Merge pull request #2309 from mitza-oci/warnings
[ACE_TAO.git] / TAO / docs / Security / Conformance.html
blob7f3ac64c8f24d237ffda2dc37437a4b721fb000f
1 <html>
2 <!-- -->
3 <!-- #BeginTemplate "/Templates/TAO_Security.dwt" -->
4 <head>
5 <!-- #BeginEditable "doctitle" -->
6 <title>TAO -- CORBA Security</title>
7 <!-- #EndEditable -->
8 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
9 <script language="JavaScript">
10 <!--
11 function MM_preloadImages() { //v3.0
12 var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
13 var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
14 if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
17 function MM_findObj(n, d) { //v3.0
18 var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
19 d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
20 if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
21 for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document); return x;
24 function MM_nbGroup(event, grpName) { //v3.0
25 var i,img,nbArr,args=MM_nbGroup.arguments;
26 if (event == "init" && args.length > 2) {
27 if ((img = MM_findObj(args[2])) != null && !img.MM_init) {
28 img.MM_init = true; img.MM_up = args[3]; img.MM_dn = img.src;
29 if ((nbArr = document[grpName]) == null) nbArr = document[grpName] = new Array();
30 nbArr[nbArr.length] = img;
31 for (i=4; i < args.length-1; i+=2) if ((img = MM_findObj(args[i])) != null) {
32 if (!img.MM_up) img.MM_up = img.src;
33 img.src = img.MM_dn = args[i+1];
34 nbArr[nbArr.length] = img;
35 } }
36 } else if (event == "over") {
37 document.MM_nbOver = nbArr = new Array();
38 for (i=1; i < args.length-1; i+=3) if ((img = MM_findObj(args[i])) != null) {
39 if (!img.MM_up) img.MM_up = img.src;
40 img.src = (img.MM_dn && args[i+2]) ? args[i+2] : args[i+1];
41 nbArr[nbArr.length] = img;
43 } else if (event == "out" ) {
44 for (i=0; i < document.MM_nbOver.length; i++) {
45 img = document.MM_nbOver[i]; img.src = (img.MM_dn) ? img.MM_dn : img.MM_up; }
46 } else if (event == "down") {
47 if ((nbArr = document[grpName]) != null)
48 for (i=0; i < nbArr.length; i++) { img=nbArr[i]; img.src = img.MM_up; img.MM_dn = 0; }
49 document[grpName] = nbArr = new Array();
50 for (i=2; i < args.length-1; i+=2) if ((img = MM_findObj(args[i])) != null) {
51 if (!img.MM_up) img.MM_up = img.src;
52 img.src = img.MM_dn = args[i+1];
53 nbArr[nbArr.length] = img;
54 } }
56 //-->
57 </script>
58 </head>
60 <body bgcolor="#FFFFFF" onLoad="MM_preloadImages('fireworks/nav_bar_r02_c2_f3.gif','fireworks/nav_bar_r02_c2_f2.gif','fireworks/nav_bar_r04_c2_f3.gif','fireworks/nav_bar_r04_c2_f2.gif','fireworks/nav_bar_r04_c2_f4.gif','fireworks/nav_bar_r06_c2_f3.gif','fireworks/nav_bar_r06_c2_f2.gif','fireworks/nav_bar_r06_c2_f4.gif','fireworks/nav_bar_r08_c2_f3.gif','fireworks/nav_bar_r08_c2_f2.gif','fireworks/nav_bar_r08_c2_f4.gif','fireworks/nav_bar_r10_c2_f3.gif','fireworks/nav_bar_r10_c2_f2.gif','fireworks/nav_bar_r10_c2_f4.gif','fireworks/nav_bar_r12_c2_f3.gif','fireworks/nav_bar_r12_c2_f2.gif','fireworks/nav_bar_r12_c2_f4.gif','fireworks/nav_bar_r02_c2_f4.gif')">
61 <div id="Layer2" style="position:absolute; left:89px; top:32px; width:792px; height:125px; z-index:2">
62 <h1 align="center"><img src="images/CORBA_Security.jpg" width="500" height="131" align="middle"></h1>
63 </div>
