Bug 6498

Summary:	Allow no authorization with delegation as a configurable option
Product:	CoG jglobus	Reporter:	Rachana Ananthakrishnan <ranantha@mcs.anl.gov>
Component:	security	Assignee:	Rachana Ananthakrishnan <ranantha@mcs.anl.gov>
Status:	RESOLVED FIXED
Severity:	enhancement	CC:	jglobus-dev@globus.org
Priority:	P3
Version:	1.6.0
Target Milestone:	1.7
Hardware:	PC
OS:	Windows XP
Bug Depends on:
Bug Blocks:	6435

Description From Rachana Ananthakrishnan 2008-10-23 08:54:48

Today CoG Jglobus explicitly prevents delegation of credential during
handshake, if client authorization is not done (that is getExpectedName() in
Authorization interface returns a null). This check is hardcoded and is not
configurable.

We have use case for a project that would like to allow delegation of client
credential to any service that runs with a certificate from a CA the client
trusts. I would like to make this a configurable option, preserving the
existing behavior and documenting the necessary security considerations of
exercising the option.

------- Comment #1 From Rachana Ananthakrishnan 2008-10-24 10:51:18 -------

Added constant GSSConstants.AUTHZ_REQUIRED_WITH_DELEGATION that determines if
authorization is enforced with delegation. If the value is set to false, then
it is disabled, all other cases authorization is required.