Date: Sat, 6 Dec 1997 10:26:45 -0800
Message-Id: <199712061826.KAA15155@games.eng.sun.com>
From: Li Gong <gong@games.eng.sun.com>
To: Michael Gruebsch <mmg@geogr.uni-jena.de>
Subject: Re: SUGGESTIONS for the POLICY DEFINITION
In-Reply-To: Michael Gruebsch's mail of Thu, 27 November, 1997
Thanks for the comments, and here are short responses.
Michael Gruebsch writes:
> -----------------------------------------------------------------------
> 1. What about an analogous construct to "grant":
>
> deny codeBase "http://www.badhost.com", signedBy "TheMoneyMaker" {
> permission java.io.FilePermission "/home", "read";
> }
We have been considering such "negative" permissions, and have decided
not to support them at this time, due to the complexities involved.
It is likely that we will support this sometime, but exactly how, is
still open. (see the last item below.)
> 2. What about similar constructs to grant/deny permissions to users:
>
> grant user "mmg" {
> permission com.abc.TVPermission "channel-*", "watch";
> }
The notion of "user" is being considered for inclusion, and once that
is done, it is natural that something along such lines will be
introduced.
> I'm getting aware that it is not clear to me who grants permissions
> to whom: The system to the user to the code? Please make this more
> clear in the specification.
The person who set the policy (admin or user or both) grants
permissions to code that is being run.
> 3. Did you define exact rules how to handle inconsistent policies?
Without "negative" permissions, there are no inconsistent policies.
If policy A grants "read" and policy B grants "read,write", they do
not contradict each other, as A does not mean "deny write". Once we
have "negative" permissions, as you suggested, then we would have a
big problem in sorting out inconsistent policies, and in significantly
rewriting access control code, which is part of the complexity I
mentioned earlier.
Thanks again for your comments. Cheers.
Li
-- Li Gong, PhD Java Security Architect and Senior Engineering Manager JavaSoft, Sun Microsystems, Cupertino, California, USA Email: gong@eng.sun.com Web: http://java.sun.com/people/gong Tel: 408-343-1825 and Fax: 408-343-1993