64 <div id="Layer3" style="position:absolute; left:257px; top:199px; width:625px; height:1px; z-index:3"><!-- #BeginEditable "Body" -->
65 <p align="center"><font size="5">CORBA Security Conformance Statement</font></p>
66 <p align="center">28 November, 2000</p>
67 <p align="center">TAO (The ACE ORB)</p>
68 <p align="center">Center for Distributed Object Computing, Washington University<br>
69 Distributed Object Computing Laboratory, University of California at Irvine</p>
70 <ul>
71 <li><a href="#Introduction">Introduction</a>
72 <ul>
73 <li><a href="#Introduction_1">Summary of Security Conformance</a></li>
74 <li><a href="#Introduction_2">Scope of Product</a></li>
75 <li><a href="#Introduction_3">Security Overview</a></li>
76 </ul>
77 </li>
78 <li><a href="#Security_Conformance">Security Conformance</a>
79 <ul>
80 <li><a href="#Security_Conformance_1">Main Security Functionality Level</a></li>
81 <li><a href="#Security_Conformance_2">Security Functionality Options</a></li>
82 <li><a href="#Security_Conformance_3">Security Replaceability</a></li>
83 <li><a href="#Security_Conformance_4">Secure Interoperability</a></li>
84 <li><a href="#Security_Conformance_5">Level of Interoperability</a></li>
85 <li><a href="#Security_Conformance_6">Mechanism Profiles</a></li>
86 </ul>
87 </li>
88 <li><a href="#Assurance">Assurance</a>
89 <ul>
90 <li><a href="#Assurance_1">Philosophy of Protection</a></li>
91 <li><a href="#Assurance_2">Threats</a> </li>
92 <li><a href="#Assurance_3">Security Policies</a></li>
93 <li><a href="#Assurance_4">Security Protection Mechanisms</a></li>
94 <li><a href="#Assurance_5">Environmental Support</a></li>
95 <li><a href="#Assurance_6">Configuration Constraints</a></li>
96 <li><a href="#Assurance_7">Security Policy Extensions</a></li>
97 </ul>
98 </li>
99 <li><a href="#Supplemental">Supplemental Product Information</a></li>
100 </ul>
101 <h2>1. Introduction<a name="Introduction"></a> </h2>
102 <p>The security features that TAO provides are introduced in this section. Detailed
103 descriptions are available in later major sections. </p>
104 <h3>1.1 Summary of Security Conformance<a name="Introduction_1"></a></h3>
105 <p>This section summarizes the CORBA Security Service features that TAO provides.</p>
106 <table width="100%" border="1" align="center">
107 <tr bgcolor="#CCCCFF">
108 <td colspan="5">
109 <div align="center"><b>CORBA Security Functionality Checklist</b></div>
110 </td>
111 </tr>
112 <tr>
113 <td rowspan="2" width="26%">
114 <div align="center">
115 <p><b>Main Functionality</b></p>
116 <p><b> (Level 1 or Level 2)</b></p>
117 </div>
118 </td>
119 <td rowspan="2" width="22%">
120 <div align="center">
121 <p><b>Functionality Options</b></p>
122 <p><b>(Non-Repudiation)</b></p>
123 </div>
124 </td>
125 <td colspan="3">
126 <div align="center"><b>Security Replaceability</b></div>
127 </td>
128 </tr>
129 <tr>
130 <td width="16%">
131 <div align="center"><b>ORB Services</b></div>
132 </td>
133 <td width="18%">
134 <div align="center"><b>Security Services</b></div>
135 </td>
136 <td width="18%">
137 <div align="center"><b>Security Ready</b></div>
138 </td>
139 </tr>
140 <tr>
141 <td width="26%" bgcolor="#3333FF">&nbsp;</td>
142 <td width="22%">&nbsp;</td>
143 <td width="16%">&nbsp;</td>
144 <td width="18%" bgcolor="#3333FF">&nbsp;</td>
145 <td width="18%">&nbsp;</td>
146 </tr>
147 </table>
148 <p>&nbsp;</p>
149 <table width="100%" border="1" align="center">
