You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@harmony.apache.org by Leo Li <li...@gmail.com> on 2007/08/14 07:44:22 UTC
[classlib][auth]Harmony lacks JGSS provider.
Hi, all
Since Java 1.4.2, RI introduced the package of org.ietf.jgss which
provides a framework to allows application developers to make use of
security services like authentication, data integrity and data
confidentiality from a variety of underlying security mechanisms like
Kerberos, using a unified API. And RI also provides an default provider,
sun.security.jgss.SunProvider, which contains the implementation for such
interfaces as org.ietf.jgss.GSSManager, org.ietf.jgss.GSSName, org.ietf.jgss
.GSSContext and etc.
Current Harmony's classlib actually implemented the framework in
org.ietf.jgss package, while lacks an implementation for JGSS provider. And
the property to denote the provider, "jgss.spi.manager", in harmony's
java.security file is still a blank.
Is it possible to get support from other open source project? From the
website of bouncycastle, there is no related feature of jgss if I have not
missed something.
Or else maybe we have to implement it ourselves?
Good luck!
--
Leo Li
China Software Development Lab, IBM
Re: [classlib][auth]Harmony lacks JGSS provider.
Posted by Leo Li <li...@gmail.com>.
On 8/16/07, Yang Paulex <pa...@gmail.com> wrote:
>
> 2007/8/16, Leo Li <li...@gmail.com>:
> >
> > On 8/14/07, Alexey Varlamov <al...@gmail.com> wrote:
> > >
> > > 2007/8/14, Leo Li <li...@gmail.com>:
> > > > Hi, all
> > > > Since Java 1.4.2, RI introduced the package of org.ietf.jgsswhich
> > > > provides a framework to allows application developers to make use of
> > > > security services like authentication, data integrity and data
> > > > confidentiality from a variety of underlying security mechanisms
> like
> > > > Kerberos, using a unified API. And RI also provides an default
> > provider,
> > > > sun.security.jgss.SunProvider, which contains the implementation for
> > > such
> > > > interfaces as org.ietf.jgss.GSSManager, org.ietf.jgss.GSSName,
> > > org.ietf.jgss
> > > > .GSSContext and etc.
> > > > Current Harmony's classlib actually implemented the framework in
> > > > org.ietf.jgss package, while lacks an implementation for JGSS
> > provider.
> > > And
> > > > the property to denote the provider, "jgss.spi.manager", in
> harmony's
> > > > java.security file is still a blank.
> > > > Is it possible to get support from other open source project?
> From
> > > the
> > > > website of bouncycastle, there is no related feature of jgss if I
> > have
> > > not
> > > > missed something.
> > >
> > > Hi Leo,
> > >
> > > Indeed we better integrate some exisitng library, otherwise have to
> > > implement it ourselves. The last option does not look feasible at the
> > > moment, and AFAICT we have not exhausted the possibilities with the
> > > first one ;)
> >
> >
> > Agree. It is no need to reinvent a wheel if there is one on our
> > side.:)
> >
> > With a bit of googling I found an open source JGSS implementation [1]
> > > which appears to be AL-compatible [2]. So hereby I call for volunteers
> > > to explore this particular possibility - one need to check if the impl
> > > is really suitable for Harmony needs and get in touch with project
> > > mantainers about ways of integration.
> > >
> > > [1]
> > >
> >
> http://www.cogkit.org/release/4_1_2/api/jglobus/org/globus/gsi/gssapi/package-summary.html
> > > [2] http://www.globus.org/toolkit/legal/4.0/licenses4.html#COG
> >
> >
> > Thanks for your detailed information. I would like to seek the
> > feasibility to make use of cogkit. Just from document[1], it provides an
> > implementation. I will try to merge it with harmony to see whether it
> > works
> > and try to seperate the smallest closure of classes as a JGSS provider.
> > About license, as you said, [2] claims that cog-jglobus.jar which
> > contains the classes for JGSS provider, is under a license very similar
> to
> > Apache License V2.0. But I am not an expert in this area and not sure
> > whether we shall negotiate with them for explicitly licensing the binary
> > module under Apache License.
