Re: Protection Domains and Principals

Tobias Christen (christen.tobias@ch.swissbank.com)
Thu, 23 Jul 1998 09:48:12 +0200

Message-Id: <9807230751.AA04540@chbslu08>
Date: Thu, 23 Jul 1998 09:48:12 +0200
To: java-security@java.Sun.COM
From: Tobias Christen <christen.tobias@ch.swissbank.com>
Subject: Re: Protection Domains and Principals

We do have an infrastructure which provides
strong authentication and the propagation of
the corresponding info to the server tier.

Until now we employed implementations of the java.security.acl.*
interfaces for ACL based authorization. From the fact that
the Permission class in java.security doesn't implement
the java.security.acl.Permission interface I concluded
that your architecture shift will make the whole
java.security.acl.* in the long term redundant (deprecated?).

I would like to bring in as much as possible of your plans.
If you tell me that your work is still miles away than I
probably make it a research project and stay with the
java.security.acl based implementation we had until
now.

Cheers
Toby

At 07:12 PM 7/22/98 -0700, you wrote:
>
>Before you can add user authentication to the security model, you need
>to have a way of dealing with user and their authentication. After
>that, you can think of subclassing SecurityManager to include
>user-based access control. We are actively working on these issues,
>but we have nothing (doc or code) to release at this point -- we will
>when we are done. Are you working a product that needs these features
>right now? Or just a research project to test ideas?
>
>Li
>
>Tobias Christen writes:
>>
>>
>> Hi!
>>
>> Li Gong and Roland Schemers announced in their recent paper:
>> "Implementing Protection Domains in the JDK 1.2"
>> the following outlook to their future plans:
>>
>> " .... This indirection, where permissions are not granted to classes
>> and objects directly, is designed because, in the future, protection
>> domains can be further characterized by user authentication and
>> delegation so that the same code could obtain different permissions
>> when running "on behalf of" different users or principals."
>>
>> I really appreciate the JDK 1.2 security design, as it finally enables
>> us to implicitly protect access to Java objects from the core API,
>> without additional source code in the caller. Certainly there are
>> many open questions, e.g. how could we delegate user authentication
>> (i.e. obtained via SSL) from the application tier to the next tier.
>>
>> Still, I would like to implement the add-on of user authentication
>> to protection domains. Are there any recommondations (from
>> Li Gong or Roland Schemers) which classes would have to
>> be subclassed / replaced?
>>
>> My first thought is: - replace Access Controller,
>> and subclass ProtectionDomain
>>
>> Thank you very much for your proposal!
>>
>> Toby Christen