150 <tr bgcolor="#CCCCFF">
151 <td height="2" colspan="9">
152 <div align="center"><b>CORBA Secure Interoperability Checklist</b></div>
153 </td>
154 </tr>
155 <tr>
156 <td>
157 <div align="center"><b>Interoperability</b></div>
158 </td>
159 <td colspan="7">
160 <div align="center"><b>IIOP</b></div>
161 </td>
162 <td>
163 <div align="center"><b>DCE</b></div>
164 </td>
165 </tr>
166 <tr>
167 <td rowspan="3">
168 <div align="center"><b>Level</b></div>
169 </td>
170 <td colspan="6">
171 <div align="center"><b>SECIOP</b></div>
172 </td>
173 <td rowspan="3">
174 <div align="center"><b>SSL</b></div>
175 <div align="center"></div>
176 <div align="center"></div>
177 </td>
178 <td rowspan="3">
179 <div align="center"><b>CIOP</b></div>
180 <div align="center"></div>
181 <div align="center"></div>
182 </td>
183 </tr>
184 <tr>
185 <td colspan="2">
186 <div align="center"><b>SPKM</b></div>
187 </td>
188 <td rowspan="2">
189 <div align="center"><b>Kerberos</b></div>
190 </td>
191 <td colspan="3">
192 <div align="center"><b>CSI-ECMA</b></div>
193 </td>
194 </tr>
195 <tr>
196 <td>
197 <div align="center"><b>SPKM 1</b></div>
198 </td>
199 <td>
200 <div align="center"><b>SPKM 2</b></div>
201 </td>
202 <td>
203 <div align="center"><b>Private</b></div>
204 </td>
205 <td>
206 <div align="center"><b>Public</b></div>
207 </td>
208 <td>
209 <div align="center"><b>Hybrid</b></div>
210 </td>
211 </tr>
212 <tr>
213 <td>
214 <div align="center">Level 0</div>
215 </td>
216 <td>&nbsp;</td>
217 <td>&nbsp;</td>
218 <td>&nbsp;</td>
219 <td>&nbsp;</td>
220 <td>&nbsp;</td>
221 <td>&nbsp;</td>
222 <td bgcolor="#33FF33">&nbsp;</td>
223 <td>&nbsp;</td>
224 </tr>
225 <tr>
226 <td>
227 <div align="center">Level 1</div>
228 </td>
229 <td bgcolor="#999999">&nbsp; </td>
230 <td bgcolor="#999999">&nbsp;</td>
231 <td>&nbsp;</td>
232 <td>&nbsp;</td>
233 <td>&nbsp;</td>
234 <td>&nbsp;</td>
235 <td bgcolor="#999999">&nbsp;</td>
236 <td>&nbsp;</td>
237 </tr>
238 <tr>
239 <td>
240 <div align="center">Level 2</div>
241 </td>
242 <td bgcolor="#999999">&nbsp;</td>
243 <td bgcolor="#999999">&nbsp;</td>
244 <td bgcolor="#999999">&nbsp;</td>
245 <td>&nbsp;</td>
246 <td>&nbsp;</td>
247 <td>&nbsp;</td>
248 <td bgcolor="#999999">&nbsp;</td>
249 <td>&nbsp;</td>
250 </tr>
251 </table>
252 <p>&nbsp;</p>
253 <table width="71%" border="1" align="center">
254 <tr>
255 <td width="22%" height="32">
256 <div align="center"><b>Supported</b></div>
257 </td>
258 <td width="18%" height="32">
259 <div align="center"><b>Pending</b></div>
260 </td>
261 <td width="16%" height="32">
262 <div align="center"><b>N/A</b></div>
263 </td>
264 </tr>
265 <tr>
266 <td width="22%" height="32" bgcolor="#33FF33">
267 <div align="left"></div>
268 </td>
269 <td width="18%" height="32" bgcolor="#3333FF">
270 <div align="left"></div>
271 </td>
272 <td width="16%" height="32" bgcolor="#999999">
273 <div align="left"></div>
274 </td>
275 </tr>
276 </table>
277 <h3>1.2 Scope of Product<a name="Introduction_2"></a></h3>
278 <p> TAO supports confidential communication through its IIOP over SSL pluggable
279 protocol, <a href="SSLIOP.html">SSLIOP</a>.</p>
280 <h3>1.3 Security Overview<a name="Introduction_3"></a></h3>
281 <p>Using TAO's SSLIOP pluggable protocol, it is possible to ensure that all
282 remote method invocations between ORBs that implement IIOP over SSL are confidential.
