OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: XACML J2SE[TM] Platform Policy Profile

Hi Argyn,

I did a quick prototype using Sun's XACML open source that took only a 
few days.  This convinced me the proposal was feasible, but I did no 
further work on it.  I can't release my prototype code, although clearly 
it would take someone only a couple of days to reproduce what I did :-)

There are things that need to be fixed in the proposal.  Here are my 
"TBD" notes:
1) Performance
      Cache results based on hashing Protection Domain and requested
2) Threading and recursion issues
      Some objects needed to evaluate a request have permissions of
      their own, so there can be multiple levels of call in play at
      There needs to be a context consisting of the current
      ProtectionDomain, requested Permission, and current parsed
      Action maintained for each thread.  Callbacks from the
      J2SEAttributeFinderModule to the value retrieval methods in
      XACMLPolicyProvider need to be able to return the values
      associated with the executing thread.
    o Experiment with a couple of approaches, test for efficiency
      Tools to use:
      * java.lang.Thread.currentThread() returns a reference to the
        currently executing Thread object.
      * Thread.setName(String) associates a name with the current
        thread, and Thread.getName() returns that value.
      Could create a random# name for each thread in implies(), set
        it there, and use it to hash into a context table.
      Could create separate instance of J2SEAttributeFinderModule
        for each invocation.  See above under "signed permissions"
3) My mis-interpretation of how signed Permissions and signed Codesource
    works in Java.
    Actually need to access a keystore and compare the certificate
    there to the certificate associated with the class
    ProtectionDomain.  Currently just comparing name from
    certificate associated with class to name in policy, but class
    could be signed by a bogus certificate having that subject
    name.  Nothing else checks that certificates used to sign
    classes are trusted.
    o Would be efficient to verify certificates used to sign
      classes when the classes are loaded, but do not necessarily
      know where the keystore is at that point.
    o Probably will be efficient to cache signer subject
      names/aliases that have already been verified.


Argyn wrote On 04/21/06 15:56,:
> Anne
> some time ago i read your work here
> http://research.sun.com/projects/xacml/J2SEPolicyProvider.html
> did it go beyond a proposal? was there any kind of implementation planned?
> thanks,
> argyn
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]