Issue 7310: Firewall Issue: Random BiDirIds can't be used for persistent POAs (firewall-traversal-ftf) Source: (Ms. Rebecca Bergersen, becky(at)bergersen.org) Nature: Uncategorized Issue Severity: Summary: PROBLEM: The BiDir GIOP document specifies that all BiDirIds must be randomly generated. However, persistent POAs must use the same BiDirId across sessions since they are stored in the IOR. RECOMMENDATION: A new policy is created (BiDirIdGenerationPolicy) that contains two fields: field 1, the ID generation method, will take the value 'RANDOM' or the value 'REPEATABLE' field 2, the ID type, will take the value 'STRONG' or the value 'WEAK' The random generation method is adequately documented. The repeatable method will always generate the same BiDirId for a given POA. This effectively makes the ID a constant, but without the concern for storage. It also results in the end-user not having to deal with BiDirIds - they are handled entirely by the infrastructure. The values for the ID type indicate whether the type of BiDirId generated is strong or weak. This policy is placed on the client ORB and/or the POA in question. Resolution: Revised Text: Actions taken: May 6, 2004: received issue Discussion: End of Annotations:===== ubject: Firewall Issue: Random BiDirIds can't be used for persistent POAs Date: Thu, 6 May 2004 16:39:00 -0400 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Firewall Issue: Random BiDirIds can't be used for persistent POAs Thread-Index: AcQzqkBt+siBiC3oQPapd0Bzb0rlIg== From: "Bergersen, Rebecca" To: , Cc: "Bergersen, Rebecca" PROBLEM: The BiDir GIOP document specifies that all BiDirIds must be randomly generated. However, persistent POAs must use the same BiDirId across sessions since they are stored in the IOR. RECOMMENDATION: A new policy is created (BiDirIdGenerationPolicy) that contains two fields: field 1, the ID generation method, will take the value 'RANDOM' or the value 'REPEATABLE' field 2, the ID type, will take the value 'STRONG' or the value 'WEAK' The random generation method is adequately documented. The repeatable method will always generate the same BiDirId for a given POA. This effectively makes the ID a constant, but without the concern for storage. It also results in the end-user not having to deal with BiDirIds - they are handled entirely by the infrastructure. The values for the ID type indicate whether the type of BiDirId generated is strong or weak. This policy is placed on the client ORB and/or the POA in question. Respectfully, Rebecca Bergersen PRINCIPAL ARCHITECT, MIDDLEWARE STANDARDS rebecca.bergersen@iona.com ------------------------------------------------------- IONA Technologies 200 West Street Waltham, MA 02451 USA Tel: (781) 902-8265 Fax: (781) 902-8001 ------------------------------------------------------- Making Software Work Together TM Date: Thu, 06 May 2004 21:26:20 -0400 From: Joncheng Kuo User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en To: "Bergersen, Rebecca" CC: issues@omg.org, firewall-traversal-ftf@omg.org Subject: Re: Firewall Issue: Random BiDirIds can't be used for persistent POAs X-Virus-Scanned: Symantec AntiVirus Scan Engine I'm fine with the resolution, although I personally prefer allowing user-specified BiDirId -- similar to what the POA IdAssignmentPolicy does. I have a little trouble with your last sentence. This policy is placed on the client ORB and/or the POA in question. My understanding is that you can set a server-side policy only on the POA. Section 4.9.2 of the CORBA spec says, "Server-side Policy management is handled by associating Policy objects with a POA." Joncheng Respectfully, Rebecca Bergersen PRINCIPAL ARCHITECT, MIDDLEWARE STANDARDS rebecca.bergersen@iona.com ------------------------------------------------------- IONA Technologies 200 West Street