Version 4
Created by dlofthouse on Mar 7, 2011 9:30 AM. Last modified by brian.stansberry on Oct 5, 2011 9:41 AM.

    Transport Authentication

    At the transport level we will support the following mechanisms for establishing and verifying the identity of the client connecting to the server.

     

    Native (SASL)HTTP
    Plain *1 (DONE)
    		Basic (DONE)
    Digest_MD5 (DONE)Digest (DONE)
    GSSAPI (WILL BE IN 7.1)SPNEGO (WILL BE IN 7.1)
    External *1  (WILL BE IN 7.1)
    		Client Cert (WILL BE IN 7.1)
    AS Security Token *2AS Security Token *2

     

    *1 Not supplied by the JDK. We will provide a provider.

    *2 To be considered at a later point to minimise overhead establishing connection to different nodes.

    Notes

    The Native connection is using Remoting 3 so will make use of the JDK supplied SASL implementation.

     

    Support for Plain / Basic although should be avoided if Digest_MD5 / Digest can be used will be provided for scenarios where pass through of both username and password to back end user database is required.

     

    A single transport will be required to support multiple mechanisms e.g. The Native API may need to use External authentication for hosts but Digest_MD5 for connections from administrators.

     

    Reference

     

    SASL and SASL External - http://datatracker.ietf.org/doc/rfc4422/

    SASL Plain - http://datatracker.ietf.org/doc/rfc4616/

    SASL Digest_MD5 - http://datatracker.ietf.org/doc/rfc2831/

    SASL GSSAPI - http://datatracker.ietf.org/doc/rfc4752/

    Java SASL Documentation - http://download.oracle.com/javase/6/docs/technotes/guides/security/sasl/sasl-refguide.html

     

    HTTP Basic and Digest - http://datatracker.ietf.org/doc/rfc2617/

    HTTP SPNEGO - http://datatracker.ietf.org/doc/rfc4559/

    Java Secure Programming and SSO - http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/lab/index.html

    1571 Views Categories: Tags: