Protection Domains and Principals

Tobias Christen (christen.tobias@ch.swissbank.com)
Wed, 15 Jul 1998 16:27:06 +0200

Message-Id: <9807151430.AA01566@chbslu08>
Date: Wed, 15 Jul 1998 16:27:06 +0200
To: java-security@java.sun.com
From: Tobias Christen <christen.tobias@ch.swissbank.com>
Subject: Protection Domains and Principals

Hi!

Li Gong and Roland Schemers announced in their recent paper:
"Implementing Protection Domains in the JDK 1.2"
the following outlook to their future plans:

" .... This indirection, where permissions are not granted to classes
and objects directly, is designed because, in the future, protection
domains can be further characterized by user authentication and
delegation so that the same code could obtain different permissions
when running "on behalf of" different users or principals."

I really appreciate the JDK 1.2 security design, as it finally enables
us to implicitly protect access to Java objects from the core API,
without additional source code in the caller. Certainly there are
many open questions, e.g. how could we delegate user authentication
(i.e. obtained via SSL) from the application tier to the next tier.

Still, I would like to implement the add-on of user authentication
to protection domains. Are there any recommondations (from
Li Gong or Roland Schemers) which classes would have to
be subclassed / replaced?

My first thought is: - replace Access Controller,
and subclass ProtectionDomain

Thank you very much for your proposal!

Toby Christen

--------------------------------------------------------------------
_/_/_/ _/_/_/ _/_/_/ UBS
_/ _/ _/ _/ Tobias Christen
_/_/_/ _/_/_/ _/ Hochstrasse 16 / 4150
_/ _/ _/ _/ CH-4002 Basel
_/ _/ _/_/_/ _/_/_/
Phone: +41 61 288 1795, FAX: ++ 1710
Advanced Engineering Center mailto:christen.tobias@ch.swissbank.com
--------------------------------------------------------------------