> > Furthermore, after a preliminary study, I find that the cogkit JGSS
> > provider depends at least another puretls.jar, which is provided by
> > claymoresystems. Although puretls claims that it is under a Berkley
> style
> > license and it seems that tomcat also make use of this module and I do
> not
> > think it might constitute an obstacle, it really deserves for us to make
> > its
> > license clear. Is there somebody familiar with it?
>
>
> We can get Foudantion's help on IP related issues on legal discussion list
> -
> legal-discuss@apache.org.
>
> Or we can ask the authors of that project directly if they are OK to
> customize their implementation for Harmony project:), or if we can
> customize
> it ourselves and redistribute in Apache license.
>
> It's also helpful to understand their current compatibility with Java SE
> and
> other relevant standard as well as their roadmap.
Thanks, Alexey & Paulex.
After some struggling, I found that the JGSS provider from globus
actually does not work in a simple scenario test. Due to its compliated
library dependency and their different licences , I think it is not so wise
to fix it on our side. And I am trying to find some luck in apache Directory
project, who is now developing a pure java LDAP v3 compliant server, in
which kerberos is one main feature.
And at least some customization on cogkit is needed since it depends on
> > org.apache.commons.logging to record some logging information while I
> > think
> > it is not needed on harmony's usage.
> >
>
>
> The same issue is actually applicable to Kerberos-based JAAS
> > > framework; we have very basic impl of it, and it would be nice to look
> > > out & integrate some advanced provider.
> > >
> > > --
> > > Alexey
> > >
> > > > Or else maybe we have to implement it ourselves?
> > > >
> > > > Good luck!
> > > > --
> > > > Leo Li
> > > > China Software Development Lab, IBM
> > > >
> > >
> >
> >
> >
> > --
> > Leo Li
> > China Software Development Lab, IBM
> >
>
>
>
> --
> Paulex Yang
> China Software Development laboratory
> IBM
>
--
Leo Li
China Software Development Lab, IBM
Re: [classlib][auth]Harmony lacks JGSS provider.
Posted by Yang Paulex <pa...@gmail.com>.
2007/8/16, Leo Li <li...@gmail.com>:
>
> On 8/14/07, Alexey Varlamov <al...@gmail.com> wrote:
> >
> > 2007/8/14, Leo Li <li...@gmail.com>:
> > > Hi, all
> > > Since Java 1.4.2, RI introduced the package of org.ietf.jgss which
> > > provides a framework to allows application developers to make use of
> > > security services like authentication, data integrity and data
> > > confidentiality from a variety of underlying security mechanisms like
> > > Kerberos, using a unified API. And RI also provides an default
> provider,
> > > sun.security.jgss.SunProvider, which contains the implementation for
> > such
> > > interfaces as org.ietf.jgss.GSSManager, org.ietf.jgss.GSSName,
> > org.ietf.jgss
> > > .GSSContext and etc.
> > > Current Harmony's classlib actually implemented the framework in
> > > org.ietf.jgss package, while lacks an implementation for JGSS
> provider.
> > And
> > > the property to denote the provider, "jgss.spi.manager", in harmony's
> > > java.security file is still a blank.
> > > Is it possible to get support from other open source project? From
> > the
> > > website of bouncycastle, there is no related feature of jgss if I
> have
> > not
> > > missed something.
> >
> > Hi Leo,
> >
> > Indeed we better integrate some exisitng library, otherwise have to
> > implement it ourselves. The last option does not look feasible at the
> > moment, and AFAICT we have not exhausted the possibilities with the
> > first one ;)
>
>
> Agree. It is no need to reinvent a wheel if there is one on our
> side.:)
>
> With a bit of googling I found an open source JGSS implementation [1]
> > which appears to be AL-compatible [2]. So hereby I call for volunteers
> > to explore this particular possibility - one need to check if the impl
> > is really suitable for Harmony needs and get in touch with project
> > mantainers about ways of integration.
