[Moved from equinox-dev] What you seem to be asking for is a negative permission: a bundle can't register a Foo service (but can register other services). The java permission model does not support negative permissions.
While you could use conditions to guard a set of ServicePermissions to give SerivcePermission[Foo,REGISTER] permission to the special bundles, you can't "take it away" from the other bundles. You would have to give the other bundles the complement of SerivcePermission[Foo,REGISTER] which is a really an unbounded set of ServicePermissions. We had a lot of discussions about negative permissions in OSGi during R4 development. At the time, it was decided that it was a difficult subject and very different that the java permission model and we chose to avoid it. This is not to say it could not be looked at for R5. It would require a nomenclature to specify the negative permissions and special permission collections to negate the implies result of the union of the implies of the collected permissions. BJ Hargrave Senior Technical Staff Member, IBM OSGi Fellow and CTO of the OSGi Alliance [EMAIL PROTECTED] Office: +1 407 849 9117 Mobile: +1 386 848 3788 ----- Forwarded by BJ Hargrave/Austin/IBM on 09/13/2006 10:21 AM ----- "John Wells" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 08/29/2006 01:22 PM Please respond to Equinox development mailing list <[EMAIL PROTECTED]> To "Equinox development mailing list" <[EMAIL PROTECTED]> cc Subject [equinox-dev] OSGi and Security I want to allow only specific bundles to offer particular services. For example, suppose I have a service "com.acme.Foo" that I want to be sure is only available from one of three particular signed bundles. How can I do this with the OSGi Security (either Conditional (chapter 9) or not (chapter 10))? The trouble with this, of course, is that I want all other bundles to be allowed to REGISTER any other services without having any knowledge of what those services might be beforehand (and without having to force them to explicitly allow for any service they might want to offer in their security files). So, the question is whether or not I can somehow set up a condition that allows me to specify that particular services can only come from particular bundles without having to then explicitly allow specific services from all other bundles. Thanks in advance for your help! John Wells (Aziz) [EMAIL PROTECTED] _______________________________________________________________________ Notice: This email message, together with any attachments, may contain information of BEA Systems, Inc., its subsidiaries and affiliated entities, that may be confidential, proprietary, copyrighted and/or legally privileged, and is intended solely for the use of the individual or entity named in this message. If you are not the intended recipient, and have received this message in error, please immediately return this by email and then delete it. _______________________________________________ equinox-dev mailing list [EMAIL PROTECTED] https://dev.eclipse.org/mailman/listinfo/equinox-dev _______________________________________________ osgi-dev mailing list osgi-dev@bundles.osgi.org http://bundles.osgi.org/mailman/listinfo/osgi-dev
