Current implementation of SRP is not secure in a sence that someone who can observe authentication process can impersonate itself as a valid user. The point that I wanted to make is that implementation of secure protocol on top of RMI is inefficient compared to implementation on a transport level. More over, reasonably good implementations of secure protocols are already available in JDK out of the box. This includes SSL/TLS with Kerberos authentication that works with Microsoft Active Directory. So why reinvent the wheel? All you have to do is make JBoss extract principal information from a transport layer. That, I believe, is much easyer to accomplish than implement GSS-API on top of RMI.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3856551#3856551 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3856551 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user