Bug 6498 - Allow no authorization with delegation as a configurable option
: Allow no authorization with delegation as a configurable option
: CoG jglobus
: 1.6.0
: PC Windows XP
: P3 enhancement
: 1.7
Assigned To:
: 6435
  Show dependency treegraph
Reported: 2008-10-23 08:54 by
Modified: 2008-10-24 10:52 (History)



You need to log in before you can comment on or make changes to this bug.

Description From 2008-10-23 08:54:48
Today CoG Jglobus explicitly prevents delegation of credential during
handshake, if client authorization is not done (that is getExpectedName() in
Authorization interface returns a null). This check is hardcoded and is not

We have use case for a project that would like to allow delegation of client
credential to any service that runs with a certificate from a CA the client
trusts. I would like to make this a configurable option, preserving the
existing behavior and documenting the necessary security considerations of
exercising the option.
------- Comment #1 From 2008-10-24 10:51:18 -------
Added constant GSSConstants.AUTHZ_REQUIRED_WITH_DELEGATION that determines if
authorization is enforced with delegation. If the value is set to false, then
it is disabled, all other cases authorization is required.