrote: > > 2007/8/16, Leo Li <[EMAIL PROTECTED]>: > > > > On 8/14/07, Alexey Varlamov <[EMAIL PROTECTED]> wrote: > > > > > > 2007/8/14, Leo Li <[EMAIL PROTECTED]>: > > > > Hi, all > > > > Since Java 1.4.2, RI introduced the package of org.ietf.jgsswhich > > > > provides a framework to allows application developers to make use of > > > > security services like authentication, data integrity and data > > > > confidentiality from a variety of underlying security mechanisms > like > > > > Kerberos, using a unified API. And RI also provides an default > > provider, > > > > sun.security.jgss.SunProvider, which contains the implementation for > > > such > > > > interfaces as org.ietf.jgss.GSSManager, org.ietf.jgss.GSSName, > > > org.ietf.jgss > > > > .GSSContext and etc. > > > > Current Harmony's classlib actually implemented the framework in > > > > org.ietf.jgss package, while lacks an implementation for JGSS > > provider. > > > And > > > > the property to denote the provider, "jgss.spi.manager", in > harmony's > > > > java.security file is still a blank. > > > > Is it possible to get support from other open source project? > From > > > the > > > > website of bouncycastle, there is no related feature of jgss if I > > have > > > not > > > > missed something. > > > > > > Hi Leo, > > > > > > Indeed we better integrate some exisitng library, otherwise have to > > > implement it ourselves. The last option does not look feasible at the > > > moment, and AFAICT we have not exhausted the possibilities with the > > > first one ;) > > > > > > Agree. It is no need to reinvent a wheel if there is one on our > > side.:) > > > > With a bit of googling I found an open source JGSS implementation [1] > > > which appears to be AL-compatible [2]. So hereby I call for volunteers > > > to explore this particular possibility - one need to check if the impl > > > is really suitable for Harmony needs and get in touch with project > > > mantainers about ways of integration. > > > > > > [1] > > > > > > http://www.cogkit.org/release/4_1_2/api/jglobus/org/globus/gsi/gssapi/package-summary.html > > > [2] http://www.globus.org/toolkit/legal/4.0/licenses4.html#COG > > > > > > Thanks for your detailed information. I would like to seek the > > feasibility to make use of cogkit. Just from document[1], it provides an > > implementation. I will try to merge it with harmony to see whether it > > works > > and try to seperate the smallest closure of classes as a JGSS provider. > > About license, as you said, [2] claims that cog-jglobus.jar which > > contains the classes for JGSS provider, is under a license very similar > to > > Apache License V2.0. But I am not an expert in this area and not sure > > whether we shall negotiate with them for explicitly licensing the binary > > module under Apache License. > > Furthermore, after a preliminary study, I find that the cogkit JGSS > > provider depends at least another puretls.jar, which is provided by > > claymoresystems. Although puretls claims that it is under a Berkley > style > > license and it seems that tomcat also make use of this module and I do > not > > think it might constitute an obstacle, it really deserves for us to make > > its > > license clear. Is there somebody familiar with it? > > > We can get Foudantion's help on IP related issues on legal discussion list > - > [EMAIL PROTECTED] > > Or we can ask the authors of that project directly if they are OK to > customize their implementation for Harmony project:), or if we can > customize > it ourselves and redistribute in Apache license. > > It's also helpful to understand their current compatibility with Java SE > and > other relevant standard as well as their roadmap.
Thanks, Alexey & Paulex. After some struggling, I found that the JGSS provider from globus actually does not work in a simple scenario test. Due to its compliated library dependency and their different licences , I think it is not so wise to fix it on our side. And I am trying to find some luck in apache Directory project, who is now developing a pure java LDAP v3 compliant server, in which kerberos is one main feature. And at least some customization on cogkit is needed since it depends on > > org.apache.commons.logging to record some logging information while I > > think > > it is not needed on harmony's usage. > > > > > The same issue is actually applicable to Kerberos-based JAAS > > > framework; we have very basic impl of it, and it would be nice to look > > > out & integrate some advanced provider. > > > > > > -- > > > Alexey > > > > > > > Or else maybe we have to implement it ourselves? > > > > > > > > Good luck! > > > > -- > > > > Leo Li > > > > China Software Development Lab, IBM > > > > > > > > > > > > > > > -- > > Leo Li > > China Software Development Lab, IBM > > > > > > -- > Paulex Yang > China Software Development laboratory > IBM > -- Leo Li China Software Development Lab, IBM
