[jboss-dev-forums] [Design of JBoss Remoting, Unified Invokers] - Remoting 3 Security

Thursday, 5 July 2007

Some random thoughts about security in Remoting 3.

Authentication - SASL looks like a good option to support client authentication.   The API
makes it look pretty easy.  I know that SRP was proposed at one point as well.  Can an SRP
mechanism be added to SASL?  My first glance makes me think "yes".  But I
don't know how this would work with other mechanisms (e.g. GSS).

Encryption - currently there is SSL support for certain protocols (http mainly?).  It does
not look to me like SSL is supported for socket/multiplex/bisocket (see my wiki posting
for how/why these could be unified).  SSL/TLS should be available for the
"default" transport for sure.

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4060919#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-dev-forums] [Design of JBoss Remoting, Unified Invokers] - Remoting 3 Security