river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Firmstone <j...@zeus.net.au>
Subject A Question about PermissionDomain's ClassLoader's and User Authentication
Date Thu, 04 Feb 2010 06:23:40 GMT
I want to load Marshalled Objects from different locations with 
identical bytecode into the same ClassLoader, I want to do this using 
codebase services and OSGi, which gives me another level of indirection 
and a richer security model with Condition's

PermissionDomain has a 1:1 relationship with ClassLoader

Trust Verifiication.

Identity and Authentication.

What distinguishes different services (from different remote locations 
and domains) utilising the same ClassLoader, PermissionDomain and bytecode?

Principals.

I wonder if Conditions can apply to Principals? Such that when a proxy 
has lost connection with its service node, the Condition denies a 
Principal relating to that proxy any Permission, until the Service can 
be asked to verify it's proxy again?  I was thinking that the proxy 
itself doesn't attempt to find its lost service, instead that would be 
done by a new JERI Endpoint implementation, to do that the Endpoint 
needs to know the Service's Identity.

Any OSGi guru's out there?

So we have Permissions being granted at different levels and we have 
Conditions that make those Permissions Dynamic:

Principal - Can I trust the service?  Can I grant it a Permission?  What 
are the current Conditions?
PermissionDomain & ClassLoader - relates to the Code Signer (which may 
be different to the Service Principal).  Do I trust the bytecode?  If I 
do, the bundle tells me the Permissions required to execute that bytecode.

Lets imagine for a moment, were happily using a Service, and suddenly it 
throws a RemoteException, after some a wait period, we retry, the 
service hasn't returned, so do we ask the JERI Endpoint to find the 
service?  Or does the JERI Endpoint catch the exception and try to find 
it itself? The Endpoint finds the service based on identity, it has 
moved, we must re verify our Trust because the Conditions have changed.  
So now we must catch a Permission denied exception, and go through the 
re-verification process.

Does Bob Scheifler still watch the list?  Anyone know where I can find Bob?


Mime
View raw message