harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexey Varlamov" <alexey.v.varla...@gmail.com>
Subject Re: [classlib][auth]Harmony lacks JGSS provider.
Date Tue, 14 Aug 2007 10:35:28 GMT
2007/8/14, Leo Li <liyilei1979@gmail.com>:
> Hi, all
>    Since Java 1.4.2, RI introduced the package of org.ietf.jgss which
> provides a framework to allows application developers to make use of
> security services like authentication, data integrity and data
> confidentiality from a variety of underlying security mechanisms like
> Kerberos, using a unified API. And RI also provides an default provider,
> sun.security.jgss.SunProvider, which contains the implementation for such
> interfaces as org.ietf.jgss.GSSManager, org.ietf.jgss.GSSName, org.ietf.jgss
> .GSSContext and etc.
>    Current Harmony's classlib actually implemented the framework in
> org.ietf.jgss package, while lacks an implementation for JGSS provider. And
> the property to denote the provider, "jgss.spi.manager", in harmony's
> java.security file is still a blank.
>    Is it possible to get support from other open source project? From the
> website of bouncycastle, there is no related feature of  jgss if I have not
> missed something.

Hi Leo,

Indeed we better integrate some exisitng library, otherwise have to
implement it ourselves. The last option does not look feasible at the
moment, and AFAICT we have not exhausted the possibilities with the
first one ;)
With a bit of googling I found an open source JGSS implementation [1]
which appears to be AL-compatible [2]. So hereby I call for volunteers
to explore this particular possibility - one need to check if the impl
is really suitable for Harmony needs and get in touch with project
mantainers about ways of integration.

[1] http://www.cogkit.org/release/4_1_2/api/jglobus/org/globus/gsi/gssapi/package-summary.html
[2] http://www.globus.org/toolkit/legal/4.0/licenses4.html#COG

The same issue is actually applicable to Kerberos-based JAAS
framework; we have very basic impl of it, and it would be nice to look
out & integrate some advanced provider.

--
Alexey

>    Or else maybe we have to implement it ourselves?
>
> Good luck!
> --
> Leo Li
> China Software Development Lab, IBM
>

Mime
View raw message