-No Subject-

Vera Plechash (plechash@raleigh.ibm.com)
23 Apr 97 19:15:27

Message-Id: <9704232316.AA0972@rtpnsi03.raleigh.ibm.com>
To: java-security <java-security@web2.javasoft.com>
From: Vera Plechash <plechash@raleigh.ibm.com>
Date: 23 Apr 97 19:15:27
Subject: -No Subject-

Hi,

I just spent some time browsing the Sun web site and it
became obvious to me that there isn't a real crisp/visible document
articulating the real differences between Authenticode
and Sun's Security Model. The very big deal here is Sun's
coming ACL granular control. This needs to be shouted out to
the world, to combat the loud misinformation perpetuated by
"other guys".

You need a marketing sheet, one page, that is similar to MS's
comeback to Sun Security:
(see: http://www.microsoft.com/security/actxclar.htm )

Too many of the Sun descriptions are code listings, very gorpy
programmer-speak stuff that still doesn't get to the issue.

This is the way I see Sun positioned against MS:

Microsoft Sun
------------------ ----------------------
Trusted Signature Trusted VM
Binary yes/no signature check Principle(signer check)
No other checking + Resource access check
Protected Domains
System Class/call
detection
Access Control Lists
Bytecode Verifier

Please! Someone write an easy to use marketing overview of
the advantages of Sun's Security Model... this stuff should not be so
difficult to find! It's amazing to me that even credible analysts are
saying Sun's Security Model does not differ from Microsofts! Not true!
Even if it won't be "fully realized" until the next JDK release...

Sun is a great engineering company... maybe need a few more
marketing spinsters to make sure the (true) messages are "out
there", and easy to comprehend, even by analysts. People
that don't read code.

Regards,
Vera Plechash
Market Analyst
IBM Java Technology,