Bug 6498 - Allow no authorization with delegation as a configurable option
: Allow no authorization with delegation as a configurable option
Status: RESOLVED FIXED
: CoG jglobus
security
: 1.6.0
: PC Windows XP
: P3 enhancement
: 1.7
Assigned To:
:
:
:
: 6435
  Show dependency treegraph
 
Reported: 2008-10-23 08:54 by
Modified: 2008-10-24 10:52 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2008-10-23 08:54:48
Today CoG Jglobus explicitly prevents delegation of credential during
handshake, if client authorization is not done (that is getExpectedName() in
Authorization interface returns a null). This check is hardcoded and is not
configurable.

We have use case for a project that would like to allow delegation of client
credential to any service that runs with a certificate from a CA the client
trusts. I would like to make this a configurable option, preserving the
existing behavior and documenting the necessary security considerations of
exercising the option.
------- Comment #1 From 2008-10-24 10:51:18 -------
Added constant GSSConstants.AUTHZ_REQUIRED_WITH_DELEGATION that determines if
authorization is enforced with delegation. If the value is set to false, then
it is disabled, all other cases authorization is required.