Previous | Table of Contents | Next |
The SAS protocol was designed under the following assumptions:
• Secure interoperability is predicated on the use of a common transport-layer security mechanism, such as that provided by SSL/TLS.3
• The transport layer provides message protection as necessary to protect GIOP input and output request arguments.
• The transport layer provides target-to-client authentication as necessary to identify the target for the purpose of ensuring that the target is the intended target.
• Transport-layer security can ensure that the client does not have to issue a preliminary request to establish a confidential association with the intended target.4
• To support clients that cannot authenticate using transport-layer security mechanisms, the SAS protocol shall provide for client authentication above the transport layer.
• To support the formation of security contexts using GIOP service context, the SAS protocol shall require at most one message in each direction to establish a security context.
• The protocol shall support security contexts that exist only for the duration of a single request/reply pair.
• The protocol shall support security contexts that can be reused for multiple request/reply pairs.
• Targets cannot rely on clients to manage the lifecycle of reusable security contexts accepted by the target.
3. Transport security mechanisms include unprotected transports within trusted environments.
4. This assumption does not preclude the use of such mechanisms, but rather sustains the use of this protocol in environments where such mechanisms are not considered favorably.
• Clients that reuse security contexts shall be capable of processing replies that indicate that the context has been discarded
by the target.
Context Protocol
Supplemental Client Authentication Layer
Client Authentication
Figure 24-1 CSIv2 Security Architecture