[Next] [Up] [Previous] [Contents]
Next: 4.1.20 What are the Up: 4.1 General Previous: Secure interoperability

4.1.19 What about conformance to the Common Secure Interoperability specification?

 

Linda Gricius (March, 1998):

The CSI specification is part of the overall CORBASEC specification.

The Common Secure Interoperability specification defines the standards for common secure interoperability when using GIOP/IIOP, by defining:

It also defines what is required to conform to the mandatory and optional parts of the specification.

An ORB conforming to CSI level 2 can support all the security functionality described in the CORBA Security specification. Facilities are more restricted at levels 0 and 1. The three levels are:

CSI level 0
Identity based policies without delegation - at this level, only the identity (no other attributes) of the initiating principal is transmitted from the client to the target, and this cannot be delegated to further objects).
CSI level 1
Identity based policies with unrestricted delegation - at this level, only the identity (no other attributes) of the initiating principal is transmitted from the client to the target. The identity can be delegated to other objects on further object invocations, and there are no restrictions on its delegation, so intermediate objects can impersonate the user.
CSI level 2
Identity and privilege based policies with controlled delegation - at this level, attributes of initiating principals passed from client to target can include separate access and audit identities and range of privileges, such as roles and groups. Delegation of these attributes can be controlled so that they can only be used at certain locations.


[Next] [Up] [Previous] [Contents]
Next: 4.1.20 What are the Up: 4.1 General Previous: Secure interoperability