Jiva DeVoe
2006-07-07 01:51:36 UTC
I have the following requirements for a project I am working on with
CORBA and omniORB:
1. my calls to my servants must be encrypted end to end
2. my callers must be authenticated (preferably using kerberos, but
willing to evaluate other options if they are provide signifigant
benefits).
I see that omniORB supports using openssl as a transport mechanism.
I think that this would solve my first requirement, but I don't think
it would solve my second requirement. In other words, though it
provides an encrypted connection that is secure between a given set
of peers, it would *not* enable me to authenticate a given user or
process on one of those peers.
So my questions then are these:
A. is my understanding of the above correct?
B. are there any design patterns using corba that I can use to solve
these requirements, keeping in mind, I don't even want the calls
themselves to be unencrypted (so at the least, some transport level
encryption is required.)
C. Are there any projects that plan to add kerberos authentication
and encryption at a transport level to omniORB?
D. is there any documentation available on adding transports to
omniORB, if I decide to go that route and do it myself?
E. is there any reason I wouldn't want to do this?
Thanks!
CORBA and omniORB:
1. my calls to my servants must be encrypted end to end
2. my callers must be authenticated (preferably using kerberos, but
willing to evaluate other options if they are provide signifigant
benefits).
I see that omniORB supports using openssl as a transport mechanism.
I think that this would solve my first requirement, but I don't think
it would solve my second requirement. In other words, though it
provides an encrypted connection that is secure between a given set
of peers, it would *not* enable me to authenticate a given user or
process on one of those peers.
So my questions then are these:
A. is my understanding of the above correct?
B. are there any design patterns using corba that I can use to solve
these requirements, keeping in mind, I don't even want the calls
themselves to be unencrypted (so at the least, some transport level
encryption is required.)
C. Are there any projects that plan to add kerberos authentication
and encryption at a transport level to omniORB?
D. is there any documentation available on adding transports to
omniORB, if I decide to go that route and do it myself?
E. is there any reason I wouldn't want to do this?
Thanks!