incubator-yoko-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick McGuire <rick...@gmail.com>
Subject Re: CSIv2
Date Tue, 30 May 2006 11:31:05 GMT
Anders Hessellund Jensen wrote:
> I am starting a new thread on CSIv2, since the discussion doesn't 
> really belong in the milestone release thread.
>
> I would like to hear some more opinions on how we implement CSIv2 in 
> Yoko. The most important thing, of course, is to get Yoko ready for 
> geronimo. As I understand it from Rick, the requirements for this is 
> relatively small, since the OpenEJB project already has a CSIv2 
> implementation. This CSIv2 implementation has been written in a way 
> that allows it to be integrated into any ORB using a relatively small 
> amount of code.
>
> In the short term, this will work just fine. However, in the long 
> term, I think we want CSIv2 in the stand-alone Yoko distribution as well.
>
> How complete is the CSIv2 implementation the OpenEJB project has? 
> Would it be pssible to use this CSIv2 implementation in stand-alone Yoko?
The OpenEJB CSIv2 implementation is really just a small stub that 
interfaces the ORB to the more general OpenEJB security mechanisms.  I'm 
not sure it's really separable enough that it could be used stand alone 
in Yoko.

>
> In any case, please let me know if there is anything I can do to help 
> getting Yoko ready for Geronimo.
Well, Yoko will need to some hooks/plugins/callbacks that will allow the 
OpenEJB code to interact with the ORB transport-level security.  The 
touch points that are used in the other ORB implementations are:

Server-connections:

   1. Mechanism to configure the ORB listening socket to use a secure
      connection.
   2. A socket-factory like mechanism that will allow Geronimo to use
      its own mechanisms for creating and configuring the ServerSocket.
   3. An callback or interceptor that allows the OpenEJB security
      manager to maintain mappings of requests to the SSLSessions used
      to service the requests (if a secure transport is being used).

Client Connections:

   1. Mechanism to allow Geronimo to make the decision what type of
      connection is used for a given IOR (access to the target IOR is
      required).
   2. A socket-factory like mechanism to allow Geronimo to create and
      configure the socket as needed.

This should be sufficient to hook Yoko into Geronimo.  We'd really like 
to be able to do this for the 1.2 release (in aproximately 3 months), so 
being able to bootstrap this and start running the TCK tests against the 
Geronimo/Yoko combo in the near future is critical.

>
> Best regards,
> Anders
>
>


Mime
View raw message