harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leo Li" <liyilei1...@gmail.com>
Subject Re: [classlib][auth]Harmony lacks JGSS provider.
Date Wed, 29 Aug 2007 09:21:52 GMT
On 8/16/07, Yang Paulex <paulex.yang@gmail.com> wrote:
>
> 2007/8/16, Leo Li <liyilei1979@gmail.com>:
> >
> > On 8/14/07, Alexey Varlamov <alexey.v.varlamov@gmail.com> wrote:
> > >
> > > 2007/8/14, Leo Li <liyilei1979@gmail.com>:
> > > > Hi, all
> > > >    Since Java 1.4.2, RI introduced the package of org.ietf.jgsswhich
> > > > provides a framework to allows application developers to make use of
> > > > security services like authentication, data integrity and data
> > > > confidentiality from a variety of underlying security mechanisms
> like
> > > > Kerberos, using a unified API. And RI also provides an default
> > provider,
> > > > sun.security.jgss.SunProvider, which contains the implementation for
> > > such
> > > > interfaces as org.ietf.jgss.GSSManager, org.ietf.jgss.GSSName,
> > > org.ietf.jgss
> > > > .GSSContext and etc.
> > > >    Current Harmony's classlib actually implemented the framework in
> > > > org.ietf.jgss package, while lacks an implementation for JGSS
> > provider.
> > > And
> > > > the property to denote the provider, "jgss.spi.manager", in
> harmony's
> > > > java.security file is still a blank.
> > > >    Is it possible to get support from other open source project?
> From
> > > the
> > > > website of bouncycastle, there is no related feature of  jgss if I
> > have
> > > not
> > > > missed something.
> > >
> > > Hi Leo,
> > >
> > > Indeed we better integrate some exisitng library, otherwise have to
> > > implement it ourselves. The last option does not look feasible at the
> > > moment, and AFAICT we have not exhausted the possibilities with the
> > > first one ;)
> >
> >
> >     Agree. It is no need to reinvent a wheel if there is one on our
> > side.:)
> >
> > With a bit of googling I found an open source JGSS implementation [1]
> > > which appears to be AL-compatible [2]. So hereby I call for volunteers
> > > to explore this particular possibility - one need to check if the impl
> > > is really suitable for Harmony needs and get in touch with project
> > > mantainers about ways of integration.
> > >
> > > [1]
> > >
> >
> http://www.cogkit.org/release/4_1_2/api/jglobus/org/globus/gsi/gssapi/package-summary.html
> > > [2] http://www.globus.org/toolkit/legal/4.0/licenses4.html#COG
> >
> >
> >    Thanks for your detailed information.     I would like to seek the
> > feasibility to make use of cogkit. Just from document[1], it provides an
> > implementation. I will try to merge it with harmony to see whether it
> > works
> > and try to seperate the smallest closure of classes as a JGSS provider.
> >     About license, as you said, [2] claims that cog-jglobus.jar which
> > contains the classes for JGSS provider, is under a license very similar
> to
> > Apache License V2.0. But I am not an expert in this area and not sure
> > whether we shall negotiate with them for explicitly licensing the binary
> > module under Apache License.
> >     Furthermore, after a preliminary study, I find that the cogkit JGSS
> > provider depends at least another puretls.jar, which is provided by
> > claymoresystems. Although puretls claims that it is under a Berkley
> style
> > license and it seems that tomcat also make use of this module and I do
> not
> > think it might constitute an obstacle, it really deserves for us to make
> > its
> > license clear. Is there somebody familiar with it?
>
>
> We can get Foudantion's help on IP related issues on legal discussion list
> -
> legal-discuss@apache.org.
>
> Or we can ask the authors of that project directly if they are OK to
> customize their implementation for Harmony project:), or if we can
> customize
> it ourselves and redistribute in Apache license.
>
> It's also helpful to understand their current compatibility with Java SE
> and
> other relevant standard as well as their roadmap.


   Thanks, Alexey & Paulex.
   After some struggling, I found that the JGSS provider from globus
actually does not work in a simple scenario test. Due to its compliated
library dependency and their different licences , I think it is not so wise
to fix it on our side. And I am trying to find some luck in apache Directory
project, who is now developing a pure java LDAP v3 compliant server, in
which kerberos is one main feature.

   And at least some customization on cogkit is needed since it depends on
> > org.apache.commons.logging to record some logging information while I
> > think
> > it is not needed on harmony's usage.
> >
>
>
> The same issue is actually applicable to Kerberos-based JAAS
> > > framework; we have very basic impl of it, and it would be nice to look
> > > out & integrate some advanced provider.
> > >
> > > --
> > > Alexey
> > >
> > > >    Or else maybe we have to implement it ourselves?
> > > >
> > > > Good luck!
> > > > --
> > > > Leo Li
> > > > China Software Development Lab, IBM
> > > >
> > >
> >
> >
> >
> > --
> > Leo Li
> > China Software Development Lab, IBM
> >
>
>
>
> --
> Paulex Yang
> China Software Development laboratory
> IBM
>



-- 
Leo Li
China Software Development Lab, IBM

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message