Re: Secure Kernel in Merlin

Sat, 03 Apr 2004 21:08:04 -0800 

On Sunday 04 April 2004 06:19, Nader Aeinehchi wrote:
> The way I see it, you need some abstraction of various components in the
> security:
>
> 1. Security Provider(s)
> 2. Security Facade
> 3. Security Brain (AccessController, SecurityManager, SecurityEngine or
> whatever you like to call it)

You are already flying sky high in Subject level security. I agree that is 
where most business-logic people will be interested in, but without nailing 
down the lower layers, you only have a perceived secured system, instead of a 
guaranteed secure system.

> Now the Sun's approach is very nice and powerful, but it is too abstract
> most organizations.  

Yes, it is. And it is our job to take the building blocks (standard + JAAS) 
provided by Sun and create a useful implementation. I.e. At JAAS level we 
will need to 'componentize' the LoginModule and Permission systems, so it can 
be tailored and reused more easily to various scenarios.

>From my head, I see it something like this;

In the component, we would then have;


public void contextualize( Context  sc )
{
    m_SecurityContext = (SecurityContext) 
        sc.get( "urn:security:context" );
}

public void someEntryPointMethod()
    throws SecurityException
{
    m_SecurityContext.login();
    :
    :
}

public void someExitPointMethod()
    throws SecurityException
{
    m_SecurityContext.logout();
    :
    :
}

public MyGuardedObject getMyGurardedObject()
{
    Permission required = new MyGuardedObjectPermission();
    m_SecurityContext.checkPermission( required );
    :
}

And in the SecurityContext class, the login() method needs to delegate to 
something that can track the Principal across multiple requests (such as a 
Web environment), so a 'credential' object may be needed to be passed in the 
login() method.

The checkPermission method in the SecurityContext would probably just do 
something like;
    Acl acl = getTheAclFromAProvider();
    Principal p = m_LoginContext.getSubject();
    acl.checkPermission( p, required );

Or possibly delegate that particular code snippet to a pluggable provider, so 
you can implement your own...


These are my thoughts, and could well be far off the target... :o)


Niclas

-- 
+---------//-------------------+
|   http://www.bali.ac         |
|  http://niclas.hedhman.org   |
+------//----------------------+

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to