Next:
4.1 General
Up:
CORBASEC Frequently Asked Questions
Previous:
3.12 Is there any
4
. CORBASEC specification
4
.
1
General
4
.
1
.
1
Where can I get the official specification of CORBASEC?
4
.
1
.
2
Where can I get IDL code of CORBASEC interfaces?
4
.
1
.
3
What is the current version of CORBASEC official specification?
4
.
1
.
4
Are there any upcoming updates of the specification?
4
.
1
.
5
Who is responsible for producing specification updates?
4
.
1
.
6
Are there any upcoming new releases of the specifications?
4
.
1
.
7
Who is responsible for producing new specification releases?
4
.
1
.
8
Where can I find a list of outstanding issues in CORBASEC specification?
4
.
1
.
9
I found a typo in the specification, where can I submit it?
4
.
1
.
10
Is there a set of UML diagrams for the CORBASEC Specification?
4
.
1
.
11
I found an error in the specification, where can I submit it?
4
.
1
.
12
I have an idea how to ``improve'' the specification, where can I propose it?
4
.
1
.
13
What are the shortcomings of CORBA Security service?
4
.
1
.
14
Is it completely true that the CORBA Security service is a direct lift of DCE Security?
4
.
1
.
15
What is "Principal", and what is meant by "Principal authentication"?
4
.
1
.
16
What are credentials?
4
.
1
.
17
How are attributes used?
4
.
1
.
18
What does it mean to be conformant to CORBA Security specification?
Security functionality options
Security Replaceability
Secure interoperability
4
.
1
.
19
What about conformance to the Common Secure Interoperability specification?
4
.
1
.
20
What are the protocols used by CSI?
4
.
1
.
21
What about CSI with SSL?
4
.
1
.
22
What is a "Session"?
4
.
1
.
23
How does security context get established between client and server?
4
.
1
.
24
Is there somewhere a description of the context management?
4
.
1
.
25
What is the validity of a context?
4
.
1
.
26
Does a new context for a target have be established if a client is accessing a new target on the same server?
4
.
1
.
27
Will the current context be valid for all requests of the client (and all replies of the server) till the client decides that the context is not valid anymore?
4
.
1
.
28
Which instance manages the contexts?
4
.
1
.
29
Which instance decides that now, the "Session" is over, and the context can be deleted?
4
.
1
.
30
Are the any interfaces specified in CORBASEC for controlling security context by security-aware applications?
4
.
1
.
31
How is access controlled?
4
.
1
.
32
How are privacy and non-repudiation addressed by CORBASEC?
4
.
2
Application developer
4
.
2
.
1
How does CORBA security affect application writers?
4
.
2
.
2
Do we need to pass the UserId as a parameter or there is some other way of getting it?
4
.
2
.
3
How would one incorporate security into an ORB system in the next 6 months, so that the solution would not be obsoleted in the following 6?
4
.
2
.
4
Does CORBA security guarantee that the request and reply are not tampered and not intercepted on their way between the client and the target?
4
.
2
.
5
Is it necessary to secure naming service?
4
.
2
.
6
How to come up with application security design using CORBA Security service?
4
.
2
.
7
How does a security-aware application specify the use of a specific algorithms for supporting communication confidentiality and integrity?
4
.
2
.
8
What is available in CORBASEC for strong (writer-to-reader) authentication?
4
.
3
Administrator
4
.
3
.
1
What are the semantic connotations for rights in CORBA rights family?
4
.
3
.
2
How to use the access control mechanism?
4
.
3
.
3
Do I have to "protect" every object, even those which are not thought to be used from outside?
4
.
3
.
4
How is related work at OMG on Security Administration and Common Management Facilities ?
4
.
3
.
5
What is the granularity of access control on object invocations?
4
.
3
.
6
Where are access control lists stored?
4
.
3
.
7
How do servers ``know'' what domain to put new objects into and when to create new security policy domains?
4
.
3
.
8
What about transient objects created by factories?
4
.
3
.
9
How would access control mechanisms be applied to secure, let's say, naming service?
4
.
4
Implementor
4
.
4
.
1
Where can I find some source code which implementation Security Service?
4
.
4
.
2
Is there any document on how to implement the CORBA security service?
4
.
4
.
3
If I want implement the CORBA security service, what should I do?
4
.
4
.
4
What is the intent of the credentials object design?
4
.
4
.
5
Does the existing Authorization Service of CORBASec scale in a "well" distributed-object environment?
4
.
4
.
6
Can a client implementation circumvent administrative security policies?
4
.
4
.
7
What is the "public" security attribute of a principal?
4
.
4
.
8
Under what circumstances do
Credentials
contain the ``public'' attribute?
4
.
4
.
9
What is the value and the defining authority of the ``public'' attribute?