On Tue, Aug 9, 2011 at 2:35 PM, Chris Palmer <[email protected]> wrote: > On Aug 9, 2011, at 11:24 AM, Brian Carlstrom wrote: > >> I'm somewhat familiar with Kerberos having ported it across more traditional >> OS's in my youth, but have little experience with it in a Java environment, >> and have not thought out the general issues that might be present when each >> app runs in an independent UID with regard to how ticket management etc >> might work. > > I suppose you could have the Kerberos network client app be a Service to > other apps on the Android device, and proxy their requests for tickets. > > The status quo for traditional operating systems, in which all Kerberos-using > clients get different tickets granting different network privileges yet all > run as the same UID and thus can steal from each other, would be sub-par for > Android. The Kerberos client app could enforce a policy such as "give other > clients only the ticket(s) they previously asked for (and presented > credentials for)", thus achieving Android-like privilege separation. >
Thanks Chris, One of the things we need to learn about is the privilges-model used in Android. We know that certain features of Kerberos 1.9 (eg. forwardable tickets or proxiable tickets) may not be fully suitable for Android and the Dalvik architecture. Perhaps you can help us with pointers. /thomas/ -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
