Anthony Nadalin wrote:
> Francis Pouatcha wrote:
>
> >Thank for the hint.
> >I didn't read it before, but i got a look at it know.
>
> >It is a very nice framework for implementing J2EE based on RMI-JRMP, or
> oder
> >socket level RMI-protocol like WLS's RMI-t3, very nice!
>
> >But it is not a stuf for RMI-IIOP because it deals with Server- and
> >ClientSocketFactories and even dynamic proxy loading. RMI-IIOP doesn't get
> down
> >to the Server- and ClienSocketFactory level, but uses ORB to forward
> request.
>
> The ORB will actually deal with the ClientSocketFactory in IIOP not the
> application. So the QOP can be set by
> the client but the ORB will create the socket.
The ORB spec doesn't foresee any kind of SocketFactory. So we need extensions
to the ORB spec.
>
>
> This actually fits in very nice to RMI/IIOP
>
It doesn't. RMI-IIOP isn't worth when we forget non Java clients. RMI security
extensions (like described in that draft) is only technicaly realizable for
java clients (even if we extend ORBs to know about socket factories). How would
a server comunicate it security constraints to the C++ client? I fear we need
some kinds of IDL extensions.
I believe RMI-IIOP should fully rely on CORBA for security, just like it does
for transaction.
--
Francis Pouatcha
MATHEMA Software GmbH
http://www.mathema.de
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
