The Artima Developer Community
Sponsored Link

Security Constraints
A Conversation with Bob Scheifler, Part IV
by Bill Venners
July 29, 2002

<<  Page 3 of 7  >>


Collecting Requirements and Preferences

Bill Venners: Both the server and the client provide what constraints they want.

Bob Scheifler: Right. We've got these individual constraints, and now we want to collect them together. We also have this class called SecurityConstraints which is a way to collect constraints together. It collects constraints into two sets, one of which we call requirements and the other preferences. A requirement means this absolutely has to be done for the call. A preference means I'd like this to be done, but it doesn't have to be. An example of a preference might be anonymity. I would like to be anonymous, but if the server insists that I authenticate, that is OK.

Bill Venners: How would I express that with security constraints objects?

Bob Scheifler: If I prefer to be anonymous, I would put ClientAuthentication.NO as a preference. If I want confidentiality, I would put Confidentiality.YES as a preference.

Bill Venners: And if I don't say yes or no, I am saying I don't care.

Bob Scheifler: If you say nothing, you are saying you don't care. You get whatever you get. You get whatever the server decides is the right answer.

<<  Page 3 of 7  >>

Copyright © 1996-2018 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use