Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Security: Requirements"
Line 10: | Line 10: | ||
* Find a way to run non trusted plug-ins in a sandbox | * Find a way to run non trusted plug-ins in a sandbox | ||
* Make EMF generated code secure: define model specific permissions and use them in the generated code | * Make EMF generated code secure: define model specific permissions and use them in the generated code | ||
+ | * Support a password management (or perhaps service management) UI for storing passwords to CVS, etc. | ||
* Platform UI enhancements | * Platform UI enhancements | ||
Line 16: | Line 17: | ||
** User interface for managing KeyStores for code signing trust (cacerts, user's .keystore, etc) | ** User interface for managing KeyStores for code signing trust (cacerts, user's .keystore, etc) | ||
** User interface for managing permissions granted to bundle signers | ** User interface for managing permissions granted to bundle signers | ||
+ | ** User interface for managing passwords for services | ||
* JDT UI enhancements | * JDT UI enhancements |
Revision as of 21:27, 10 June 2007
Document for collecting Security requirements
Requirements
- Support plugging JCA/JCE classes into the platform dynamically via services or extensions
- Use Java-standard APIs like KeyStore, CertStore, etc. where appropriate for Key management
- Support login to the platform
- Run with a fully-integrated SecurityManager
- Define domain specific Permissions for eclipse concepts (e.g. ViewPermission, ActionPermission)
- Find a way to run non trusted plug-ins in a sandbox
- Make EMF generated code secure: define model specific permissions and use them in the generated code
- Support a password management (or perhaps service management) UI for storing passwords to CVS, etc.
- Platform UI enhancements
- Plug KeyStore instances into the platform for use during code signing (and someday other - e.g.: mail signing) operations
- Prompt for passwords for KeyStores and their aliases when used
- User interface for managing KeyStores for code signing trust (cacerts, user's .keystore, etc)
- User interface for managing permissions granted to bundle signers
- User interface for managing passwords for services
- JDT UI enhancements
- Show the signer information/configuration of classes in jars and projects
- Configure a project to be signed after compile using a system KeyStore or a project specific KeyStore
- Manually cause signing to occur from project context menu
- Simple support for launching with a security manager (ie: a checkbox in the launch config)
- Ability to run a workspace project as if it was a signed and packaged jar
- Handle keystore file types (*.keystore,*.jks,*.jceks,*.p12 etc) in project filesystems
- Scan the Eclipse RCP codebase and ensure that doPrivileged blocks are inserted in appropriate places
- Run a code scan with each build, and post results in the same location as JUNIT results
- API
- Allow other plugins to hook into login, and provide Principle instances to associate with a Subject on login (via services or extensions)