CORBA 1.1 specifies that a Basic Object Adapter should provide a facility for identifying the principal (or user) on whose behalf a request is being performed. The get_principal method, defined by BOA and impleented by SOMOA returns a Principal object, which identifies the caller of a particular method. From this information, an application can perform access control checking.
In CORBA 1.1, the interface to Principal is not defined, and is left up to the ORB implementation. In the current release of DSOM, a Principal object is defined to have two attributes:
userName (string)
Currently, the value of the UserName attribute is obtained from the USER environment variable in the calling process. Likewise, the hostName attribute is obtained from the HOSTNAME environment variable. This facility is intended to provide basic information about the source of a request, and currently, is not based on any specific authentication (i.e., "login") scheme. More rigorous authentication and security mechanisms will be considered for future DSOM implementations.
The IDL prototype for the get_principal method, defined on BOA (SOMOA) is as follows:
Principal get_principal (in SOMDObject obj, in Environment *req_ev);
This call will typically be made either by the target object or by the server object, when a method call is received. The get_principal method uses the Environment structure associated with the request, and an object reference for the target object, to produce a Principal object that define the request initiator.
Note: CORBA 1.1 defines a "tk_Principal" TypeCode which is used to identify the type of Principal object arguments in requests, in case special handling is needed when building the request. Currently, DSOM does not provide any special handling of objects of type "tk_Principal"; they are treated like any other object.