summaryrefslogtreecommitdiff
path: root/qpid/doc/book/src/Qpid-Interoperability-Documentation.xml
diff options
context:
space:
mode:
Diffstat (limited to 'qpid/doc/book/src/Qpid-Interoperability-Documentation.xml')
-rw-r--r--qpid/doc/book/src/Qpid-Interoperability-Documentation.xml377
1 files changed, 377 insertions, 0 deletions
diff --git a/qpid/doc/book/src/Qpid-Interoperability-Documentation.xml b/qpid/doc/book/src/Qpid-Interoperability-Documentation.xml
new file mode 100644
index 0000000000..74546693df
--- /dev/null
+++ b/qpid/doc/book/src/Qpid-Interoperability-Documentation.xml
@@ -0,0 +1,377 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+
+<section role="h2" id="QpidInteroperabilityDocumentation-QpidInteroperabilityDocumentation">
+ <title>Qpid Interoperability Documentation</title>
+
+ <para>
+ This page documents the various interoperable features of the
+ Qpid clients.
+ </para>
+ <section role="h3" id="QpidInteroperabilityDocumentation-SASL"><title>
+ SASL
+ </title>
+
+ <para>
+
+ </para>
+ <section role="h4" id="QpidInteroperabilityDocumentation-StandardMechanisms"><title>
+ Standard
+ Mechanisms
+ </title>
+
+ <para>
+ <ulink url="http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer#SASL_mechanisms"/>
+ </para><para>
+ This table list the various SASL mechanisms that each component
+ supports. The version listed shows when this
+ functionality was added to the product.
+ </para><table><title>SASL Mechanism Support</title><tgroup cols="7">
+ <tbody>
+ <row>
+ <entry>
+ Component
+ </entry>
+ <entry>
+ ANONYMOUS
+ </entry>
+ <entry>
+ CRAM-MD5
+ </entry>
+ <entry>
+ DIGEST-MD5
+ </entry>
+ <entry>
+ EXTERNAL
+ </entry>
+ <entry>
+ GSSAPI/Kerberos
+ </entry>
+ <entry>
+ PLAIN
+ </entry>
+ </row>
+ <row>
+ <entry>
+ C++ Broker
+ </entry>
+ <entry>
+ M3[<xref linkend="QpidInteroperabilityDocumentation-1"/>]
+ </entry>
+ <entry>
+ M3[<xref linkend="QpidInteroperabilityDocumentation-1"/>,<xref linkend="QpidInteroperabilityDocumentation-2"/>]
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+ M3[<xref linkend="QpidInteroperabilityDocumentation-1"/>,<xref linkend="QpidInteroperabilityDocumentation-2"/>]
+ </entry>
+ <entry>
+ M1
+ </entry>
+ </row>
+ <row>
+ <entry>
+ C++ Client
+ </entry>
+ <entry>
+ M3[<xref linkend="QpidInteroperabilityDocumentation-1"/>]
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+ M1
+ </entry>
+ </row>
+ <row>
+ <entry>
+ Java Broker
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+ M1
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+ M1
+ </entry>
+ </row>
+ <row>
+ <entry>
+ Java Client
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+ M1
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+ M1
+ </entry>
+ </row>
+ <row>
+ <entry>
+ .Net Client
+ </entry>
+ <entry>
+ M2
+ </entry>
+ <entry>
+ M2
+ </entry>
+ <entry>
+ M2
+ </entry>
+ <entry>
+ M2
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+ M2
+ </entry>
+ </row>
+ <row>
+ <entry>
+ Python Client
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+ ?
+ </entry>
+ </row>
+ <row>
+ <entry>
+ Ruby Client
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+ ?
+ </entry>
+ </row>
+ </tbody>
+ </tgroup></table>
+
+ <para id="QpidInteroperabilityDocumentation-1">
+ 1: Support for these will be in M3 (currently available on
+ trunk).
+ </para>
+
+ <para id="QpidInteroperabilityDocumentation-2">2: C++ Broker uses <ulink url="http://freshmeat.net/projects/cyrussasl/">Cyrus SASL</ulink> which
+ supports CRAM-MD5 and GSSAPI but these have not been tested yet
+ </para>
+<!--h4--></section>
+
+ <section role="h4" id="QpidInteroperabilityDocumentation-CustomMechanisms"><title>
+ Custom
+ Mechanisms
+ </title>
+
+ <para>
+ There have been some custom mechanisms added to our
+ implementations.
+ </para><table><title>SASL Custom Mechanisms</title><tgroup cols="3">
+ <tbody>
+ <row>
+ <entry>
+ Component
+ </entry>
+ <entry>
+ AMQPLAIN
+ </entry>
+ <entry>
+ CRAM-MD5-HASHED
+ </entry>
+ </row>
+ <row>
+ <entry>
+ C++ Broker
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ </row>
+ <row>
+ <entry>
+ C++ Client
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ </row>
+ <row>
+ <entry>
+ Java Broker
+ </entry>
+ <entry>
+ M1
+ </entry>
+ <entry>
+ M2
+ </entry>
+ </row>
+ <row>
+ <entry>
+ Java Client
+ </entry>
+ <entry>
+ M1
+ </entry>
+ <entry>
+ M2
+ </entry>
+ </row>
+ <row>
+ <entry>
+ .Net Client
+ </entry>
+ <entry>
+  
+ </entry>
+ <entry>
+  
+ </entry>
+ </row>
+ <row>
+ <entry>
+ Python Client
+ </entry>
+ <entry>
+ M2
+ </entry>
+ <entry>
+  
+ </entry>
+ </row>
+ <row>
+ <entry>
+ Ruby Client
+ </entry>
+ <entry>
+ M2
+ </entry>
+ <entry>
+  
+ </entry>
+ </row>
+ </tbody>
+ </tgroup></table>
+
+ <section><title>AMQPLAIN</title>
+ <para/>
+ </section>
+
+ <section><title>CRAM-MD5-HASHED</title>
+ <para>
+ The Java SASL implementations require that you have the password
+ of the user to validate the incoming request. This then means
+ that the user's password must be stored on disk. For this to be
+ secure either the broker must encrypt the password file or the
+ need for the password being stored must be removed.
+ </para><para>
+ The CRAM-MD5-HASHED SASL plugin removes the need for the plain
+ text password to be stored on disk. The mechanism defers all
+ functionality to the build in CRAM-MD5 module the only change is
+ on the client side where it generates the hash of the password
+ and uses that value as the password. This means that the Java
+ Broker only need store the password hash on the file system.
+ While a one way hash is not very secure compared to other forms
+ of encryption in environments where the having the password in
+ plain text is unacceptable this will provide and additional layer
+ to protect the password. In particular this offers some
+ protection where the same password may be shared amongst many
+ systems. It offers no real extra protection against attacks on
+ the broker (the secret is now the hash rather than the password).
+ </para>
+ </section>
+<!--h4--></section>
+<!--h3--></section>
+<!--h2--></section>
View Lorry Controller Status