2.2.2.26 ORBSecuritySettingsProperty

  • Article

The ORBSecuritySettingsProperty type represents a set of ORB security settings as an integer.

Simple type: eDT_ULONG

Validity: MUST be a combination of the following flags.

Flag

Meaning

fAC_MUTUAL_AUTH

0x00000001

The ORB is to provide mutual authentication services if this capability is supported.

fAC_SECURE_REFS

0x00000002

The ORB is to provide services to secure reference counting against malicious tampering if this capability is supported.

fAC_DYNAMIC

0x00000010

This flag is reserved for future use and SHOULD NOT be set.

fAC_STATIC_CLOAKING

0x00000020

The ORB is to configure the default behavior for outgoing calls to use static cloaking if this capability is supported. Static cloaking means that on the first outgoing call to a particular target, the ORB captures the identity of an impersonated client, if any, and uses this identity for all calls to this target. It MUST NOT be used with fAC_DYNAMIC_CLOAKING.

fAC_DYNAMIC_CLOAKING

0x00000040

The ORB is to configure the default behavior for outgoing calls to use dynamic cloaking if this capability is supported. Dynamic cloaking means that on each outgoing call, the ORB captures the identity of an impersonated client, if any, and uses this identity for the call. It MUST NOT be used with fAC_STATIC_CLOAKING.

fAC_ANY_AUTHORITY

0x00000080

The ORB is to accept any certificate as a root certificate for the purposes of certificate-based authentication mechanisms if this capability is supported.

fAC_MAKE_FULLSIC

0x00000100

The ORB is to configure the default behavior for its security negotiation mechanism to send security principal names in a format that represents the complete certificate chain if this capability is supported.

fAC_REQUIRE_FULLSIC

0x00000200

The ORB is to prevent its security negotiation mechanisms from sending security principal names in a format that does not represent the complete certificate chain if this capability is supported.

fAC_DISABLE_AAA

0x00001000

The ORB is to configure the default behavior for outgoing activation requests to disallow activation of components that are configured to run as the security identity of the client if this capability is supported.

fAC_NO_CUSTOM_MARSHAL

0x00002000

The ORB is to prevent the use of custom marshalers that are not trusted if this capability is supported.

Server validation: Servers MAY enforce validity constraints.

Client validation: Clients SHOULD pass through the value provided by the client application.