283 This is made possible by the confidentiality the Secure Socket Layer (SSL)
284 provides. X.509 certificate-based access control is also possible using TAO's
285 <code>SSLIOP::Current</code> extension.</p>
286 <ul>
287 <ul>
288 <blockquote>
289 <ul>
290 <ul>
291 <ul>
292 </ul>
293 </ul>
294 </ul>
295 </blockquote>
296 </ul>
297 </ul>
298 <h2>2. Security Conformance<a name="Security_Conformance"></a></h2>
299 <p>TAO conformance to the CORBA Security Service is detailed in this section.</p>
300 <h3>2.1 Main Security Functionality Level<a name="Security_Conformance_1"></a></h3>
301 <p>Work is currently underway to implement Security Functionality Level 1.</p>
302 <h3>2.2 Security Functionality Options<a name="Security_Conformance_2"></a></h3>
303 <p>There are no current plans to implement non-repudiation. However, this may
304 change in the future.</p>
305 <h3>2.3 Security Replaceability<a name="Security_Conformance_3"></a></h3>
306 <p>Work is currently underway to implement the core Security Replaceability
307 components detailed in the Security Service.</p>
308 <h3>2.4 Secure Interoperability<a name="Security_Conformance_4"></a></h3>
309 <p>TAO supports SSL based interoperability. It uses <a href="http://www.openssl.org/">OpenSSL</a>
310 as its underlying SSL implementation.</p>
311 <h3>2.5 Level of Interoperability<a name="Security_Conformance_5"></a></h3>
312 <p>TAO supports <i>level 0</i> interoperability through its IIOP over SSL pluggable
313 protocol, <a href="SSLIOP.html">SSLIOP</a>.</p>
314 <h3>2.6 Mechanism Profiles<a name="Security_Conformance_6"></a></h3>
315 <p>All cryptographic profiles supported by SSL, OpenSSL in particular, are supported
316 by TAO. ORBs that support those profiles should be able to interoperate with
317 TAO. </p>
318 <h2>3. Assurance<a name="Assurance"></a></h2>
319 <h3>3.1 Philosophy of Protection<a name="Assurance_1"></a></h3>
320 <h3>3.2 Threats<a name="Assurance_2"></a></h3>
321 <h3>3.3 Security Policies<a name="Assurance_3"></a></h3>
322 <h3>3.4 Security Protection Mechanisms<a name="Assurance_4"></a></h3>
323 <h3>3.5 Environmental Support<a name="Assurance_5"></a></h3>
324 <h3>3.6 Configuration Constraints<a name="Assurance_6"></a></h3>
325 <h3>3.7 Security Policy Extensions<a name="Assurance_7"></a></h3>
326 <h2>4. Supplemental Product Information<a name="Supplemental"></a></h2>
327 <!-- #EndEditable --></div>
328 <div id="Layer1" style="position:absolute; left:87px; top:162px; width:153px; height:373px; z-index:4"><!-- Image with table -->
329 <table border="0" cellpadding="0" cellspacing="0" width="158">
330 <!-- fwtable fwsrc="Untitled" fwbase="nav_bar.gif" -->
331 <tr> <!-- Shim row, height 1. -->
332 <td><img src="/fireworks/shim.gif" width="9" height="1" border="0" name="undefined_2"></td>
333 <td><img src="/fireworks/shim.gif" width="141" height="1" border="0" name="undefined_2"></td>
