cvs commit: jakarta-avalon-excalibur tabled-discussions.txt

Tue, 23 Jul 2002 07:17:32 -0700 

bloritsch    2002/07/23 07:38:57

  Added:       .        tabled-discussions.txt
  Log:
  add tabled discussions text
  
  Revision  Changes    Path
  1.1                  jakarta-avalon-excalibur/tabled-discussions.txt
  
  Index: tabled-discussions.txt
  ===================================================================
                   TABLED DISCUSSIONS
  
  This document is to record thoughts and points of discussion
  that would otherwise dilute our efforts.  The random thoughts
  listed in here will be brought up on the list when we are done
  talking about the issues already on the table.
  
  
  COMPONENT SECURITY MODEL
  ------------------------
  Currently, there is no formal security model for Avalon or its
  containers.  I think it is an oversight that we need to
  eventually remedy.  A proper security manager would allow us
  to leverage Java's security model to throw security exceptions
  if a component tries to access an unauthorized component.
  It would also allow a security administrator to provide the
  same limitations to all components that implement a certain
  role.
  
  We need to formalize the concepts of trusted and untrusted
  systems, and sandboxing the untrusted components.  That means
  we need to make it easier to use signed components as well
  as allow us to safely try to extend other components.
  
  Another integration is the addition of encrypted configuration
  data.  Certain information like usernames and passwords are
  sensitive information that we don't want to trust the OS access
  restriction model to protect.  There are so many ways of
  getting around that, and so many broken OS's where that
  protection is not trustworthy.
  
  
  CONFIGURATION MANAGER
  ---------------------
  We need a central configuration repository.  Its whole
  responsibility is to check to see if the source configuration
  has been altered, and to notify the container when it has.
  At that time, the container can reconfigure all the components
  at run time.  The contracts are between the container and
  the Configuration manager--not the individual components.
  We also need a way of storing any runtime changes to a
  component's configuration so that we can reinitialize ourselves
  properly the next time.
  
  
  
  

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to