harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leo Li" <liyilei1...@gmail.com>
Subject Re: [classlib][auth]Harmony lacks JGSS provider.
Date Thu, 16 Aug 2007 02:41:13 GMT
On 8/14/07, Alexey Varlamov <alexey.v.varlamov@gmail.com> wrote:
>
> 2007/8/14, Leo Li <liyilei1979@gmail.com>:
> > Hi, all
> >    Since Java 1.4.2, RI introduced the package of org.ietf.jgss which
> > provides a framework to allows application developers to make use of
> > security services like authentication, data integrity and data
> > confidentiality from a variety of underlying security mechanisms like
> > Kerberos, using a unified API. And RI also provides an default provider,
> > sun.security.jgss.SunProvider, which contains the implementation for
> such
> > interfaces as org.ietf.jgss.GSSManager, org.ietf.jgss.GSSName,
> org.ietf.jgss
> > .GSSContext and etc.
> >    Current Harmony's classlib actually implemented the framework in
> > org.ietf.jgss package, while lacks an implementation for JGSS provider.
> And
> > the property to denote the provider, "jgss.spi.manager", in harmony's
> > java.security file is still a blank.
> >    Is it possible to get support from other open source project? From
> the
> > website of bouncycastle, there is no related feature of  jgss if I have
> not
> > missed something.
>
> Hi Leo,
>
> Indeed we better integrate some exisitng library, otherwise have to
> implement it ourselves. The last option does not look feasible at the
> moment, and AFAICT we have not exhausted the possibilities with the
> first one ;)


    Agree. It is no need to reinvent a wheel if there is one on our side.:)

With a bit of googling I found an open source JGSS implementation [1]
> which appears to be AL-compatible [2]. So hereby I call for volunteers
> to explore this particular possibility - one need to check if the impl
> is really suitable for Harmony needs and get in touch with project
> mantainers about ways of integration.
>
> [1]
> http://www.cogkit.org/release/4_1_2/api/jglobus/org/globus/gsi/gssapi/package-summary.html
> [2] http://www.globus.org/toolkit/legal/4.0/licenses4.html#COG


   Thanks for your detailed information.     I would like to seek the
feasibility to make use of cogkit. Just from document[1], it provides an
implementation. I will try to merge it with harmony to see whether it works
and try to seperate the smallest closure of classes as a JGSS provider.
    About license, as you said, [2] claims that cog-jglobus.jar which
contains the classes for JGSS provider, is under a license very similar to
Apache License V2.0. But I am not an expert in this area and not sure
whether we shall negotiate with them for explicitly licensing the binary
module under Apache License.
    Furthermore, after a preliminary study, I find that the cogkit JGSS
provider depends at least another puretls.jar, which is provided by
claymoresystems. Although puretls claims that it is under a Berkley style
license and it seems that tomcat also make use of this module and I do not
think it might constitute an obstacle, it really deserves for us to make its
license clear. Is there somebody familiar with it?
    And at least some customization on cogkit is needed since it depends on
org.apache.commons.logging to record some logging information while I think
it is not needed on harmony's usage.


The same issue is actually applicable to Kerberos-based JAAS
> framework; we have very basic impl of it, and it would be nice to look
> out & integrate some advanced provider.
>
> --
> Alexey
>
> >    Or else maybe we have to implement it ourselves?
> >
> > Good luck!
> > --
> > Leo Li
> > China Software Development Lab, IBM
> >
>



-- 
Leo Li
China Software Development Lab, IBM

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message