I want to load Marshalled Objects from different locations with
identical bytecode into the same ClassLoader, I want to do this using
codebase services and OSGi, which gives me another level of indirection
and a richer security model with Condition's
PermissionDomain has a 1:1 relationship with ClassLoader
Trust Verifiication.
Identity and Authentication.
What distinguishes different services (from different remote locations
and domains) utilising the same ClassLoader, PermissionDomain and bytecode?
Principals.
I wonder if Conditions can apply to Principals? Such that when a proxy
has lost connection with its service node, the Condition denies a
Principal relating to that proxy any Permission, until the Service can
be asked to verify it's proxy again? I was thinking that the proxy
itself doesn't attempt to find its lost service, instead that would be
done by a new JERI Endpoint implementation, to do that the Endpoint
needs to know the Service's Identity.
Any OSGi guru's out there?
So we have Permissions being granted at different levels and we have
Conditions that make those Permissions Dynamic:
Principal - Can I trust the service? Can I grant it a Permission? What
are the current Conditions?
PermissionDomain & ClassLoader - relates to the Code Signer (which may
be different to the Service Principal). Do I trust the bytecode? If I
do, the bundle tells me the Permissions required to execute that bytecode.
Lets imagine for a moment, were happily using a Service, and suddenly it
throws a RemoteException, after some a wait period, we retry, the
service hasn't returned, so do we ask the JERI Endpoint to find the
service? Or does the JERI Endpoint catch the exception and try to find
it itself? The Endpoint finds the service based on identity, it has
moved, we must re verify our Trust because the Conditions have changed.
So now we must catch a Permission denied exception, and go through the
re-verification process.
Does Bob Scheifler still watch the list? Anyone know where I can find Bob?
