|
The RNAME used to connect
to Nirvana is a string very similar to a URL, which
facilitates specifying all the necessary parameters
required to connect to a Nirvana Realm.
An RNAME string looks like:
<wire protocol> :// <hostname> :< port>,
<wire protocol> :// <hostname> : <port>
etc
where <wire protocol> can be one of the 4 available
wire protocol identifiers nsp (socket), nhp (HTTP),
nsps (SSL) and nhps(HTTPS).
|
Supported Protocols
The current version of the Nirvana Realm and the Nirvana
client API supports 4 TCP wire protocols. These are
the Nirvana Socket Protocol (nsp), the Nirvana
HTTP Protocol (nhp), the Nirvana SSL Protocol
(nsps) and the Nirvana HTTPS protocol (nhps).
These wire protocols are available wherever a connection
is required, i.e. client to Realm and Realm to Realm.
Socket protocol
The Nirvana Socket Protocol (NSP) uses plain TCP sockets
and the user@host authentication mechanism. This means
that when you connect to a Nirvana Realm you will be identified
as the user logged on in the client machine @ the interface
you specified in the RNAME string. For example if you
are logged on as user fred and you specify an RNAME string
equal to nsp://realm.my-Channels.com:9000 then your session
will be identified as fred@realm.my-Channels.com . Note
however that if you were running the client application
on the same machine as the Nirvana Realm and decided to
use the localhost interface in your RNAME string, you
would be identified as fred@localhost that is a different
credential. The Realm and channel Access
Control Lists (ACL) checks will be performed against
that credential so be careful when choosing an RNAME value.
It is suggested that you use this wire protocol for your
initial evaluation with Nirvana, as it is the easiest
to use and provides the highest performance.
HTTP protocol
The Nirvana HTTP (NHP) Protocol uses an internal implementation
of an HTTP stack running on top of plain TCP sockets
and the user@host authentication mechanism. This wire
protocol was specifically designed to provide access
to Nirvana applications running behind single or multiple
firewall layers or on private address range (NAT) networks
and wanting to publish / subscribe to Realms running
on the internet or another corporation’s DMZ.
This implies that there is no requirement for a web
server, proxy, servlet engine or port redirector on
your firewall to take advantage of the flexibility that
the Nirvana HTTP Protocol offers. The protocol also
supports the use of HTTP proxy servers, with or without
proxy user authentication. Finally the authentication
mechanism has the same characteristics as with the Nirvana
Socket Protocol.
SSL protocol
The Nirvana SSL (NSPS) Protocol uses SSL sockets and
the X509 email address attribute as a credential for the
authentication mechanism. The protocol provides all the
benefits of the Nirvana Socket Protocol combined with
encrypted communications and strong authentication. Using
Sun’s Java Secure Socket Extensions (JSSE) provides
the SSL functionality. This needs to be installed separately
from Nirvana. For more information about this please see
the Nirvana
JSSE Guide.
HTTPS protocol
The Nirvana HTTPS (NHPS) Protocol uses an internal implementation
of an HTTP stack running on top of SSL sockets. As with
the Nirvana SSL Protocol, the X509 email attribute is
used as the credential for the authentication mechanism,
after of course a successful SSL handshake has completed.
The protocol offers all the benefits of the Nirvana HTTP
Protocol combined with encrypted communications and strong
authentication. Using Sun’s Java Secure Socket Extension
(JSSE) standard provides the SSL functionality. This needs
to be installed separately from Nirvana. For more information
about this please see the Nirvana
JSSE Guide. |
| |
| |
