Re: [Rights Family] CORBASec question

[Konstantin Beznosov <beznosov@baptisthealth.net>]

Hi,

> It clearly states that the RightsFamily containing the standard rights is
> "corba".  But how can this be?  "corba" is a string, and a rights family is
> defined with an ExtensibleFamily struct which has 2 unsigned shorts !  I've
> looked at the 1.2 IDL and nowhere do I see any indication of constants that
> would give me a clue how the "corba" family is mapped to the
> ExtensibleFamily structure.  


Appendix 9 page 15-211 (secrtf/15_security.pdf) reads the following:

"A.9.2 Rights Families and Values

Administration is simplified by defining rights that provide access to a set of
operations, so the administrator only needs to know what rights are required,
rather than the semantics of particular operations. Rights are grouped into
families. Only one rights family is defined in this specification. The family
definer is OMG (value 0) and the family id is CORBA (value 1)."



> 
> It also cleverly maps from a SecAttribute to a string for the explaination
> of the required rights model even though the SecAttribute contains two
> Opaques that aren't defined in the specification at all.  

As far as I understand the intent of the spec here, it was done on purpose
because of th epremise that those Opaques are technology/implementation
dependant. This is why they are underspecified.

> And it groups the
> granted rights in the table ("g" and "s" into a single textural
> representation).   My assumption is that the tables are informative text
> and not intended to imply that a Right string would be "gs--" ? :-)

your assumption is correct.

konstantin
----------------
Broadcast message to hrac-rfp from Konstantin Beznosov <beznosov@baptisthealth.net>.
Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.