Issue 2704: Capule Specific items residing on thread specific Current (sec-rev) Source: (, ) Nature: Uncategorized Issue Severity: Significant Summary: Summary: Several Capule specific attributes and operations are residing on Security Current, such as own_credentials, and principal_authenticator. This maligns the thread model of a Current object. In convention with other specifications there should be a seperate capusle specific interface for these objects. Resolution: Close issue 2704 "Current contains thread specific information". Revised Text: Create a new section before section 15.5.7 "Security Operations on Current". (This is shifting some paragraphs from 15.5.7). Operations on Security Manager Description The Security Manager object represents capsule specific security information. The attributes and operation of the SecurityManager object are relevant to the capsule regardless of the thread of execution. A reference to the SecurityManager object is retrieved using the ORB::resolve_initial_reference("SecurityManager") operation. The attributes and operations on the SecurityManager object are described in this section and provide access to the following information: o principal_authenticator: A reference to the PrincipalAuthenticator object, which is used to authenticate principals and thus obtain Credentials objects for them. o own_credentials: The list of credentials associated with the active application (capsule). A capsule’s own credentials are set up as the result of the application being initialized or explicitly by calling on the PrincipalAuthenticator object. The operations provided are the following: o remove_own_credentials: This operation allows the application to perform Credentials management of the own_credentials list. o get_target_credentials: This operation allows the application to discover the authenticated principal of a target object. The SecurityLevel2::SecurityManager Interface The following attributes and operations are available on the SecurityLevel2::SecurityManager Interface. principal_authenticator This readonly attribute is a reference to the PrincipalAuthenticator that can be used by the application to authenticate principals and obtain Credentials. readonly attribute PrincipalAuthenticator principal_authenticator; Return Value The object reference to a PrincipalAuthenticator object. The operation in the interface of this object are defined in Section 15.3.2 "Principals and Their Security Attributes," on page .... own_credentials Any application owns a set of credentials which it obtains through the process of authentication of the principal that initiates the execution of the program, and further from other credentials that such a principal might bestow upon the application. This attribute returns this set of credentials. readonly attribute CredentialsList own_credentials; Return Value A sequence of Credentials object references owned by the application. remove_own_credentials This operation is used by applications that wish to remove credentials that were put on the own_credentials list by virtue of the PrincipalAuthenticator. This operation does not manipulate or destroy the objects in any way. The give Credentials object (as opposed to the one produced by a copy operation) must reside on the list, otherwise a CORBA::BAD_PARAM exception is raised. void remove_own_credentials( in Credentials creds ); Parameters creds The Credentials object to be removed from the list. Return Value None. get_target_credentials This operation is used by the applications that wish to authenticate a principal "behind" the object reference. TargetCredentials get_target_credentials( in Object target ); Parameters target The object reference in question. Return Value The TargetCredentials object that represents the secure association established with the remote principal. Modify Section on "Security Operations on Current" Paragraph 567: Remove "own_credentials" bullet; Remove paragraph 569 and its bullets. Remove sections from "own_credentials" paragraph 587 on page 15-114, through end of section, paragraph 601 on page 15-117 Remove the first sentence of paragraph 695 on page 15-139 "A Required Rights object is available as an attribute of Current in ....". Actions taken: June 4, 1999: received issue June 18, 1999: closed issue Discussion: close issue 2704: Current contains thread specific information End of Annotations:===== X-Authentication-Warning: marcy.adiron.com: polar owned process doing -bs Date: Fri, 4 Jun 1999 17:17:44 -0400 (EDT) From: Polar Humenn To: issues@omg.org Subject: Security Issue Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-UIDL: a7ce71a2857c274912bebb382b7bba89 Document: Security RTF 1.5 Severity: Significant Subject: Capule Specific items residing on thread specific Current: Several Capule specific attributes and operations are residing on Security Current, such as own_credentials, and principal_authenticator. This maligns the thread model of a Current object. In convention with other specifications there should be a seperate capusle specific interface for these objects. ------------------------------------------------------------------- Polar Humenn Adiron, LLC President 2-212 Center for Science & Technology mailto:polar@adiron.com CASE Center/Syracuse University Phone: 315-443-3171 Syracuse, NY 13244-4100 Fax: 315-443-4745 http://www.adiron.com