Interface SecLev2::TrustedAuthorityPolicy

interface TrustedAuthorityPolicy
inherits from CORBA::Policy

This policy says what enities from which the security service will accept validated principal names. For SSL it would be the CA's Distinguished Name. Set up a SecurityMechandName such that:

         mech_type     = "SSL";
         security_name = orbasec.corba.Name.encodeDirectoryName(
                         DER ASN.1 Encoding of a Distinguished Name X.500
                       ).getEncoding();
 

NOTE: FOR SSL these security names must be DER encodings. IAIK has a number of functions to create these.

NOTE: The security_name must be a orbasec.corba.Name encoding.

For Kerberos it would be the principal name of the subject's realm ticket granting ticket service. For example to list a trusted TGTS for polar



Attribute Index

client_peer_trusted_authorities
If we are the client, we trust these authorities of servers we authenticate.
own_trusted_authorities
If we are an application we trust these authorities for our credentials we acquire and authenticate.
server_peer_trusted_authorities
If we are the server, we trust these authorities of the clients that we authenticated.

Attributes

client_peer_trusted_authorities
readonly attribute TrustedAuthorityList client_peer_trusted_authorities;

If we are the client, we trust these authorities of servers we authenticate. If this list is empty, all authorities are considered trusted.


own_trusted_authorities
readonly attribute TrustedAuthorityList own_trusted_authorities;

If we are an application we trust these authorities for our credentials we acquire and authenticate. If this list is empty, all authorities are considered trusted.


server_peer_trusted_authorities
readonly attribute TrustedAuthorityList server_peer_trusted_authorities;

If we are the server, we trust these authorities of the clients that we authenticated. If this list is empty, all authorities are considered trusted.



Generated by the ORBacus IDL-to-HTML translator (non-commercial)