334 <td><img src="/fireworks/shim.gif" width="8" height="1" border="0" name="undefined_2"></td>
335 <td><img src="/fireworks/shim.gif" width="1" height="1" border="0" name="undefined_2"></td>
336 </tr>
337 <tr valign="top"><!-- row 1 -->
338 <td colspan="3"><img name="nav_bar_r01_c1" src="fireworks/nav_bar_r01_c1.gif" width="158" height="35" border="0"></td>
339 <td><img src="/fireworks/shim.gif" width="1" height="35" border="0" name="undefined_2"></td>
340 </tr>
341 <tr valign="top"><!-- row 2 -->
342 <td rowspan="12"><img name="nav_bar_r02_c1" src="fireworks/nav_bar_r02_c1.gif" width="9" height="342" border="0"></td>
343 <td><a href="index.html" onMouseOut="MM_nbGroup('out');" onMouseOver="MM_nbGroup('over','Home','fireworks/nav_bar_r02_c2_f2.gif','fireworks/nav_bar_r02_c2_f4.gif',1)" onClick="MM_nbGroup('down','navbar1','Home','fireworks/nav_bar_r02_c2_f3.gif',1)" ><img name="Home" src="fireworks/nav_bar_r02_c2.gif" border="0" onLoad=""></a></td>
344 <td rowspan="12"><img name="nav_bar_r02_c3" src="fireworks/nav_bar_r02_c3.gif" width="8" height="342" border="0"></td>
345 <td><img src="/fireworks/shim.gif" width="1" height="36" border="0" name="undefined_2"></td>
346 </tr>
347 <tr valign="top"><!-- row 3 -->
348 <td><img name="nav_bar_r03_c2" src="fireworks/nav_bar_r03_c2.gif" width="141" height="5" border="0"></td>
349 <td><img src="/fireworks/shim.gif" width="1" height="5" border="0" name="undefined_2"></td>
350 </tr>
351 <tr valign="top"><!-- row 4 -->
352 <td><a href="Download.html" onMouseOut="MM_nbGroup('out');" onMouseOver="MM_nbGroup('over','Download','fireworks/nav_bar_r04_c2_f2.gif','fireworks/nav_bar_r04_c2_f4.gif',1)" onClick="MM_nbGroup('down','navbar1','Download','fireworks/nav_bar_r04_c2_f3.gif',1)" ><img name="Download" src="fireworks/nav_bar_r04_c2.gif" width="141" height="36" border="0" onLoad=""></a></td>
353 <td><img src="/fireworks/shim.gif" width="1" height="36" border="0" name="undefined_2"></td>
354 </tr>
355 <tr valign="top"><!-- row 5 -->
356 <td><img name="nav_bar_r05_c2" src="fireworks/nav_bar_r05_c2.gif" width="141" height="5" border="0"></td>
357 <td><img src="/fireworks/shim.gif" width="1" height="5" border="0" name="undefined_2"></td>
358 </tr>
359 <tr valign="top"><!-- row 6 -->
360 <td><a href="http://www.dre.vanderbilt.edu/~schmidt/TAO.html" onMouseOut="MM_nbGroup('out');" onMouseOver="MM_nbGroup('over','TAO','fireworks/nav_bar_r06_c2_f2.gif','fireworks/nav_bar_r06_c2_f4.gif',1)" onClick="MM_nbGroup('down','navbar1','TAO','fireworks/nav_bar_r06_c2_f3.gif',1)" ><img name="TAO" src="fireworks/nav_bar_r06_c2.gif" width="141" height="36" border="0" onLoad=""></a></td>
361 <td><img src="/fireworks/shim.gif" width="1" height="36" border="0" name="undefined_2"></td>
362 </tr>
363 <tr valign="top"><!-- row 7 -->
