Return-Path: 
 <jdo-dev-return-6754-apmail-db-jdo-dev-archive=www.apache.org@db.apache.org>
Delivered-To: apmail-db-jdo-dev-archive@www.apache.org
Received: (qmail 44460 invoked from network); 6 Nov 2007 00:12:39 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 6 Nov 2007 00:12:39 -0000
Received: (qmail 7604 invoked by uid 500); 6 Nov 2007 00:12:27 -0000
Mailing-List: contact jdo-dev-help@db.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:jdo-dev-help@db.apache.org>
List-Unsubscribe: <mailto:jdo-dev-unsubscribe@db.apache.org>
List-Post: <mailto:jdo-dev@db.apache.org>
List-Id: <jdo-dev.db.apache.org>
Reply-To: jdo-dev@db.apache.org
Delivered-To: mailing list jdo-dev@db.apache.org
Received: (qmail 7593 invoked by uid 99); 6 Nov 2007 00:12:27 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Nov 2007 16:12:27 -0800
X-ASF-Spam-Status: No, hits=1.2 required=10.0
	tests=SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (nike.apache.org: local policy)
Received: from [68.142.200.253] (HELO smtp105.biz.mail.mud.yahoo.com)
 (68.142.200.253)
    by apache.org (qpsmtpd/0.29) with SMTP; Tue, 06 Nov 2007 00:12:58 +0000
Received: (qmail 89884 invoked from network); 6 Nov 2007 00:12:06 -0000
Received: from unknown (HELO ?192.168.99.103?)
 (matthew@matthewadams.org@131.191.67.190 with plain)
  by smtp105.biz.mail.mud.yahoo.com with SMTP; 6 Nov 2007 00:12:06 -0000
X-YMail-OSG: 
 rt68Mo8VM1nC.R0NlgM3CFjMnQXu1tt9_DX2TulzEA3tnTbWO8Q6oL.Pf8KTVC3JWB.5DYn8lA--
In-Reply-To: <001b01c81fe8$87b46780$971d3680$@org>
References: <001b01c81fe8$87b46780$971d3680$@org>
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <D80D17EE-26EF-4228-B7A3-FC317B4804D3@matthewadams.org>
Cc: jdo-dev@db.apache.org,
 jdo-experts-ext@sun.com
Content-Transfer-Encoding: 7bit
From: Matthew Adams <matthew@matthewadams.org>
Subject: Re: jdo security revamped proposal
Date: Mon, 5 Nov 2007 16:12:04 -0800
To: Erik Bengtson <erik@jpox.org>
X-Mailer: Apple Mail (2.752.3)
X-Virus-Checked: Checked by ClamAV on apache.org

Hi Erik,

While I think this is an ingenious use of Java platform security, I  
can't see it in the 2.1 timeframe.

Even if we consider it for a later release, I am not convinced that  
this should be **the** way to secure PC instances.  This proposal  
doesn't clearly address, IMHO, the case where you may want to support  
a use case wherein a domain object itself represents a principal, so  
that you can dynamically assign permissions at runtime.  For example,  
I don't see how you can use this proposal to enforce that the User  
instance associated with Person "Bob" represents a principal, and  
when the principal of the security context of the current thread is  
Bob's User instance, he can access all salary and wage fields of all  
Employment instances.

Further, is there a way to explicitly **deny** access to a particular  
PC?  For example, I don't see how you can use this proposal to  
enforce that the User instance associated with Person "Bob"  
represents a principal, and when the principal of the security  
context of the current thread is Bob's User instance, he can access  
all salary and wage fields of all Employment instances except those  
associated with Employee instances associated with Person instances  
"Sally" and "Joe".

As a bit of positive feedback, I would suggest ditching XPath for  
some kind of "OPath" (JDOPath?) that supports indexing collections  
and maps (dots instead of slashes, square bracket operators for list/ 
map indexing).

-matthew

On Nov 5, 2007, at 12:14 PM, Erik Bengtson wrote:

> Hi,
>
> After negative feedback, I have a different proposal for securing JDO
> resources.
> Different from my initial proposal using declarative security  
> (XML), here I
> propose using the standard java security.
> The example is self-explaining:
>
> --- Persistent Class sample:
> package com.petstore;
>
> class Pet
> {
>    String name;
> }
>
> --- Security policy sample:
>
> grant principal "bart"
> {
> permission javax.jdo.spi.JDODataPermission "/com/petstore/Pet 
> [@name='dog']",
> "read,write";
> }
>
> grant
> {
> permission javax.jdo.spi.JDODataPermission "/com/package", "read";
> permission javax.jdo.spi.JDODataPermission "/com/petstore/Pet",  
> "read";
> };
>
> --- javax.jdo.spi.JDODataPermission:
>
> javax.jdo.spi.JDODataPermission(String name, String actions);
>
> --- PMF/System property that will enable/disable security checks by  
> the JDO
> implementation
> javax.jdo.security.manager=false|true
>
> The only particularity of my proposal is the name argument for
> JDODataPermission that uses Xpath.
>
> Regards,
>
>
>
>
>
>
>
>