From: spiliou@iceht.forth.gr
Date: Fri, 11 Apr 97 12:55:33 +0300
Message-Id: <9704110955.AA01822@terpsi.iceht.forth.gr>
To: java-security@web2.javasoft.com
Subject: Questions about Access Control in JDK 1.1
Hi all,
I 'm working for an Information consultant company in Greece, and I'm intresting
to learn more details about Java Security. In your document with title
"Security in JDK 1.1" and subtitle "Access Control Abstractions" you have
written
" ... After the principal is verified to be an authenticated user in the
system, the principal might access resources. For each such resource, the
principal might or might not be granted access depending on the permissions
that are granted to the principal in the ACL that guards the resource.The
ACL itself is independent of the resource that it guards ..."
I don't understand well the last two sentences. Since an ACL guards a (known
?) resourse what is the meaning of the word "independent" in the next sentence?
Also I couldn't find an example about what a resource might be and which is
the way an ACL is linked with a resource.
May I regard that a table of a RDBMS is a resource and which is the way to
link this resource with an ACL? Is this feasible in the context of Java or not?
Thank you in advance
Dimitris Blonis