> >
> > [1]
> >
> http://www.cogkit.org/release/4_1_2/api/jglobus/org/globus/gsi/gssapi/package-summary.html
> > [2] http://www.globus.org/toolkit/legal/4.0/licenses4.html#COG
>
>
> Thanks for your detailed information. I would like to seek the
> feasibility to make use of cogkit. Just from document[1], it provides an
> implementation. I will try to merge it with harmony to see whether it
> works
> and try to seperate the smallest closure of classes as a JGSS provider.
> About license, as you said, [2] claims that cog-jglobus.jar which
> contains the classes for JGSS provider, is under a license very similar to
> Apache License V2.0. But I am not an expert in this area and not sure
> whether we shall negotiate with them for explicitly licensing the binary
> module under Apache License.
> Furthermore, after a preliminary study, I find that the cogkit JGSS
> provider depends at least another puretls.jar, which is provided by
> claymoresystems. Although puretls claims that it is under a Berkley style
> license and it seems that tomcat also make use of this module and I do not
> think it might constitute an obstacle, it really deserves for us to make
> its
> license clear. Is there somebody familiar with it?
We can get Foudantion's help on IP related issues on legal discussion list -
legal-discuss@apache.org.
Or we can ask the authors of that project directly if they are OK to
customize their implementation for Harmony project:), or if we can customize
it ourselves and redistribute in Apache license.
It's also helpful to understand their current compatibility with Java SE and
other relevant standard as well as their roadmap.
And at least some customization on cogkit is needed since it depends on
> org.apache.commons.logging to record some logging information while I
> think
> it is not needed on harmony's usage.
>
The same issue is actually applicable to Kerberos-based JAAS
> > framework; we have very basic impl of it, and it would be nice to look
> > out & integrate some advanced provider.
> >
> > --
> > Alexey
> >
> > > Or else maybe we have to implement it ourselves?
> > >
> > > Good luck!
> > > --
> > > Leo Li
> > > China Software Development Lab, IBM
> > >
> >
>
>
>
> --
> Leo Li
> China Software Development Lab, IBM
>
--
Paulex Yang
China Software Development laboratory
IBM
Re: [classlib][auth]Harmony lacks JGSS provider.
Posted by Leo Li <li...@gmail.com>.
On 8/14/07, Alexey Varlamov <al...@gmail.com> wrote:
>
> 2007/8/14, Leo Li <li...@gmail.com>:
> > Hi, all
> > Since Java 1.4.2, RI introduced the package of org.ietf.jgss which
> > provides a framework to allows application developers to make use of
> > security services like authentication, data integrity and data
> > confidentiality from a variety of underlying security mechanisms like
> > Kerberos, using a unified API. And RI also provides an default provider,
> > sun.security.jgss.SunProvider, which contains the implementation for
> such
> > interfaces as org.ietf.jgss.GSSManager, org.ietf.jgss.GSSName,
> org.ietf.jgss
> > .GSSContext and etc.
> > Current Harmony's classlib actually implemented the framework in
> > org.ietf.jgss package, while lacks an implementation for JGSS provider.
> And
> > the property to denote the provider, "jgss.spi.manager", in harmony's
> > java.security file is still a blank.
> > Is it possible to get support from other open source project? From
> the
> > website of bouncycastle, there is no related feature of jgss if I have
> not
> > missed something.
>
> Hi Leo,
>
> Indeed we better integrate some exisitng library, otherwise have to
> implement it ourselves. The last option does not look feasible at the
> moment, and AFAICT we have not exhausted the possibilities with the
> first one ;)
Agree. It is no need to reinvent a wheel if there is one on our side.:)
With a bit of googling I found an open source JGSS implementation [1]
> which appears to be AL-compatible [2]. So hereby I call for volunteers
> to explore this particular possibility - one need to check if the impl
> is really suitable for Harmony needs and get in touch with project
> mantainers about ways of integration.