Waltham, MA 02451 USA Tel: (781) 902-8265 Fax: (781) 902-8001 ------------------------------------------------------- Making Software Work Together TM Subject: RE: Firewall Issue: Random BiDirIds can't be used for persistent POAs Date: Fri, 7 May 2004 10:44:12 -0400 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Firewall Issue: Random BiDirIds can't be used for persistent POAs Thread-Index: AcQz0kgJh/ZY8T7nR9iZc2KS7SylXgAb0jvA From: "Bergersen, Rebecca" To: "Joncheng Kuo" Cc: , Sorry - I guess we need to specify that the BiDirIdGeneration policy is a client policy since it is used on the Initiator side of a connection and governs how a BiDirId is generated for a POA. --Rebecca -----Original Message----- From: Joncheng Kuo [mailto:ckuo01@syr.edu] Sent: Thursday, May 06, 2004 9:26 PM To: Bergersen, Rebecca Cc: issues@omg.org; firewall-traversal-ftf@omg.org Subject: Re: Firewall Issue: Random BiDirIds can't be used for persistent POAs I'm fine with the resolution, although I personally prefer allowing user-specified BiDirId -- similar to what the POA IdAssignmentPolicy does. I have a little trouble with your last sentence. This policy is placed on the client ORB and/or the POA in question. My understanding is that you can set a server-side policy only on the POA. Section 4.9.2 of the CORBA spec says, "Server-side Policy management is handled by associating Policy objects with a POA." Joncheng Respectfully, Rebecca Bergersen PRINCIPAL ARCHITECT, MIDDLEWARE STANDARDS rebecca.bergersen@iona.com ------------------------------------------------------- IONA Technologies 200 West Street Waltham, MA 02451 USA Tel: (781) 902-8265 Fax: (781) 902-8001 ------------------------------------------------------- Making Software Work Together TM Subject: RE: Firewall Issue: Random BiDirIds can't be used for persistent POAs Date: Fri, 7 May 2004 10:00:32 -0700 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Firewall Issue: Random BiDirIds can't be used for persistent POAs Thread-Index: AcQz0kgJh/ZY8T7nR9iZc2KS7SylXgAb0jvAAATDE6A= From: "Dave Stringer" To: "Bergersen, Rebecca" , "Joncheng Kuo" Cc: X-OriginalArrivalTime: 07 May 2004 17:00:32.0775 (UTC) FILETIME=[CEFC3970:01C43454] I just noticed, some of these threads are being copied to issues@omg.org :-( -----Original Message----- From: Bergersen, Rebecca [mailto:Rebecca.Bergersen@iona.com] Sent: Friday, May 07, 2004 7:44 AM To: Joncheng Kuo Cc: issues@omg.org; firewall-traversal-ftf@omg.org Subject: RE: Firewall Issue: Random BiDirIds can't be used for persistent POAs Sorry - I guess we need to specify that the BiDirIdGeneration policy is a client policy since it is used on the Initiator side of a connection and governs how a BiDirId is generated for a POA. --Rebecca -----Original Message----- From: Joncheng Kuo [mailto:ckuo01@syr.edu] Sent: Thursday, May 06, 2004 9:26 PM To: Bergersen, Rebecca Cc: issues@omg.org; firewall-traversal-ftf@omg.org Subject: Re: Firewall Issue: Random BiDirIds can't be used for persistent POAs I'm fine with the resolution, although I personally prefer allowing user-specified BiDirId -- similar to what the POA IdAssignmentPolicy does. I have a little trouble with your last sentence. This policy is placed on the client ORB and/or the POA in question. My understanding is that you can set a server-side policy only on the POA. Section 4.9.2 of the CORBA spec says, "Server-side Policy management is handled by associating Policy objects with a POA." Joncheng Respectfully, Rebecca Bergersen PRINCIPAL ARCHITECT, MIDDLEWARE STANDARDS rebecca.bergersen@iona.com ------------------------------------------------------- IONA Technologies 200 West Street Waltham, MA 02451 USA Tel: (781) 902-8265 Fax: (781) 902-8001 ------------------------------------------------------- Making Software Work Together TM