Interface SecurityReplaceable::Vault

interface Vault

The vault is the object that ties the security contexts and credentials together. The vault here has been enhanced to "acquire" credentials, i.e. authenticate and create the own credentials objects. The PrincipalAuthenticator makes calls on this object.



Attribute Index

supported_mech_oids
This attribute returns the list of OIDs that name mechanisms, such as GSS kerberos, GSS sesame, etc.

Operation Index

accept_security_context
This operation create a Server Side security context.
acquire_credentials
SecurityReplaceable Enhancement.

This operation is used by the PrincipalAuthenticator to create the own credentials.

continue_acquisition
This operation is for continuing the authentication process should it be needed, i.e.
get_supported_authen_methods
This operation returns the authentication methods that are valid for a particular mechanism that the Vault object supports.
get_supported_mechs
Returns the supported mechanisms.
init_security_context
This operation initialized a ClientSide Security Context.

Attributes

supported_mech_oids
readonly attribute Security::OIDList supported_mech_oids;

This attribute returns the list of OIDs that name mechanisms, such as GSS kerberos, GSS sesame, etc. that are supported by this vault.



Operations

accept_security_context
Security::AssociationStatus accept_security_context(in SecurityLevel2::CredentialsList cred_list,
                                                    in Security::ChannelBindings chan_binding,
                                                    in Security::Opaque in_token,
                                                    out Security::OpaqueBuffer out_token,
                                                    out ServerSecurityContext security_context);

This operation create a Server Side security context.

Parameters:
creds_list. - This would normally be the list of own credentials. Can't really see using receieved credentials here.
chan_binding - This channel binding.
in_token - The token that needs to be accepted.
out_token - The next token. If this token has data.
Returns:
SecAssocSuccess if the security context has reached the SecContextEstablished state. If so, a Complete Establishment message will be sent back to the client. SecAssocContinue if the security context has reached a SecContextContinued state. If so a Continue Establishsment message will be sent back to the client. This method should raise an exception with an informative error should the operation fail.

acquire_credentials
Security::AuthenticationStatus acquire_credentials(in Security::AuthenticationMethod method,
                                                   in Security::MechanismType mechanism,
                                                   in Security::SecurityName security_name,
                                                   in Security::Opaque auth_data,
                                                   in Security::AttributeList privileges,
                                                   out SecurityLevel2::Credentials creds,
                                                   out Security::Opaque continuation_data,
                                                   out Security::Opaque auth_specific_data);

SecurityReplaceable Enhancement.

This operation is used by the PrincipalAuthenticator to create the own credentials.

Parameters:
mechanism - The mechanism, i.e. type, of the credentials to acquire.
method - The method of authentication that is used.
security_name - The security name of the credential.
auth_data - Specific data in a form that is specified by the vault particular to the mechanism to authencticate the security_name.
creds - These are the output credentials of the "Own" credentials type. These same credentials may be retrieved off of the security current.
continuation_data - This parameter is for the return of data for of continuation fo the authentication. For this particular Kerberos Vault the authentication is a one step process. No data will be returned in this parameter.
auth_specific_data - For the particular this Kerberos Vault this parameter returns nothing.
Returns:
SecAssocSuccess if the credential was acquired. SecFailure will not be returned, as the PA will raise a CORBA::NO_PERMISSION exception with an informative reason. SecAssocContinue will not be returned either since the particular Kerberos Vault being used does not have more than a one step authentication process.

continue_acquisition
Security::AuthenticationStatus continue_acquisition(in Security::Opaque response_data,
                                                    in SecurityLevel2::Credentials creds,
                                                    out Security::Opaque continuation_data,
                                                    out Security::Opaque auth_specific_data);

This operation is for continuing the authentication process should it be needed, i.e. acquiree_credential returns SecAssocContinue. However, the particular Kerberos Vault does not continue acquisition, and therefore, it is not used.


get_supported_authen_methods
Security::AuthenticationMethodList get_supported_authen_methods(in Security::MechanismType mechanism);

This operation returns the authentication methods that are valid for a particular mechanism that the Vault object supports. This operation raises a CORBA::BAD_PARAM exception of the vault does not support the mechanism.


get_supported_mechs
Security::MechandOptionsList get_supported_mechs();

Returns the supported mechanisms.


init_security_context
Security::AssociationStatus init_security_context(in SecurityLevel2::Credentials creds,
                                                  in Security::SecurityName target_security_name,
                                                  in Object target,
                                                  in Security::DelegationMode delegation_mode,
                                                  in Security::OptionsDirectionPairList association_options,
                                                  in Security::MechanismType mechanism,
                                                  in Security::Opaque mech_data,
                                                  in Security::ChannelBindings chan_binding,
                                                  out Security::OpaqueBuffer security_token,
                                                  out ClientSecurityContext security_context);

This operation initialized a ClientSide Security Context.

Parameters:
cred_list - The list of credentials to use. This will be a list of one own credential or the list of receieved credentials. Uggh, this unsemantic list!
target_security_name - The name of the target to authenticate.
target - This is the object reference, and this really has no semantic meaning, since security contexts can be reused over multiple targets. So this parameter doesn't make much sense.
delegation_mode - This is the delegation mode that we want to support for the context.
mechanism - The mechanism we are going to use. This largley has to do with the credentials supplied.
chan_binding - The channel bindings for the security context.
security_token - This is the initial security token.
securit_context - This is a ClientSide security context in the SecContextInitialized state.


Generated by the ORBacus IDL-to-HTML translator (non-commercial)