6498 2008-10-23 08:54 Allow no authorization with delegation as a configurable option 2008-10-24 10:52:11 1 1 1 Unclassified CoG jglobus security 1.6.0 PC Windows XP RESOLVED FIXED P3 enhancement 1.7 6435 1 ranantha@mcs.anl.gov ranantha@mcs.anl.gov jglobus-dev@globus.org ranantha@mcs.anl.gov 2008-10-23 08:54:48 Today CoG Jglobus explicitly prevents delegation of credential during handshake, if client authorization is not done (that is getExpectedName() in Authorization interface returns a null). This check is hardcoded and is not configurable. We have use case for a project that would like to allow delegation of client credential to any service that runs with a certificate from a CA the client trusts. I would like to make this a configurable option, preserving the existing behavior and documenting the necessary security considerations of exercising the option. ranantha@mcs.anl.gov 2008-10-24 10:51:18 Added constant GSSConstants.AUTHZ_REQUIRED_WITH_DELEGATION that determines if authorization is enforced with delegation. If the value is set to false, then it is disabled, all other cases authorization is required.