The SecurityPolicy can be used by the clients to specify the security attributes required by the objects implemented using the POA instance being created.The security attributes include
- SecureTransportInfo (TCP addresses, cipher suites, etc.)
- ClientAuthInfo (support for GSSUP username/password based client auth mechanism)
- boolean specifying IdentityAssertion support
Secure Transport Info
The optional SecureTransportInfo specifies the attributes for IIOP/SSL. These include
- TransportPolicyValue - this specifies the list of primary and secondary TCPAddresses. If the derived class ClusterPolicyValue is used, then a clustering scheme is specified as well.
- QualityOfProtection - is a list of CipherSuites that are acceptable to use for protection of communication. There are three pre-built constants:
- NO_PROTECTION - no protection
- INTEGRITY - use communication is only integrity protected using the available default Cipher Suites. The default CipherSuites are specified using the CertificateManager.
- CONFIDENTIALITY - communication is integrity and confidentiality protected using the available default Cipher Suites. The default CipherSuites are specified using the CertificateManager.
- boolean specifying whether client authentication (using public key technology) during SSL handshake is required.
- enable TLS - TLS 1.0 is allowed otherwise only SSL 3.0 is allowed
- boolean specifying whether IIOP/SSL is mandatory or optional
Client Auth Info
The ClientAuthInfo is used to specify the realm name that the user should provide credentials (username/password) for, and whether client authentication is optional or required.
Copyright © 1998-2003, Novell, Inc. All rights reserved.