Issue 3262: Regarding Principal Authenticator in security/99-12-02 (sec-rev) Source: Hewlett-Packard (Dr. Jan Pachl, pachl(at)acm.org) Nature: Uncategorized Issue Severity: Summary: As I recall, two operations from Principal Authenticator were added to the Vault interface at one point a year or so ago, with the idea that the Principal Authenticator would simply pass those calls through to Vault, rather than implementing them directly. But paragraph [971] still says that Principal Authenticator may be used by Vault. It's now the other way round: P.A. uses Vault. In fact, is Principal Authenticator still one of the replaceable objects? Since P.A. uses Vault to do its work, it should be enough to make Vault replaceable. It still says in paragraphs [874], [974] and [1704] that P.A. is replaceable. Resolution: close with revised text Revised Text: Paragraph 940 on page 15-190 starting with "Replacement of the authentication," with: Replacement of the authentication and message protection services underlying secure ORB implementation is accomplished by changing the Vault, which creates Credentials and Security Context objects. Remove Paragraphs 941 starting with "Note that if the Vault uses GSS-API to link" This paragraph doesn’t say much that is particularly useful as far as the spec goes. Remove Paragraph 942 starting with "The Vault is replaced by changing the version" This paragraph is confusing and doesn’t really define the "environment". It’s better off just taken out. Actions taken: January 27, 2000: received issue August 3, 2001: closed issue Discussion: The Security Replaceable Vault may call the PrincpalAuthentciator. End of Annotations:===== Date: Thu, 27 Jan 2000 18:35:55 -0500 From: Jan Pachl Reply-To: pachl@acm.org X-Mailer: Mozilla 4.5 [en]C-SYMPA (WinNT; U) X-Accept-Language: en,fr-CA MIME-Version: 1.0 To: Polar Humenn , secrev@omg.org Subject: Principal Authenticator in security/99-12-02 References: Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii X-UIDL: "f2e9$EA!!7pa!!P7Md9 Regarding Principal Authenticator in security/99-12-02: As I recall, two operations from Principal Authenticator were added to the Vault interface at one point a year or so ago, with the idea that the Principal Authenticator would simply pass those calls through to Vault, rather than implementing them directly. But paragraph [971] still says that Principal Authenticator may be used by Vault. It's now the other way round: P.A. uses Vault. In fact, is Principal Authenticator still one of the replaceable objects? Since P.A. uses Vault to do its work, it should be enough to make Vault replaceable. It still says in paragraphs [874], [974] and [1704] that P.A. is replaceable. Jan Pachl EDS E.solutions pachl@acm.org