On Tue, 19 May 1998, Luis Saiz wrote: > For those interested in CORBA & firewalls, yesterday a proposal was > submitted to OMG: > > http://www.omg.org/library/schedule/Firewall_RFP.htm > > ftp://ftp.omg.org/pub/docs/orbos/98-05-04.pdf > ftp://ftp.omg.org/pub/docs/orbos/98-05-04.ps IMHO this is a quite reasonable proposal. It supports simple server-side firewalls (the "TCP firewall" is a kind of plug-gw with a faked IOR), simple client-side firewalls (socks) and a real GIOP proxy. The TCP firewall and socks are basically what we use today, it's simple and proven technology. The GIOP proxy is much more complex, but has very nice features (normal, passthrough, trusted, untrusted). It solves a big problem of Java applet security because the client applet always connects to the GIOP proxy object. I also like the bi-directional GIOP. The weak side of the proposal is the missing CORBASEC and SecIOP. But IMO it's to early to solve these (huge) problems now and the support of SSL/IIOP is a very good step into the right direction. Something else I miss it the simple transparent TCP proxy. Rudi
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:59 PDT