Re: Hypocritical demonstration at JavaOne conference

Marianne Mueller (mrm@Eng)
Mon, 14 Apr 1997 18:42:55 -0700

Date: Mon, 14 Apr 1997 18:42:55 -0700
Message-Id: <199704150142.SAA13630@puffin.eng.sun.com>
From: Marianne Mueller <mrm@Eng>
To: ttran@bmgmusic.com
Subject: Re: Hypocritical demonstration at JavaOne conference

Hi -

Sorry you are offended by the JavaOne demo. I try to take all these
things with a sense of humor and grain of salt.

As for the parallels in security model: I don't think we are doing
the same thing as ActiveX, not at all.

We can build an extended sandbox with flexible policies on top of the
sandbox, *because* we can enforce a sandbox.

I don't believe a native code C/C++ embedded content model can
accomplish this. I don't think such a model can provide non-trivial
configurable policies. In fact, the folks who are doing such a model
have stated publically that they cannot implement the sandbox
approach. Please check out their web site for info on that!

Please check out these URLs for info on Java security:

1. Slides from JavaOne

http://java.sun.com/javaone/sessions/slides/TT03/index.html

2. Handout from JavaOne

http://java.sun.com/security/handout.html

3. Compcon 97 extended abstract

http://java.sun.com/security/compcon97.ps

Peace,
Marianne
JavaSoft engineering, security