>
> [1]
> http://www.cogkit.org/release/4_1_2/api/jglobus/org/globus/gsi/gssapi/package-summary.html
> [2] http://www.globus.org/toolkit/legal/4.0/licenses4.html#COG
Thanks for your detailed information. I would like to seek the
feasibility to make use of cogkit. Just from document[1], it provides an
implementation. I will try to merge it with harmony to see whether it works
and try to seperate the smallest closure of classes as a JGSS provider.
About license, as you said, [2] claims that cog-jglobus.jar which
contains the classes for JGSS provider, is under a license very similar to
Apache License V2.0. But I am not an expert in this area and not sure
whether we shall negotiate with them for explicitly licensing the binary
module under Apache License.
Furthermore, after a preliminary study, I find that the cogkit JGSS
provider depends at least another puretls.jar, which is provided by
claymoresystems. Although puretls claims that it is under a Berkley style
license and it seems that tomcat also make use of this module and I do not
think it might constitute an obstacle, it really deserves for us to make its
license clear. Is there somebody familiar with it?
And at least some customization on cogkit is needed since it depends on
org.apache.commons.logging to record some logging information while I think
it is not needed on harmony's usage.
The same issue is actually applicable to Kerberos-based JAAS
> framework; we have very basic impl of it, and it would be nice to look
> out & integrate some advanced provider.
>
> --
> Alexey
>
> > Or else maybe we have to implement it ourselves?
> >
> > Good luck!
> > --
> > Leo Li
> > China Software Development Lab, IBM
> >
>
--
Leo Li
China Software Development Lab, IBM
Re: [classlib][auth]Harmony lacks JGSS provider.
Posted by Alexey Varlamov <al...@gmail.com>.
2007/8/14, Leo Li <li...@gmail.com>:
> Hi, all
> Since Java 1.4.2, RI introduced the package of org.ietf.jgss which
> provides a framework to allows application developers to make use of
> security services like authentication, data integrity and data
> confidentiality from a variety of underlying security mechanisms like
> Kerberos, using a unified API. And RI also provides an default provider,
> sun.security.jgss.SunProvider, which contains the implementation for such
> interfaces as org.ietf.jgss.GSSManager, org.ietf.jgss.GSSName, org.ietf.jgss
> .GSSContext and etc.
> Current Harmony's classlib actually implemented the framework in
> org.ietf.jgss package, while lacks an implementation for JGSS provider. And
> the property to denote the provider, "jgss.spi.manager", in harmony's
> java.security file is still a blank.
> Is it possible to get support from other open source project? From the
> website of bouncycastle, there is no related feature of jgss if I have not
> missed something.
Hi Leo,
Indeed we better integrate some exisitng library, otherwise have to
implement it ourselves. The last option does not look feasible at the
moment, and AFAICT we have not exhausted the possibilities with the
first one ;)
With a bit of googling I found an open source JGSS implementation [1]
which appears to be AL-compatible [2]. So hereby I call for volunteers
to explore this particular possibility - one need to check if the impl
is really suitable for Harmony needs and get in touch with project
mantainers about ways of integration.
[1] http://www.cogkit.org/release/4_1_2/api/jglobus/org/globus/gsi/gssapi/package-summary.html
[2] http://www.globus.org/toolkit/legal/4.0/licenses4.html#COG
The same issue is actually applicable to Kerberos-based JAAS
framework; we have very basic impl of it, and it would be nice to look
out & integrate some advanced provider.
--
Alexey
> Or else maybe we have to implement it ourselves?
>
> Good luck!
> --
> Leo Li
> China Software Development Lab, IBM
>
Re: [classlib][auth]Harmony lacks JGSS provider.
Posted by Leo Li <li...@gmail.com>.
On 8/14/07, Spark Shen <sm...@gmail.com> wrote:
>
> Glad to see that you are also interested in developing JDK6 missing
> features. Would you also record your development plan and related
> information to the wiki once you start, since the JGSS provider may be
> harmony classlib specific feature according to your plan.
JGSS is not a new feature of JDK6, but introduced since JDK1.4.
