On Saturday 03 April 2004 17:53, Nader Aeinehchi wrote: > 1. Would it be an idea to build in security in default kernel? Are there > any reasons not to build security in default kernel? 2. If the answer in > question 1. is no, would it be an idea to develop a SecureKernel?
We have made some various attempts at different security mechanism at codelevel, leveraging the standard Java security mechanism, but there are "issues" surfacing when we get to it at a detail level. It is a high-priority matter, since we need to sort this out prior to moving on to Subject level seurity, i.e. leveraging the JAAS. > 3. If you were going to build security in kernel (either DefaultKernel or a > SecureKernel), would you build it upon Java's security API > (AccessController/SecurityManager, Policy, ProtectionDomain, JAAS etc) or > would you rather build your own security component? As much as possible needs to be leveraged, since we are not in the position to dissect the basic research underlying the security matters. Sun have done that, and we can just harness their efforts. > 4. If the answer to questions 1. and 2. is no (i.e. no security in kernel), > would you rather develop security in each Container? Not sure what you mean by "Container" in this context. Typically we talk about Merlin being a Container, but I assume you are thinking of something else. Niclas -- +---------//-------------------+ | http://www.bali.ac | | http://niclas.hedhman.org | +------//----------------------+ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
