[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [equinox-dev] osgi permissions.perm file should support the declaration of conditional permissions
|
Pascal we talked a lot about this requirement when we were working on OSGi,
but it was decided that examples such as "the developer knows that a
principal named Admin will get FooPermission" were just too contrived. That
example suggests that the developer is going to hard code a policy that is
normally set by an administrator/user, which in turn assumes some sort of
intimate relationship between the developer and the platform on which it will
be deployed. Allowing such relationships makes things extremely complicated
when later the platform wants to change the policy. The second problem with
the example is that the developer assumes there will even be a principal
named Admin. How would he know that, unless there was an intimate
relationship?
Is eclipse going to make such assumptions? While it can be accommodated and is
rather simple to implement, I'm afraid it will make Java2 security and
policy, which is already complicated enough, much more complicated to
understand. Of course, harder to understand doesn't mean wrong :)
I would be interested in a document that specified the relationship between
the various parties (probably starting with who are the different parties) in
Eclipse. I think that would help motivate the need.
For example, the most simple relationship model would consist of two parties:
the user and the developer who adds to eclipse. With your modification, the
developer could effectively set his own policy, but who is going to setup the
user information that will drive JAAS? If it's the user, how are you going to
make sure that the user sets up the security information in a manner
consistent with the assumptions that the developer makes, which brings you
back to the developer.
ben
On Wednesday 21 September 2005 08:36 am, Pascal Rapicault wrote:
> FYI, I've opened the bug to discuss the annoying osgi limitation of not
> being able to specify conditional permissions in a file.
> See you at: https://bugs.eclipse.org/bugs/show_bug.cgi?id=110192
>
> PaScaL