Local Interface SecurityLevel3::ContextEstablishmentPolicy
Local Interface SecurityLevel3::ContextEstablishmentPolicy
local interface ContextEstablishmentPolicy
inherits from CORBA::Policy
The ContextEstablishmentPolicy policy object directs the
establishment of security contexts with a target.
The CredsDirective usage is the following:
-
CD_Default
-
This directive means to use the default set
up by the thread, the ORB, the ORB configuration,
available credentials, or other policies.
-
CD_InvokeTarget
-
This directive means to use the
the specified OwnCredentials to create a
secure association with the target
before invocation. Do not endorse or embody the target.
Credentials may be IT_Simple, IT_Quoting, or IT_Proxy.
-
CD_EndorseTarget
-
This directive means to use the
the specified OwnCredentials to create a
secure association with the target
before invocation.
The credentials must be
IT_Simple, IT_Quoting, or IT_Proxy own credentials
that supports endorsement.
Note, a Initiator Credentials that is a IT_Proxy
may have an endorsement statement that not only
endorses this immediate client, but may very well
apply to the next target.
-
CD_EmbodyTarget
-
If possible give the target the ability to
impersonate the client, is performed using
transports that can forward their credentials
in the transport that give the ability to the
target to work in their own behalf. Alternatively,
the authenticator may be able to be passed on.
IT_Simple credentials must have or have the
ability to forward credentials. This is analogous
to flipping the DELEGATE bit on GSS-Kerberos Forwardable
credentials. IT_Quoting principals means
that you can forward the transport credentials,
authenticator plus the Quoting statement.
IT_Proxy principals means that you can forward
the transport credentials, authenticator,
and associated proxy statements.
On using Own Credentials. The creds_ids name Own Credentials.
Also, they restrict the invocation to use only certain credentials.
If the cred_ids list is empty, then the own credentials for the
invocation are selected from a default, which may be
set on the thread or the ORB instance.
Attribute Index
- creds_directive
- creds_list
- use_client_auth
- use_confidentiality
- use_integrity
- use_target_auth
Attributes
- creds_directive
-
readonly attribute CredsDirective creds_directive;
- creds_list
-
readonly attribute OwnCredentialsList creds_list;
- use_client_auth
-
readonly attribute FeatureDirective use_client_auth;
- use_confidentiality
-
readonly attribute FeatureDirective use_confidentiality;
- use_integrity
-
readonly attribute FeatureDirective use_integrity;
- use_target_auth
-
readonly attribute FeatureDirective use_target_auth;
Generated by the ORBacus IDL-to-HTML translator