This policy says what enities from which the security service will accept validated principal names. For SSL it would be the CA's Distinguished Name. Set up a SecurityMechandName such that:
mech_type = "SSL"; security_name = orbasec.corba.Name.encodeDirectoryName( DER ASN.1 Encoding of a Distinguished Name X.500 ).getEncoding();
NOTE: FOR SSL these security names must be DER encodings. IAIK has a number of functions to create these.
NOTE: The security_name must be a orbasec.corba.Name encoding.
For Kerberos it would be the principal name of the subject's realm ticket granting ticket service. For example to list a trusted TGTS for polar
readonly attribute TrustedAuthorityList client_peer_trusted_authorities;
If we are the client, we trust these authorities of servers we authenticate. If this list is empty, all authorities are considered trusted.
readonly attribute TrustedAuthorityList own_trusted_authorities;
If we are an application we trust these authorities for our credentials we acquire and authenticate. If this list is empty, all authorities are considered trusted.
readonly attribute TrustedAuthorityList server_peer_trusted_authorities;
If we are the server, we trust these authorities of the clients that we authenticated. If this list is empty, all authorities are considered trusted.
Generated by the ORBacus IDL-to-HTML translator (non-commercial)