Re: Access Control and Trust

Li Gong (gong@games.eng.sun.com)
Mon, 10 Nov 1997 12:17:53 -0800

Date: Mon, 10 Nov 1997 12:17:53 -0800
Message-Id: <199711102017.MAA21172@games.eng.sun.com>
From: Li Gong <gong@games.eng.sun.com>
To: taskin@mcs.net
Subject: Re: Access Control and Trust
In-Reply-To: Taskin Rahman's mail of Mon, 10 November, 1997

Generally speaking, whatever we put in JDK security, there is bound to
be a more complex security policy that cannot be handled readily (as
built in). For example, how can we figure out what CNN might do to
control TV channel access in the JDK framework. Similar to your
example.

So the idea is to build in a reasonable, typed, parameterised
permission class hierarchy so that ISVs, such as you, could extend and
define your own customized permissions and then control them.

So if there is something built-in that *prevents* you from doing your
customization, we want to hear it asap. Or if there is something so
fundamental or commonly used that we should have it built-in. Otherwise,
we do not plan to extend the built-in security forever to deal with
all possible application scenarios (as we could not achieve that).

Hope this helps.

Li

--
Li Gong, PhD
Java Security Architect and Senior Engineering Manager
JavaSoft, Sun Microsystems, Cupertino, California, USA
Email: gong@eng.sun.com
Web: http://java.sun.com/people/gong
Tel: 408-343-1825 and Fax: 408-343-1993