Date: Fri, 11 Apr 1997 12:00:27 -0700
From: Satish.Dharmaraj@Eng (Satish Dharmaraj)
Message-Id: <199704111900.MAA13142@nine.eng.sun.com>
To: java-security@web2.javasoft.com, spiliou@iceht.forth.gr
Subject: Re: Questions about Access Control in JDK 1.1
> " ... After the principal is verified to be an authenticated user in =
the
> system, the principal might access resources. For each such resource, =
the
> principal might or might not be granted access depending on the=20
permissions
> that are granted to the principal in the ACL that guards the =
resource.The
> ACL itself is independent of the resource that it guards ..."
> I don't understand well the last two sentences. Since an ACL guards a=20
(known
> ?) resourse what is the meaning of the word "independent" in the next=20
sentence?
Well you can think of the ACL as a mechanism to grant or negate =
permissions
to a particular user (i.e principal). The application then associates =
an
ACL to a resource. For example, a file could be a resource with =
permissions
to read, write or execute or a directory could be a resource
with permissions to (list, remove or write). A resource need not be a=20
physical entity - it could be the server with permissions to let=20
servlets (http://java.sun.com/products/java-server/) do things
to a server (i.e for example servlets can be loaded on to a server - so
"loading" is a permission for the server), write/read from =
network=1Betc...=20
An ACL abstraction can be used with all these different kinds of =
resources.
That is why the ACL API is independent of the resource.
> Also I couldn't find an example about what a resource might be and =
which=20
is
> the way an ACL is linked with a resource.
This is left for the application using the ACL to do. So an application=20
that needs to guard a particular resource (like a java object or even a=20
method in a java object) associates an ACL with that resource. This is=20
application specific.
> May I regard that a table of a RDBMS is a resource and which is the =
way=20
to
> link this resource with an ACL? Is this feasible in the context of =
Java=20
or not?
Yes - you can definitely regard an RDBMS table as a resource (a fairly
common usage actually) and associate an ACL with it. This can then guard
access to the table.
One thing with ACL interface in the JDK is that the implementation is=20
currently not included in the JDK. It can be downloaded as part of the=20
JavaServer product from java.sun.com/products/java-server for now.
> Thank you in advance=20
>=20
> Dimitris Blonis=20
Satish