The Artima Developer Community
Sponsored Link

Jini Security
A Conversation with Bob Scheifler, Part I
by Bill Venners
July 8, 2002

<<  Page 3 of 5  >>


Mutual Authorization

Bill Venners: What particular problems arise in the context of dynamically downloaded code?

Bob Scheifler: There are three special ramifications with respect to dynamically downloaded code. One is that we have a mutual authorization problem—not just a mutual authentication problem but a mutual authorization problem. In normal network security—where I am a client again talking to you as a service—once I have authenticated to you, you need to make some access control decisions. Am I allowed to access this bank account or not? That is the standard authorization problem. You as a service must decide what I as a client am allowed to do.

With dynamically downloaded code, I as a client also have an authorization problem now because you dynamically downloaded code to me when you sent me your service proxy. So I as a client must decide what that dynamically downloaded code can do next. You might not think of that as an authorization problem, but that is essentially what it is. The security policy I run grants code permission to do something or to not do something—that is access control. That is an authorization decision. I decide what I will let your dynamically downloaded code do in my address space on my behalf.

Client-side authorization decisions are new with Jini because in traditional systems with no dynamically downloaded code I don't have to worry about that problem. Usually, I trust all the code I run when I talk to you. I don't want to have to worry about authentication of my code. I just trust it.

<<  Page 3 of 5  >>

Sponsored Links

Copyright © 1996-2018 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use