diff options
Diffstat (limited to 'qpid/doc/book/src/Qpid-Interoperability-Documentation.xml')
-rw-r--r-- | qpid/doc/book/src/Qpid-Interoperability-Documentation.xml | 377 |
1 files changed, 377 insertions, 0 deletions
diff --git a/qpid/doc/book/src/Qpid-Interoperability-Documentation.xml b/qpid/doc/book/src/Qpid-Interoperability-Documentation.xml new file mode 100644 index 0000000000..74546693df --- /dev/null +++ b/qpid/doc/book/src/Qpid-Interoperability-Documentation.xml @@ -0,0 +1,377 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section role="h2" id="QpidInteroperabilityDocumentation-QpidInteroperabilityDocumentation"> + <title>Qpid Interoperability Documentation</title> + + <para> + This page documents the various interoperable features of the + Qpid clients. + </para> + <section role="h3" id="QpidInteroperabilityDocumentation-SASL"><title> + SASL + </title> + + <para> + + </para> + <section role="h4" id="QpidInteroperabilityDocumentation-StandardMechanisms"><title> + Standard + Mechanisms + </title> + + <para> + <ulink url="http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer#SASL_mechanisms"/> + </para><para> + This table list the various SASL mechanisms that each component + supports. The version listed shows when this + functionality was added to the product. + </para><table><title>SASL Mechanism Support</title><tgroup cols="7"> + <tbody> + <row> + <entry> + Component + </entry> + <entry> + ANONYMOUS + </entry> + <entry> + CRAM-MD5 + </entry> + <entry> + DIGEST-MD5 + </entry> + <entry> + EXTERNAL + </entry> + <entry> + GSSAPI/Kerberos + </entry> + <entry> + PLAIN + </entry> + </row> + <row> + <entry> + C++ Broker + </entry> + <entry> + M3[<xref linkend="QpidInteroperabilityDocumentation-1"/>] + </entry> + <entry> + M3[<xref linkend="QpidInteroperabilityDocumentation-1"/>,<xref linkend="QpidInteroperabilityDocumentation-2"/>] + </entry> + <entry> + + </entry> + <entry> + + </entry> + <entry> + M3[<xref linkend="QpidInteroperabilityDocumentation-1"/>,<xref linkend="QpidInteroperabilityDocumentation-2"/>] + </entry> + <entry> + M1 + </entry> + </row> + <row> + <entry> + C++ Client + </entry> + <entry> + M3[<xref linkend="QpidInteroperabilityDocumentation-1"/>] + </entry> + <entry> + + </entry> + <entry> + + </entry> + <entry> + + </entry> + <entry> + + </entry> + <entry> + M1 + </entry> + </row> + <row> + <entry> + Java Broker + </entry> + <entry> + + </entry> + <entry> + M1 + </entry> + <entry> + + </entry> + <entry> + + </entry> + <entry> + + </entry> + <entry> + M1 + </entry> + </row> + <row> + <entry> + Java Client + </entry> + <entry> + + </entry> + <entry> + M1 + </entry> + <entry> + + </entry> + <entry> + + </entry> + <entry> + + </entry> + <entry> + M1 + </entry> + </row> + <row> + <entry> + .Net Client + </entry> + <entry> + M2 + </entry> + <entry> + M2 + </entry> + <entry> + M2 + </entry> + <entry> + M2 + </entry> + <entry> + + </entry> + <entry> + M2 + </entry> + </row> + <row> + <entry> + Python Client + </entry> + <entry> + + </entry> + <entry> + + </entry> + <entry> + + </entry> + <entry> + + </entry> + <entry> + + </entry> + <entry> + ? + </entry> + </row> + <row> + <entry> + Ruby Client + </entry> + <entry> + + </entry> + <entry> + + </entry> + <entry> + + </entry> + <entry> + + </entry> + <entry> + + </entry> + <entry> + ? + </entry> + </row> + </tbody> + </tgroup></table> + + <para id="QpidInteroperabilityDocumentation-1"> + 1: Support for these will be in M3 (currently available on + trunk). + </para> + + <para id="QpidInteroperabilityDocumentation-2">2: C++ Broker uses <ulink url="http://freshmeat.net/projects/cyrussasl/">Cyrus SASL</ulink> which + supports CRAM-MD5 and GSSAPI but these have not been tested yet + </para> +<!--h4--></section> + + <section role="h4" id="QpidInteroperabilityDocumentation-CustomMechanisms"><title> + Custom + Mechanisms + </title> + + <para> + There have been some custom mechanisms added to our + implementations. + </para><table><title>SASL Custom Mechanisms</title><tgroup cols="3"> + <tbody> + <row> + <entry> + Component + </entry> + <entry> + AMQPLAIN + </entry> + <entry> + CRAM-MD5-HASHED + </entry> + </row> + <row> + <entry> + C++ Broker + </entry> + <entry> + + </entry> + <entry> + + </entry> + </row> + <row> + <entry> + C++ Client + </entry> + <entry> + + </entry> + <entry> + + </entry> + </row> + <row> + <entry> + Java Broker + </entry> + <entry> + M1 + </entry> + <entry> + M2 + </entry> + </row> + <row> + <entry> + Java Client + </entry> + <entry> + M1 + </entry> + <entry> + M2 + </entry> + </row> + <row> + <entry> + .Net Client + </entry> + <entry> + + </entry> + <entry> + + </entry> + </row> + <row> + <entry> + Python Client + </entry> + <entry> + M2 + </entry> + <entry> + + </entry> + </row> + <row> + <entry> + Ruby Client + </entry> + <entry> + M2 + </entry> + <entry> + + </entry> + </row> + </tbody> + </tgroup></table> + + <section><title>AMQPLAIN</title> + <para/> + </section> + + <section><title>CRAM-MD5-HASHED</title> + <para> + The Java SASL implementations require that you have the password + of the user to validate the incoming request. This then means + that the user's password must be stored on disk. For this to be + secure either the broker must encrypt the password file or the + need for the password being stored must be removed. + </para><para> + The CRAM-MD5-HASHED SASL plugin removes the need for the plain + text password to be stored on disk. The mechanism defers all + functionality to the build in CRAM-MD5 module the only change is + on the client side where it generates the hash of the password + and uses that value as the password. This means that the Java + Broker only need store the password hash on the file system. + While a one way hash is not very secure compared to other forms + of encryption in environments where the having the password in + plain text is unacceptable this will provide and additional layer + to protect the password. In particular this offers some + protection where the same password may be shared amongst many + systems. It offers no real extra protection against attacks on + the broker (the secret is now the hash rather than the password). + </para> + </section> +<!--h4--></section> +<!--h3--></section> +<!--h2--></section> |