Security

[Tim Boudreau]

>
> > I think there is definitely value in the module knowing what permissions
> > it needs to function, and to be shipped with those permissions.  I think
> > that if this is combined with a configuration-specific verification
> > mechanism, this could allow users to express a level of trust the way
> > they do today for signed JARs, and/or perhaps be able to verify (at
> > install time) whether or not they want to go ahead with installing a
> > module with certain permissions.
>
> I can imagine building something like this, but would anyone use it?
>

Umm... no.

David, could you give a concrete example of what you're looking for?
Permissions like creating classloaders or accessing files or network - i.e.
security-manager applet-style stuff, or something else?

I don't think it works to discuss permissions in the abstract without an
explicit use case or two to understand what you're after and why.


> I've seen little evidence over the years of broad use of the fine-grained
> security model introduced way back in JDK 1.2.  Do we really need to
> complicate the module system with permission declarations?
>

My instinct would be to make sure a module can provide metadata beyond just
what's in the spec, as you can with module manifests, so if someone wants
that they can implement it and do a tree of per-module SecurityManagers or
whatever;  if it proves of broad value, it'd be a fine subject for its own
subsequent JSR.  Happy to be convinced otherwise.

-Tim

http://timboudreau.com