The Artima Developer Community
Interviews | Print | Email | First Page | Previous | Next
Sponsored Link

Security Constraints
A Conversation with Bob Scheifler, Part IV
by Bill Venners
July 29, 2002

Page 1 of 7  >>

Advertisement

Summary
Bob Scheifler talks with Bill Venners security constraints and Jini's RemoteSecurity interface.

Many potential applications of Jini require network security. Although various third parties have made proprietary security extensions to Jini, until now the only security available to users of the standard Jini release is the security infrastructure of the Java platform. The Jini Community's Davis project is about to change that. Bob Scheifler is leading the development of the next release of Jini, in which security is the central concern, as part of the Davis project.

On Friday, April 12, 2002 Bill Venners visited the Sun Microsystems campus in Burlington, Massachusettes and interviewed Bob Scheifler, Sun Distinguished Engineer and architect in the Jini Group. In Part I of this interview, Scheifler discusses the need for security in Jini and the special security considerations of dynamically downloaded code. In Part II, Scheifler describes the mechanisms used to determine whether a proxy should be trusted. In Part III, Scheifler covers the mechanisms used to achieve object integrity. In this fourth installment of the interview, Scheifler discusses security constraints and the RemoteSecurity interface.

Bill Venners: You designed a way to add network security to proxies without changing their interfaces. You defined a RemoteSecurity interface that a proxy can implement to become a secure proxy. Could you talk about RemoteSecurity?

Bob Scheifler: One of our goals was to add network security in a way that didn't require us to make API changes to all of the existing service interfaces. So we have an additional interface that proxies implement called RemoteSecurity. It has only four methods, so it is not very complicated. And, in fact, three of the four methods are not very interesting. They are there for completeness. The main method is a way of setting security constraints on the proxy. I inject security constraints into the proxy. I tell the proxy what kind of network security I want for subsequent remote calls that I make through that proxy.

Page 1 of 7  >>

Interviews | Print | Email | First Page | Previous | Next

Sponsored Links



Google
  Web Artima.com   
Copyright © 1996-2014 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use - Advertise with Us