SUGGESTIONS for the POLICY DEFINITION

Michael Gruebsch (mmg@geogr.uni-jena.de)
Thu, 27 Nov 1997 11:25:18 +0100

Date: Thu, 27 Nov 1997 11:25:18 +0100
From: Michael Gruebsch <mmg@geogr.uni-jena.de>
To: java-security@web2.javasoft.com
Subject: SUGGESTIONS for the POLICY DEFINITION

Hi,

after reading the early access specification Java Security Architecture
1.2 (Draft Revision 0.7) I want to make some remarks regarding
the definition of policies:

-----------------------------------------------------------------------
1. What about an analogous construct to "grant":

deny codeBase "http://www.badhost.com", signedBy "TheMoneyMaker" {
permission java.io.FilePermission "/home", "read";
}

to restrict a granted permission

grant signedBy "TheMoneyMaker" {
permission java.io.FilePermission "/home", "read";
}

For example: you are trust in code made by "TheMoneymaker" but the
BadHost company is suspected to bought the code from "TheMoneyMaker"
company to abuse it.

This additional construct would make the writing of policies more
flexible.

-----------------------------------------------------------------------
2. What about similar constructs to grant/deny permissions to users:

grant user "mmg" {
permission com.abc.TVPermission "channel-*", "watch";
}

deny user "mmg" {
permission com.abc.TVPermission "channel-6", "watch";
}

A similar example would be if an applet alows to access an employee
database where each person is allowed to read it while only the
managers are allowed to modify it (example taken from the IIAS in
Berlin!)

I'm getting aware that it is not clear to me who grants permissions
to whom: The system to the user to the code? Please make this more
clear in the specification.

-----------------------------------------------------------------------
3. Did you define exact rules how to handle inconsistent policies?

Assume a system policy file with

grant {
permission java.io.FilePermission "/home", "read";
}

and a user policy file

grant {
permission java.io.FilePermission "/", "read,write";
}

-----------------------------------------------------------------------
4. What do you think about these remarks? - Michael

-- mmg@geogr.uni-jena.de ----------------------------------------- >8 --