364 <td><img name="nav_bar_r07_c2" src="fireworks/nav_bar_r07_c2.gif" width="141" height="5" border="0"></td>
365 <td><img src="/fireworks/shim.gif" width="1" height="5" border="0" name="undefined_2"></td>
366 </tr>
367 <tr valign="top"><!-- row 8 -->
368 <td><a href="SSLIOP.html" onMouseOut="MM_nbGroup('out');" onMouseOver="MM_nbGroup('over','SSLIOP','fireworks/nav_bar_r08_c2_f2.gif','fireworks/nav_bar_r08_c2_f4.gif',1)" onClick="MM_nbGroup('down','navbar1','SSLIOP','fireworks/nav_bar_r08_c2_f3.gif',1)" ><img name="SSLIOP" src="fireworks/nav_bar_r08_c2.gif" width="141" height="36" border="0" onLoad=""></a></td>
369 <td><img src="/fireworks/shim.gif" width="1" height="36" border="0" name="undefined_2"></td>
370 </tr>
371 <tr valign="top"><!-- row 9 -->
372 <td><img name="nav_bar_r09_c2" src="fireworks/nav_bar_r09_c2.gif" width="141" height="5" border="0"></td>
373 <td><img src="/fireworks/shim.gif" width="1" height="5" border="0" name="undefined_2"></td>
374 </tr>
375 <tr valign="top"><!-- row 10 -->
376 <td><a href="Security_Service.html" onMouseOut="MM_nbGroup('out');" onMouseOver="MM_nbGroup('over','Security_Service','fireworks/nav_bar_r10_c2_f2.gif','fireworks/nav_bar_r10_c2_f4.gif',1)" onClick="MM_nbGroup('down','navbar1','Security_Service','fireworks/nav_bar_r10_c2_f3.gif',1)" ><img name="Security_Service" src="fireworks/nav_bar_r10_c2.gif" width="141" height="36" border="0" onLoad=""></a></td>
377 <td><img src="/fireworks/shim.gif" width="1" height="36" border="0" name="undefined_2"></td>
378 </tr>
379 <tr valign="top"><!-- row 11 -->
380 <td><img name="nav_bar_r11_c2" src="fireworks/nav_bar_r11_c2.gif" width="141" height="5" border="0"></td>
381 <td><img src="/fireworks/shim.gif" width="1" height="5" border="0" name="undefined_2"></td>
382 </tr>
383 <tr valign="top"><!-- row 12 -->
384 <td><a href="FAQ.html" onMouseOut="MM_nbGroup('out');" onMouseOver="MM_nbGroup('over','FAQ','fireworks/nav_bar_r12_c2_f2.gif','fireworks/nav_bar_r12_c2_f4.gif',1)" onClick="MM_nbGroup('down','navbar1','FAQ','fireworks/nav_bar_r12_c2_f3.gif',1)" ><img name="FAQ" src="fireworks/nav_bar_r12_c2.gif" width="141" height="36" border="0" onLoad=""></a></td>
385 <td><img src="/fireworks/shim.gif" width="1" height="36" border="0" name="undefined_2"></td>
386 </tr>
387 <tr valign="top"><!-- row 13 -->
388 <td><img name="nav_bar_r13_c2" src="fireworks/nav_bar_r13_c2.gif" width="141" height="101" border="0"></td>
389 <td><img src="/fireworks/shim.gif" width="1" height="101" border="0" name="undefined_2"></td>
390 </tr>
391 <!-- This table was automatically created with Macromedia Fireworks 3.0 -->
392 <!-- http://www.macromedia.com -->
393 </table>
394 </div>
395 <table border="0" cellpadding="0" cellspacing="0">
396 <tr>
397 <td>&nbsp;</td>
398 </tr>
399 </table>
400 </body>
401 <!-- #EndTemplate --></html>