Furthermore, I am not sure whether we shall implement it ourselves since
there might exist an open source candidate which is also compatible with
harmony's license somewhere. Maybe it is a little earlier to make the
plan.:)
Recently, I looked into jndi related feature. And found that RI provides two
> more jndi service providers than us - Ldap & Corba. These service
> providers
> are clients used to interact with ldap or corba servers.
> IIRC, Apache Yoko already provides corba features and its' binary has
> already been included in our build. If luck, we may utilize yoko to
> facilitate corba provider implementation.
+1.
As far as ldap is concerned, apache also has an apache ldap server. May be
> it can provide some help. At least we can use it in our test suite.
Those projects, as well as harmony, consist an ecosystem.:)
Any thoughts, opinions?
>
> Best regards
>
> 2007/8/14, Leo Li <li...@gmail.com>:
> >
> > Hi, all
> > Since Java 1.4.2, RI introduced the package of org.ietf.jgss which
> > provides a framework to allows application developers to make use of
> > security services like authentication, data integrity and data
> > confidentiality from a variety of underlying security mechanisms like
> > Kerberos, using a unified API. And RI also provides an default provider,
> > sun.security.jgss.SunProvider, which contains the implementation for
> such
> > interfaces as org.ietf.jgss.GSSManager, org.ietf.jgss.GSSName,
> > org.ietf.jgss
> > .GSSContext and etc.
> > Current Harmony's classlib actually implemented the framework in
> > org.ietf.jgss package, while lacks an implementation for JGSS provider.
> > And
> > the property to denote the provider, "jgss.spi.manager", in harmony's
> > java.security file is still a blank.
> > Is it possible to get support from other open source project? From
> the
> > website of bouncycastle, there is no related feature of jgss if I have
> > not
> > missed something.
> > Or else maybe we have to implement it ourselves?
> >
> > Good luck!
> > --
> > Leo Li
> > China Software Development Lab, IBM
> >
>
>
>
> --
> Spark Shen
> China Software Development Lab, IBM
>
--
Leo Li
China Software Development Lab, IBM
Re: [classlib][auth]Harmony lacks JGSS provider.
Posted by Spark Shen <sm...@gmail.com>.
Glad to see that you are also interested in developing JDK6 missing
features. Would you also record your development plan and related
information to the wiki once you start, since the JGSS provider may be
harmony classlib specific feature according to your plan.
Recently, I looked into jndi related feature. And found that RI provides two
more jndi service providers than us - Ldap & Corba. These service providers
are clients used to interact with ldap or corba servers.
IIRC, Apache Yoko already provides corba features and its' binary has
already been included in our build. If luck, we may utilize yoko to
facilitate corba provider implementation.
As far as ldap is concerned, apache also has an apache ldap server. May be
it can provide some help. At least we can use it in our test suite.
Any thoughts, opinions?
Best regards
2007/8/14, Leo Li <li...@gmail.com>:
>
> Hi, all
> Since Java 1.4.2, RI introduced the package of org.ietf.jgss which
> provides a framework to allows application developers to make use of
> security services like authentication, data integrity and data
> confidentiality from a variety of underlying security mechanisms like
> Kerberos, using a unified API. And RI also provides an default provider,
> sun.security.jgss.SunProvider, which contains the implementation for such
> interfaces as org.ietf.jgss.GSSManager, org.ietf.jgss.GSSName,
> org.ietf.jgss
> .GSSContext and etc.
> Current Harmony's classlib actually implemented the framework in
> org.ietf.jgss package, while lacks an implementation for JGSS provider.
> And
> the property to denote the provider, "jgss.spi.manager", in harmony's
> java.security file is still a blank.
> Is it possible to get support from other open source project? From the
> website of bouncycastle, there is no related feature of jgss if I have
> not
> missed something.
> Or else maybe we have to implement it ourselves?
>
> Good luck!
> --
> Leo Li
> China Software Development Lab, IBM
>
--
Spark Shen
China Software Development Lab, IBM