harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yang Paulex" <paulex.y...@gmail.com>
Subject Re: [classlib][auth]Harmony lacks JGSS provider.
Date Thu, 16 Aug 2007 06:38:15 GMT
2007/8/16, Leo Li <liyilei1979@gmail.com>:
>
> On 8/14/07, Alexey Varlamov <alexey.v.varlamov@gmail.com> wrote:
> >
> > 2007/8/14, Leo Li <liyilei1979@gmail.com>:
> > > Hi, all
> > >    Since Java 1.4.2, RI introduced the package of org.ietf.jgss which
> > > provides a framework to allows application developers to make use of
> > > security services like authentication, data integrity and data
> > > confidentiality from a variety of underlying security mechanisms like
> > > Kerberos, using a unified API. And RI also provides an default
> provider,
> > > sun.security.jgss.SunProvider, which contains the implementation for
> > such
> > > interfaces as org.ietf.jgss.GSSManager, org.ietf.jgss.GSSName,
> > org.ietf.jgss
> > > .GSSContext and etc.
> > >    Current Harmony's classlib actually implemented the framework in
> > > org.ietf.jgss package, while lacks an implementation for JGSS
> provider.
> > And
> > > the property to denote the provider, "jgss.spi.manager", in harmony's
> > > java.security file is still a blank.
> > >    Is it possible to get support from other open source project? From
> > the
> > > website of bouncycastle, there is no related feature of  jgss if I
> have
> > not
> > > missed something.
> >
> > Hi Leo,
> >
> > Indeed we better integrate some exisitng library, otherwise have to
> > implement it ourselves. The last option does not look feasible at the
> > moment, and AFAICT we have not exhausted the possibilities with the
> > first one ;)
>
>
>     Agree. It is no need to reinvent a wheel if there is one on our
> side.:)
>
> With a bit of googling I found an open source JGSS implementation [1]
> > which appears to be AL-compatible [2]. So hereby I call for volunteers
> > to explore this particular possibility - one need to check if the impl
> > is really suitable for Harmony needs and get in touch with project
> > mantainers about ways of integration.
> >
> > [1]
> >
> http://www.cogkit.org/release/4_1_2/api/jglobus/org/globus/gsi/gssapi/package-summary.html
> > [2] http://www.globus.org/toolkit/legal/4.0/licenses4.html#COG
>
>
>    Thanks for your detailed information.     I would like to seek the
> feasibility to make use of cogkit. Just from document[1], it provides an
> implementation. I will try to merge it with harmony to see whether it
> works
> and try to seperate the smallest closure of classes as a JGSS provider.
>     About license, as you said, [2] claims that cog-jglobus.jar which
> contains the classes for JGSS provider, is under a license very similar to
> Apache License V2.0. But I am not an expert in this area and not sure
> whether we shall negotiate with them for explicitly licensing the binary
> module under Apache License.
>     Furthermore, after a preliminary study, I find that the cogkit JGSS
> provider depends at least another puretls.jar, which is provided by
> claymoresystems. Although puretls claims that it is under a Berkley style
> license and it seems that tomcat also make use of this module and I do not
> think it might constitute an obstacle, it really deserves for us to make
> its
> license clear. Is there somebody familiar with it?


We can get Foudantion's help on IP related issues on legal discussion list -
legal-discuss@apache.org.

Or we can ask the authors of that project directly if they are OK to
customize their implementation for Harmony project:), or if we can customize
it ourselves and redistribute in Apache license.

It's also helpful to understand their current compatibility with Java SE and
other relevant standard as well as their roadmap.

    And at least some customization on cogkit is needed since it depends on
> org.apache.commons.logging to record some logging information while I
> think
> it is not needed on harmony's usage.
>


The same issue is actually applicable to Kerberos-based JAAS
> > framework; we have very basic impl of it, and it would be nice to look
> > out & integrate some advanced provider.
> >
> > --
> > Alexey
> >
> > >    Or else maybe we have to implement it ourselves?
> > >
> > > Good luck!
> > > --
> > > Leo Li
> > > China Software Development Lab, IBM
> > >
> >
>
>
>
> --
> Leo Li
> China Software Development Lab, IBM
>



-- 
Paulex Yang
China Software Development laboratory
IBM

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message