Bug 6498 – Allow no authorization with delegation as a configurable option

Bug 6498 - Allow no authorization with delegation as a configurable option

Summary:

Allow no authorization with delegation as a configurable option

Status:	RESOLVED FIXED

Product:	CoG jglobus
Component:	security
Version:	1.6.0
Platform:	PC Windows XP

Importance:	P3 enhancement
Target Milestone:	1.7
Assigned To:	Rachana Ananthakrishnan

URL:
Keywords:

Depends on:
Blocks:	6435
	Show dependency tree / graph

Reported:	2008-10-23 08:54 by Rachana Ananthakrishnan
Modified:	2008-10-24 10:52 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Rachana Ananthakrishnan 2008-10-23 08:54:48

Today CoG Jglobus explicitly prevents delegation of credential during
handshake, if client authorization is not done (that is getExpectedName() in
Authorization interface returns a null). This check is hardcoded and is not
configurable.

We have use case for a project that would like to allow delegation of client
credential to any service that runs with a certificate from a CA the client
trusts. I would like to make this a configurable option, preserving the
existing behavior and documenting the necessary security considerations of
exercising the option.

------- Comment #1 From Rachana Ananthakrishnan 2008-10-24 10:51:18 -------

Added constant GSSConstants.AUTHZ_REQUIRED_WITH_DELEGATION that determines if
authorization is enforced with delegation. If the value is set to false, then
it is disabled, all other cases authorization is required.