Jump to: navigation, search

Difference between revisions of "Security: Requirements"

(Requirements)
Line 10: Line 10:
 
* Find a way to run non trusted plug-ins in a sandbox
 
* Find a way to run non trusted plug-ins in a sandbox
 
* Make EMF generated code secure: define model specific permissions and use them in the generated code
 
* Make EMF generated code secure: define model specific permissions and use them in the generated code
 +
* JDT enhancements
 +
** show the signer information of jars and projects
 +
** configure a project to be signed after compile
 +
** manually cause signing to occur from project context menu
 +
** clear support for launching with a security manager (ie: a checkbox in the launch config)
 +
** ability to run an exploded jar as if it was a signed and packaged jar
  
 
[[Category:Equinox]]
 
[[Category:Equinox]]
 
[[Category:Security|Requirements]]
 
[[Category:Security|Requirements]]

Revision as of 10:46, 22 May 2007

Document for collecting Security requirements

Requirements

  • Support plugging JCA/JCE classes into the platform dynamically via services or extensions
  • Use Java-standard APIs like KeyStore, CertStore, etc. where appropriate for Key management
  • Support login to the platform
  • Run with a fully-integrated SecurityManager
  • Define domain specific Permissions for eclipse concepts (e.g. ViewPermission, ActionPermission) and make
  • Find a way to run non trusted plug-ins in a sandbox
  • Make EMF generated code secure: define model specific permissions and use them in the generated code
  • JDT enhancements
    • show the signer information of jars and projects
    • configure a project to be signed after compile
    • manually cause signing to occur from project context menu
    • clear support for launching with a security manager (ie: a checkbox in the launch config)
    • ability to run an exploded jar as if it was a signed and packaged jar