POA Security Policy

The ORB provides a proprietary POA security policy for specifying the authentication realm, and Quality of Protection. The policy is created using the create_security_policy method on the POA Extension API.

Method Description

isAuthenticationRequired Specifies whether client needs to authentication with the realm specified by getRealmName method.

getRealmName The realm against which the client should authenticate itself.

isProtectionOptional Is the Quality of Protection optional or required. If it is optional, then, the client can also talk to the object using no protection (eg using plain IIOP).

getQualityOfProtection Get the Quality of Protection for the Object - no Protection, Integrity, and Confidentiality.

getPort Get the port used to listen for incomming secure communicatio

getHostName Get the hostname used to listen for incomming secure communicatio

Quality of Protection

Specifies the quality of protection of the communication required by the all the objects served by a POA instance. There are three pre-built constants

NO_PROTECTION - no protection

INTEGRITY - use communication is only integrity protected using the available default Cipher Suites. The default CipherSuites are specified using the CertificateManager.

CONFIDENTIALITY - communication is integrity and confidentiality protected using the available default Cipher Suites. The default CipherSuites are specified using the CertificateManager.

You can also create custom quaility of protection using any set of CipherSuites supported by the ORB.

POA Extension

The ORB provides extension to the POA APIs for creating security policy objects.

Method Parameters Description

create_security_policy realmName Create the Security Policy. The realmName specifies the realm against which the client is required to authenticate before it is allowed to invoke on objects in the POA created with this Policy.

create_security_policy realmName,
qualityOfProtection,
isProtectionOptional,
host,
port Create a Security Policy for using IIOP/SSL.
The realmName specifies the realm against which the client is required to authenticate before it is allowed to invoke on objects in the POA created with this Policy. To require client authentication using SSL, set this parameter to Realm.PUBLIC_KEY_REALM. The realm name can be null to specify no client authentication is needed.
The qualityOfProtection specifies the required protection to use for communicating with the client.
The isProtectionOptional flag specifies if the protection is optional.
The host and port specify the listening address of the server.

Copyright © 1998-2003, Novell, Inc. All rights reserved.

Method	Description
isAuthenticationRequired	Specifies whether client needs to authentication with the realm specified by getRealmName method.
getRealmName	The realm against which the client should authenticate itself.
isProtectionOptional	Is the Quality of Protection optional or required. If it is optional, then, the client can also talk to the object using no protection (eg using plain IIOP).
getQualityOfProtection	Get the Quality of Protection for the Object - no Protection, Integrity, and Confidentiality.
getPort	Get the port used to listen for incomming secure communicatio
getHostName	Get the hostname used to listen for incomming secure communicatio