[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [ecf-dev] RFC 119 Distributed OSGi authentication

Hi Wim,

FWIW, in ECF's existing impl of RFC119 we are using the service hooks (RFC 126) support. For those curious, the event hook is in the following bundle:

org.eclipse.ecf.osgi.services.distribution, class: org.eclipse.ecf.internal.osgi.services.distribution.EventHookImpl

This and the other RFC119 bundles are here in ecf's cvs area: org.eclipse.ecf/compendium/bundles

Also...FYI we already have listener interfaces that allow hooking into the registration/unregistration process on both the service host and the consumer. These listeners have the following interface names:

org.eclipse.ecf.osgi.services.distribution.IHostContainerFinder
org.eclipse.ecf.osgi.services.distribution.IHostDistributionListener
org.eclipse.ecf.osgi.services.distribution.IProxyContainerFinder
org.eclipse.ecf.osgi.services.distribution.IProxyDistributionListener

The intention here is to allow easy customization of the remote service registration (host side...i.e. IHost*) as well as remote service lookup/connect, and actual proxy creation (IProxy*).

All one has to do to hook into these notifications is to create an implementer of any of the above interfaces and then register it as a service (i.e. using whiteboard pattern). This would/does allow customization of the connect/authentication process (including...e.g. getting/exposing/using credentials).

For the container finder interfaces, there are default implementations that are used if no other impls are present. These classes are:

org.eclipse.ecf.osgi.services.distribution.DefaultHostContainerFinder
org.eclipse.ecf.osgi.services.distribution.DefaultProxyContainerFinder

You will note, for example, that the DefaultProxyContainerFinder method 'getConnectContext' currently simply returns null (it could return required/necessary credentials for the client to authenticate to server). Subclasses of DefaultProxyContainerFinder can/could easily change this behavior.

Scott

Wim Jongman wrote:


On Fri, Sep 18, 2009 at 6:15 PM, Scott Lewis <slewis@xxxxxxxxxxxxxxxxx <mailto:slewis@xxxxxxxxxxxxxxxxx>> wrote:

    Hi Saul,


Saul Goode wrote:

Is it possible to establish some kind of authentication
between the
provider of a DOSGi remote service (exposed via ECF) and its
client?



There's no specification of authentication or authorization as part of RFC119 itself (which is moving to be 'remote services' in the forthcoming OSGi spec).


Take a look at the service hooks API for this as well: http://www.osgi.org/blog/2009/02/osgi-service-hooks.html for a quick intro.


Met vriendelijke groet,

Wim Jongman

Remain Software (http://remainsoftware.com)
http://twitter.com/remainsoftware
http://twitter.com/wimjongman
------------------------------------------------------------------------

_______________________________________________
ecf-dev mailing list
ecf-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/ecf-dev