Return-Path: 
 <dev-return-10355-apmail-airavata-dev-archive=airavata.apache.org@airavata.apache.org>
X-Original-To: apmail-airavata-dev-archive@www.apache.org
Delivered-To: apmail-airavata-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 3AAA910AB2
	for <apmail-airavata-dev-archive@www.apache.org>;
 Thu,  6 Mar 2014 01:19:04 +0000 (UTC)
Received: (qmail 98150 invoked by uid 500); 6 Mar 2014 01:19:03 -0000
Delivered-To: apmail-airavata-dev-archive@airavata.apache.org
Received: (qmail 98103 invoked by uid 500); 6 Mar 2014 01:19:03 -0000
Mailing-List: contact dev-help@airavata.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@airavata.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@airavata.apache.org>
List-Post: <mailto:dev@airavata.apache.org>
List-Id: <dev.airavata.apache.org>
Reply-To: dev@airavata.apache.org
Delivered-To: mailing list dev@airavata.apache.org
Received: (qmail 98096 invoked by uid 99); 6 Mar 2014 01:19:02 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Mar 2014 01:19:02 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: local policy)
Received: from [129.79.1.194] (HELO hartman.uits.indiana.edu) (129.79.1.194)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Mar 2014 01:18:58 +0000
X-IronPort-AV: E=Sophos;i="4.97,596,1389762000";
   d="scan'208";a="118395574"
Received: from mssg-relay.indiana.edu ([129.79.1.73])
  by irpt-internal-relay.indiana.edu with ESMTP; 05 Mar 2014 20:18:37 -0500
Received: from hartman.uits.indiana.edu (hartman.uits.indiana.edu
 [129.79.1.194])
	by mssg-relay.indiana.edu (8.14.7/8.14.4/IU Messaging Team) with ESMTP id
 s261Iapw032729
	for <dev@airavata.apache.org>; Wed, 5 Mar 2014 20:18:37 -0500
X-IronPort-AV: E=Sophos;i="4.97,596,1389762000";
   d="scan'208";a="117848084"
Received: from candy.uits.indiana.edu (HELO mail-relay.iu.edu)
 ([129.79.1.201])
  by irpt-internal-relay.indiana.edu with ESMTP; 05 Mar 2014 20:18:38 -0500
Received: from 156-56-195-46.ssl-vpn.indiana.edu
 (156-56-195-46.ssl-vpn.indiana.edu [156.56.195.46])
	(authenticated bits=0)
	by mail-relay.iu.edu (8.14.7/8.14.4/IU Messaging Team) with ESMTP id
 s261IaIU014812
	for <dev@airavata.apache.org>; Wed, 5 Mar 2014 20:18:37 -0500
Message-ID: <5317CCEB.70007@iu.edu>
Date: Wed, 05 Mar 2014 20:18:35 -0500
From: Marlon Pierce <marpierc@iu.edu>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
 rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: dev@airavata.apache.org
Subject: Re: [GSoC 2014] Project based on XBaya
References: 
 <CACZTvVuqYfNf=7p_oABm0xa8Z4zSbj4nDV9DHADehNgV3eacVw@mail.gmail.com>
	<19335612-7828-4AE4-A32B-3F0FF06DCFFF@apache.org>
 <CACZTvVugkcEOf9YzMexCdk+bk9vrN7h_fdcxX2Rup8s-z35E0Q@mail.gmail.com>
In-Reply-To: 
 <CACZTvVugkcEOf9YzMexCdk+bk9vrN7h_fdcxX2Rup8s-z35E0Q@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

Nice detective work, Nadeem.  We use several self-signed jars in XBaya's
JNLP. We used to sign them during the build process, but I think we
finally just placed the signed jars in the repo. 

Security problems with Java applets and webstart apps may be why the
default permissions have gotten more restrictive, so I suggest being
careful if turning the permissions down.

Marlon

On 3/5/14 6:59 PM, Nadeem Anjum wrote:
> Hi everyone,
>
> This is with reference to Heejon's issue [1] with Xbaya security issue with
> the jre(51).
>
> I was able to recreate this issue on Windows.
>
> When the security level in java control panel is set to very high or high,
> it gives the following error:
> "Your security settings have blocked a *self-signed application* from
> running "
>
> When the security level is set to medium or the application is added to
> exception site list, the application is allowed to run with a warning,
> which displays the *publisher* as "*unknown*"
>
> As per [2], there are two possible reasons for this:
>
> 1. *Jar file missing Permission Attribute*
> 2.* Self signed application* (Certificate not from trusted authority)
>
> I modified the permissions in the main jar adding *permissions:
> all-permissions *in the manifest.mf file, but the problem still persists.
> According to [3], The Permissions attribute is used to verify that the
> permissions level requested by the RIA when it runs matches the permissions
> level that was set when the JAR file was created. *This attribute is
> required in the manifest of the main JAR file for the RIA, secondary JAR
> files and extensions are not required to have the Permissions attribute*.
> If the attribute is not present in the main JAR file, then the RIA is
> blocked
>
> So it appears the problem is not due to missing permissions in third party
> jars.
>
> Rather the problem is apparently due to *self-signed signature*, as when
> providing a self-signed signature (the free kind), the "Publisher" field
> will always say "UNKNOWN" whether or not it is provided when creating the
> signature, as per [4]
>
> Please share your opinion on this issue.
>
> [1]: http://markmail.org/thread/c6exit64mmhhpew7
> [2]: https://www.java.com/en/download/help/java_blocked.xml
> [3]:
> http://download.java.net/jdk8/docs/technotes/guides/jweb/security/manifest.html
> [4]: https://code.google.com/p/jzebra/issues/detail?id=155
>
>
> On Wed, Feb 5, 2014 at 11:47 PM, Suresh Marru <smarru@apache.org> wrote:
>
>> Hi Nadeem,
>>
>> We still did not compile the list of GSoC projects for 2014, but
>> independent of other, I think we certainly can take some help on XBaya and
>> we have major refactoring needs come up. Let me suggest a list of tasks for
>> you to get started.
>>
>> * Can you subscribe to Airavata User Mailing list[1] and help Heejoon with
>> this thread [2]
>>
>> * Heejoon and his advisor Prof. Sun Kim's research group uses XBaya for
>> interacting with Amazon EC2 Resources so better packaging of the JNLP will
>> help them.
>>
>> As for the GSoC project itself, it will involve changing the current XBaya
>> which reads the components in the workflow based on XML Schemas and WSDL's
>> and we need to migrate that using in development thrift based data models.
>> This will require also changes to XBaya communications to registry and
>> workflow interpreter to talk to the new Airavata API. I will clearly
>> elaborate on the GSoC project, but for now, please start with helping
>> Heejoon and understanding the inner workings of 5    and 10 minute
>> tutorials. Stick to Airavata 0.11 version for now. The trunk will be in
>> rapid development over the next few weeks.
>>
>> Suresh
>> [1] - http://airavata.apache.org/community/mailing-lists.html
>> [2] - http://markmail.org/thread/c6exit64mmhhpew7
>> [3] -
>> http://biohealth.snu.ac.kr/wiki/index.php/BioVLab_:_Biology_Virtual_Collaborative_Lab
>>
>> On Feb 5, 2014, at 12:57 PM, Nadeem Anjum <nadeem.cs.iit@gmail.com> wrote:
>>
>>> Hello Everyone,
>>>
>>> Over the last few days I have been going through Airavata codebase. I
>> specifically got interested in XBaya, and it will be great if I could get a
>> chance to work on a project based on XBaya for GSoC 2014
>>> Thanks,
>>> Nadeem
>>