Date: Mon, 14 Jul 1997 22:51:05 -0700 (PDT)
From: "Owen Densmore, Technology Explorations" <Owen.Densmore@Eng>
Subject: Login?
To: java-security@java.eng.sun.com
The JDK 1.1 introduces interesting crypto and security mechanisms, and
the JDK 1.2 enhances this with protection domains and other additional
facilities.
However, I'm having difficulty getting the "big picture", which I
believe would be considered policy rather than mechanism.
For example, how do I "login" .. i.e. how do I authenticate a user?
I'm sure the mechanisms help, but I don't think I could define the
life-cycle of either users or objects (files, connections,
applets/applications) with reguard to their security properties. I'm
not sure how name services and other autonomous facilites engage in a
secure transaction involving a user, a program and service data.
Within the Unix world, this was fairly completely defined, and recently
augmented with Kerbos and secure policies for services. But I don't
yet see the emerging picture for Java and the much more open Internet.
Any pointers or suggestions? I'm primarily concerned with the
deployment of 100% Java systems (JavaServer, JavaStation) within a
large enterprise (Sun Microsystems 3000 JavaStation deployment project)
A secondary interest is exposing that closed environment to Internet
access thru a firewall using JavaServer based application bridges.
In order to plan for ambitious Java deployment such as this, it would
help considerably to have a good understanding of proposed policys.
Owen
BTW: The hypermail archive is quite useful, thanks!