Re: Protection Domains and Principals

Li Gong (gong@games.eng.sun.com)
Wed, 22 Jul 1998 19:12:11 -0700

Date: Wed, 22 Jul 1998 19:12:11 -0700
Message-Id: <199807230212.TAA07440@games.eng.sun.com>
From: Li Gong <gong@games.eng.sun.com>
To: Tobias Christen <christen.tobias@ch.swissbank.com>
Subject: Re: Protection Domains and Principals
In-Reply-To: Tobias Christen's mail of Wed, 15 July, 1998

Before you can add user authentication to the security model, you need
to have a way of dealing with user and their authentication. After
that, you can think of subclassing SecurityManager to include
user-based access control. We are actively working on these issues,
but we have nothing (doc or code) to release at this point -- we will
when we are done. Are you working a product that needs these features
right now? Or just a research project to test ideas?

Li

Tobias Christen writes:
>
>
> Hi!
>
> Li Gong and Roland Schemers announced in their recent paper:
> "Implementing Protection Domains in the JDK 1.2"
> the following outlook to their future plans:
>
> " .... This indirection, where permissions are not granted to classes
> and objects directly, is designed because, in the future, protection
> domains can be further characterized by user authentication and
> delegation so that the same code could obtain different permissions
> when running "on behalf of" different users or principals."
>
> I really appreciate the JDK 1.2 security design, as it finally enables
> us to implicitly protect access to Java objects from the core API,
> without additional source code in the caller. Certainly there are
> many open questions, e.g. how could we delegate user authentication
> (i.e. obtained via SSL) from the application tier to the next tier.
>
> Still, I would like to implement the add-on of user authentication
> to protection domains. Are there any recommondations (from
> Li Gong or Roland Schemers) which classes would have to
> be subclassed / replaced?
>
> My first thought is: - replace Access Controller,
> and subclass ProtectionDomain
>
> Thank you very much for your proposal!
>
> Toby Christen
>
>
>
> --------------------------------------------------------------------
> _/_/_/ _/_/_/ _/_/_/ UBS
> _/ _/ _/ _/ Tobias Christen
> _/_/_/ _/_/_/ _/ Hochstrasse 16 / 4150
> _/ _/ _/ _/ CH-4002 Basel
> _/ _/ _/_/_/ _/_/_/
> Phone: +41 61 288 1795, FAX: ++ 1710
> Advanced Engineering Center mailto:christen.tobias@ch.swissbank.com
> --------------------------------------------------------------------
>