The Open Group Research Institute Java and ActiveX Projects G.N.Madhusudan Principal Research Scientist The OpenGroup Research Institute g.madhusudan@opengroup.org
Web and Security - Outline of Projects Secure Enterprise Web Projects DCE-Web foundation Current Groupware extensions - Sweden Post Prism extensions WIRE extensions ACL Plug-ins JADE ActiveX Core PST ADAGE and Rules-based Authorization SHAWS and Distributed Clients
JADE JADE - Java and DCE
Goals Allow DCE clients to be written in Java Java access to DCE runtime through native method classes Compatibility with existing DCE servers A minimal object model Portions of the DCE runtime in pure Java Java based DCE servers as a follow-on
JADE Benefits Make it possible to access DCE services from Java applications obtained through Secure Web access DCE internal services (e.g. name service) access DCE application services (e.g. banking service) Extend Java security by using DCE security enhance applet authentication a DCE aware Security Manager could grant the applet extra rights
JADE - Overview Java application Client Proxy JIDL generated Java DCE API Marshalling and rpc DCE Runtime
Objects and references Object = DCE server, or server resource Remote method invocation layered on RPC Object Reference = Binding Handle non-null UUID: multiple objects per server null UUID: server is the object server 1 uuid1 uuid2 uuid3 server 2
Client-side proxy Allows location-transparent access to server Methods are stubs compiled from IDL Proxy per binding handle (not per object) Additional methods: bind from NS or string client server proxy1 proxy2 proxy3 RPC obj1 obj2 obj3
IDL to Java IDL interface Java interface + stub class IDL operation Java method [uuid ( )] interface printer { boolean print([in]file, [user]u); void status([out]queue q); } interface printer { Boolean print(file f, user u); void status(queue q); } public class printerproxy extends ProxyBase implements printer { private printerproxy(rpchandle rpc) throws DceException { } public print(file f, user u) { f.marshal(rpc); u.marshal(rpc);. } public printer bind(rpchandle rpc) { return printerproxy(rpc); } }
Timetable Feb 97 Project started April 97 DCE IDL to Java Mapping; Demo application July 97 IDL-to-Java compiler; marshalling classes Oct 97 Initial pure Java runtime components Jan 98 Project Ends
Current Sponsors Digital DASCOM Chisholm Technologies CIC (The Big Ten + Univ. of Chicago)
ActiveX The ACD (ActiveX Core Technologies and DCE) A future technology base for the RI
Goals Provide reference implementations of ActiveX Core technology on Unix systems Ensure that ActiveX clients on Unix or Windows systems can securely interact with ActiveX servers on either system Integrate DCE security with ActiveX
Deliverables A reference implementation on Unix on top of an extended DCE RPC runtime. Needs full DCE client runtime. Will support both DCOM and DCE clients & servers. A second implementation built on top of MS RPC for clients that do not have a DCE runtime.
ActiveX Core Technologies Monikers Automation Structured Storage Data Transfer DCOM Object Management NTLM Registry S C M MSRPC runtime S S P I
Integrating DCOM with DCE Security MIDL Compiler DCE IDL Compiler MIDL stubs DCE stubs NTLM SSP DCE SSP MIDL Marshalling engine DCE Marshalling engine DCE RPC RUNTIME S S P I Registry CDS NT Domain Controller DCE Security Server
ActiveX Deliverables First half 1997 Ports of ActiveX to 17+ Unix platforms Sub goals: DCE security available via SSPI DCE security in MS RPC; interoperate with DCE secure RPC Second half 1997 Port ActiveX code base to DCE RPC Add NTLM (NT LAN Manager) as a DCE security service
ActiveX Participants Microsoft provided base code and specs. Four companies are working on the first release: Digital Equipment Software AG SNI Open Group The Active Group is forming
ActiveX Availability Open Group ships source Vendors will ship binaries only. Must be compliant before shipping. $0 client licenses: ActiveX is integrated into NT and Win 95. All vendor bug fixes go back into Open Group source.