Bugzilla – Full Text Bug Listing
|Summary:||Allow no authorization with delegation as a configurable option|
|Product:||CoG jglobus||Reporter:||Rachana Ananthakrishnan <email@example.com>|
|Component:||security||Assignee:||Rachana Ananthakrishnan <firstname.lastname@example.org>|
|Bug Depends on:|
Today CoG Jglobus explicitly prevents delegation of credential during handshake, if client authorization is not done (that is getExpectedName() in Authorization interface returns a null). This check is hardcoded and is not configurable. We have use case for a project that would like to allow delegation of client credential to any service that runs with a certificate from a CA the client trusts. I would like to make this a configurable option, preserving the existing behavior and documenting the necessary security considerations of exercising the option.