To ensure the Equinox runtime (and the Eclipse product) is secure, enabling users and administrators to confidently use and deploy products built on it in environments where not all users and/or code sources are friendly. Providing integrated security functionality will allow Equinox and Eclipse-based applications to protect their data, to authenticate and authorize valid users, and to protect against potentially malicious code packaged and distributed as bundles.
|Support user credential management:
When dealing with user's credentials - such as passwords, keys, and certificates - applications need to use some form of secure storage backend for sensitive materials. In the 3.4 release we have added support for 'Secure Storage', a preferences-style interface that can be used to store encrypted data, such as passwords. Support for integrated management of other types of credentials, such as keys and certificates, is intended for a future release.
|Provide an extensible user authentication framework:
In many environments, there are applications which require the user to login before interacting with the system, and provide a different user experience based on the user's login. The Eclipse RCP does not yet support login, and the goal is to provide a framework that will manage the lifecycle of login for an RCP application. Java provides a pluggable system called the Java Authentication and Authorization Service (JAAS), similar to the pluggable authentication module (PAM) systems used in many Linux distributions. In the 3.4 release, we have added support for declarative wiring of JAAS components, a factory for generating context objects for managing login state, and an event model around the lifecycle of login.
|Enable flexible mechanisms for code authorization:
As the Eclipse platform grows as a basis for rich desktop applications, it will become more of a target for authors of malicious viruses. Java provides mechanisms for cryptographically signing Jar files, and ships with a powerful architecture for fine-grained code authorization. Sandboxing is done by enabling a SecurityManager and granting Permissions to application code. Eclipse should provide the ability to enable a SecurityManager and manage Permissions granted to plug-in code via integrated UI. In addition to the fine-grained run-time but resource intensive mechanisms enabled by Java, Eclipse should also explore less granular but potentially more performant and manageable authorization mechanisms - such as checking signatures at bundle install-time, or bundle load-time.
|Integrate with and support security-aware projects:
Several Eclipse projects have already expressed interest in standardized solutions for security fundamentals like the ones listed above. Integrating well with projects like Higgins and the Eclipse Communications Framework is a core goal of the platform security initiative.
We are actively looking for contributors (with or without technology) with interest in this area who are willing to contribute time and resources.