geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arnaud Contes <Arnaud.Con...@sophia.inria.fr>
Subject Re: [proactive] AW: secure pot for geronimo JVM
Date Wed, 02 Jun 2004 13:50:13 GMT
First, sorry for the delay, I was very busy these last days.

About the StartSecureNode script and associated classes:
  they were used for tests during pre-release, they should have been 
  removed in the release but the script was not removed ...

The actual, full fledged, way to use security features is through deployment 
descriptor (in XML):
  A secure node can only be created whitin java code, but not with a script
  in the current realease.

Remainders of the main ProActive concepts for deployment:
  - a JVM with a ProActive runtime is called:  a ProActive RunTime (PaRT)
  - a PaRT can have its own security policy
  - a PaRT can host several Nodes at execution
  - each Node can also have its own security policy (of course hierarchically
    linked to its PaRT).

We are not exactly sure about what you need. We believe there are 2 cases:

1. You want to launch a secured JVM with a given application or container
   in it:
   just write a Java class that uses a ProActive XML descriptor to 
   specify the security policy you want. Then start your own code.

2. You want to launch an empty secured JVM, for latter on starting dynamically
   and securely applications in it:
   This cannot be done directly in the current release, we are working on 
   it. 
   (Currently, it can be achieved but with a small ProActive program 
   in the supposed to be empty PaRT.)
   

Let us know some details about your plans and expectations, so we can 
provide effective support.

Regards
Arnaud

hbaxmann wrote:

>> Ok, let's do it the TOFU way  ;-) 
>> 
>> Sorry for beeing so stupid not answering all ...
>> 
>> The security reminds me on the good old e-speak days and the PSE
>> (PersonalSecureEnvironment) of HP. This stuff is kind of alive still on the
>> web at http://bazaar.sis.pitt.edu/. Could be an alternative for the subject,
>> if everything else fails ...
>> 
>> thanks a lot
>> 
>> bax
>> 
>> 
>
>>>>Got it  :-) 
>>>>
>>>>The class referenced by the StartSecureNode script is 
>>>>missing. 
>>>>
>>>>I CC the proactive list to make sure they see your
>>>>post.
>>>>
>>>>thanks,
>>>>Christophe
>>>>
>>>>
>>
>>>>>>-----Original Message-----
>>>>>>From: hbaxmann [mailto:holger@bitwind.org]
>>>>>>Sent: mardi 1 juin 2004 21:27
>>>>>>To: dev@geronimo.apache.org
>>>>>>Subject: AW: secure pot for geronimo JVM
>>>>>>
>>>>>>
>>>>>>Hi Christophe,
>>>>>>
>>>>>>
>>>
>>>>>>>>Holger,
>>>>>>>>
>>>>>>>>ProActive is an open source project from the  INRIA/OASIS
>>>>>>>>lab, the source is available in the download. It is very high

>>>>>>>>tech project that resulted research work conducted by the

>>>>>>>>OASIS group, but the code base has been broadly deployed,
and 
>>>>>>>>the software is now quite mature (see project docs)
>>>>>>>>
>>>
>>>>>>
>>>>>>It is ... as far as I could see ... beautifull  :) 
>>>>>>
>>>>>>
>>>
>>>>>>>>As you can imagine, this kind of project is really driven
by a 
>>>>>>>>single team and CVS was not very  attrative to them as they
were 
>>>>>>>>refactoring quite a lot. SVN is what they need, so we are

>>
>>>>
>>>>setting it 
>>>>
>>
>>>>>>>>up  (does this ring any bell?  :-)  )
>>>>>>>>
>>>
>>>>>>
>>>>>>All of them.
>>>>>>What is the URL?
>>>>>>
>>>>>>
>>>
>>>>>>>>Looking at security, ObjectWeb would be very happy to set-up
>>>>>>>>collaboration on Security with Apache, and we should be able

>>>>>>>>to accomodate licensing for the parts that are of common 
>>>>>>>>interest (change to BSD is what we have already  been able
to 
>>>>>>>>achieve for ASM and JOTM).
>>>>>>>>
>>>
>>>>>>
>>>>>>This does not solve my 
>>>>>>can-not-found-StartSecureNode-in-source-download
>>>>>>problem, or does I not got it.
>>>>>>
>>>>>>I am one of these germans, you know.
>>>>>>
>>>>>>bax
>>>>>>
>>>>>>
>>>
>>>>>>>>Thanks,
>>>>>>>>Christophe
>>>>>>>>
>>>>>>>>Christophe Ney
>>>>>>>>Executive Director
>>>>>>>>ObjectWeb Consortium
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>
>>>>>>>>>>-----Original Message-----
>>>>>>>>>>From: Holger Baxmann [mailto:baxmann@mac.com]
>>>>>>>>>>Sent: lundi 31 mai 2004 23:31
>>>>>>>>>>To: dev@geronimo.apache.org
>>>>>>>>>>Subject: secure pot for geronimo JVM
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>Is anybody aware of the ProActive project?
>>>>>>>>>>
>>>>>>>>>>http://www-sop.inria.fr/oasis/ProActive/
>>>>>>>>>>
>>>>>>>>>>
>>
>>>>
>>>>http://www-sop.inria.fr/oasis/ProActive/doc/api/org/objectweb/proa
>>>>
>>
>>>>>>>>ctive/doc-
>>>>>>>>files/Security.html
>>>>>>>>
>>>>>>>>I am on the way to evaluate it for having a secure, signed,
>>>>>>>>non-vandalising wrapper to have a either paranoid 
>>>>>>>>SecurityManager environment or the default open-door startup

>>>>>>>>environment for gero.
>>>>>>>>
>>>>>>>>Especially StartSecureNode could not be find by me in the
>>>>>>>>(LGPLed) source downloads. AFAIK anonymous cvs is not available.
>>>>>>>>
>>>>>>>>Package names start with org.objectweb - so i was thinking
...
>>>>>>>>
>>>>>>>>thanks alot
>>>>>>>>
>>>>>>>>bax
>>>>>>>>
>>>>>>>>
>>>
>>>>>>
>>>>>>
>
>> 
>> 
>> 
>> ------------------------------------------------------------------------
>> 
>> 



-- 

--------------------------------------------------------------------
Arnaud CONTES - Projet OASIS: joint project CNRS-UNSA-INRIA
PhD Student
Arnaud.Contes@sophia.inria.fr      | INRIA Sophia-Antipolis
Tel    +33 4 92 38 71 62           | 2004, Route des Lucioles
Fax    +33 4 92 38 76 44           | BP 93
                                   | FR-06902 Sophia-Antipolis Cedex
--------------------------------------------------------------------

Mime
View raw message