Anders Hessellund Jensen wrote:
I am starting a new thread on CSIv2, since the discussion doesn't
really belong in the milestone release thread.
I would like to hear some more opinions on how we implement CSIv2 in
Yoko. The most important thing, of course, is to get Yoko ready for
geronimo. As I understand it from Rick, the requirements for this is
relatively small, since the OpenEJB project already has a CSIv2
implementation. This CSIv2 implementation has been written in a way
that allows it to be integrated into any ORB using a relatively small
amount of code.
In the short term, this will work just fine. However, in the long
term, I think we want CSIv2 in the stand-alone Yoko distribution as well.
How complete is the CSIv2 implementation the OpenEJB project has?
Would it be pssible to use this CSIv2 implementation in stand-alone Yoko?
The OpenEJB CSIv2 implementation is really just a small stub that
interfaces the ORB to the more general OpenEJB security mechanisms. I'm
not sure it's really separable enough that it could be used stand alone
in Yoko.
In any case, please let me know if there is anything I can do to help
getting Yoko ready for Geronimo.
Well, Yoko will need to some hooks/plugins/callbacks that will allow the
OpenEJB code to interact with the ORB transport-level security. The
touch points that are used in the other ORB implementations are:
Server-connections:
1. Mechanism to configure the ORB listening socket to use a secure
connection.
2. A socket-factory like mechanism that will allow Geronimo to use
its own mechanisms for creating and configuring the ServerSocket.
3. An callback or interceptor that allows the OpenEJB security
manager to maintain mappings of requests to the SSLSessions used
to service the requests (if a secure transport is being used).
Client Connections:
1. Mechanism to allow Geronimo to make the decision what type of
connection is used for a given IOR (access to the target IOR is
required).
2. A socket-factory like mechanism to allow Geronimo to create and
configure the socket as needed.
This should be sufficient to hook Yoko into Geronimo. We'd really like
to be able to do this for the 1.2 release (in aproximately 3 months), so
being able to bootstrap this and start running the TCK tests against the
Geronimo/Yoko combo in the near future is critical.
Best regards,
Anders
