[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: XACML J2SE[TM] Platform Policy Profile
Hi Argyn, I did a quick prototype using Sun's XACML open source that took only a few days. This convinced me the proposal was feasible, but I did no further work on it. I can't release my prototype code, although clearly it would take someone only a couple of days to reproduce what I did :-) There are things that need to be fixed in the proposal. Here are my "TBD" notes: 1) Performance Cache results based on hashing Protection Domain and requested Permission 2) Threading and recursion issues Some objects needed to evaluate a request have permissions of their own, so there can be multiple levels of call in play at once. There needs to be a context consisting of the current ProtectionDomain, requested Permission, and current parsed Action maintained for each thread. Callbacks from the J2SEAttributeFinderModule to the value retrieval methods in XACMLPolicyProvider need to be able to return the values associated with the executing thread. o Experiment with a couple of approaches, test for efficiency Tools to use: * java.lang.Thread.currentThread() returns a reference to the currently executing Thread object. * Thread.setName(String) associates a name with the current thread, and Thread.getName() returns that value. Could create a random# name for each thread in implies(), set it there, and use it to hash into a context table. Could create separate instance of J2SEAttributeFinderModule for each invocation. See above under "signed permissions" 3) My mis-interpretation of how signed Permissions and signed Codesource works in Java. Actually need to access a keystore and compare the certificate there to the certificate associated with the class ProtectionDomain. Currently just comparing name from certificate associated with class to name in policy, but class could be signed by a bogus certificate having that subject name. Nothing else checks that certificates used to sign classes are trusted. o Would be efficient to verify certificates used to sign classes when the classes are loaded, but do not necessarily know where the keystore is at that point. o Probably will be efficient to cache signer subject names/aliases that have already been verified. Regards, Anne Argyn wrote On 04/21/06 15:56,: > Anne > > some time ago i read your work here > http://research.sun.com/projects/xacml/J2SEPolicyProvider.html > > did it go beyond a proposal? was there any kind of implementation planned? > > thanks, > argyn > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]