[Next]
[Up]
[Previous]
[Contents]
Next: 4.1.20 What are the
Up: 4.1 General
Previous: Secure interoperability
Linda Gricius (March, 1998):
The CSI specification is part of the overall CORBASEC specification.
The Common Secure Interoperability specification defines the standards for common
secure interoperability when using GIOP/IIOP, by defining:
- standard security mechanisms and associated cryptographic algorithms
- details of the SECIOP protocol messages and IOR security tags when using these
mechanisms and algorithms
- the security functionality supported when interoperating using these security
mechanisms.
It also defines what is required to conform to the mandatory and optional parts
of the specification.
An ORB conforming to CSI level 2 can support all the security functionality
described in the CORBA Security specification. Facilities are more restricted
at levels 0 and 1. The three levels are:
- CSI level 0
- Identity based policies without delegation - at this level, only
the identity (no other attributes) of the initiating principal is transmitted
from the client to the target, and this cannot be delegated to further objects).
- CSI level 1
- Identity based policies with unrestricted delegation - at this
level, only the identity (no other attributes) of the initiating principal is
transmitted from the client to the target. The identity can be delegated to
other objects on further object invocations, and there are no restrictions on
its delegation, so intermediate objects can impersonate the user.
- CSI level 2
- Identity and privilege based policies with controlled delegation
- at this level, attributes of initiating principals passed from client to
target can include separate access and audit identities and range of privileges,
such as roles and groups. Delegation of these attributes can be controlled so
that they can only be used at certain locations.
[Next]
[Up]
[Previous]
[Contents]
Next: 4.1.20 What are the
Up: 4.1 General
Previous: Secure interoperability