Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Difference between revisions of "Security: Requirements"

Line 10: Line 10:
 
* Find a way to run non trusted plug-ins in a sandbox
 
* Find a way to run non trusted plug-ins in a sandbox
 
* Make EMF generated code secure: define model specific permissions and use them in the generated code
 
* Make EMF generated code secure: define model specific permissions and use them in the generated code
 +
* Support a password management (or perhaps service management) UI for storing passwords to CVS, etc.
  
 
* Platform UI enhancements
 
* Platform UI enhancements
Line 16: Line 17:
 
** User interface for managing KeyStores for code signing trust (cacerts, user's .keystore, etc)
 
** User interface for managing KeyStores for code signing trust (cacerts, user's .keystore, etc)
 
** User interface for managing permissions granted to bundle signers
 
** User interface for managing permissions granted to bundle signers
 +
** User interface for managing passwords for services
  
 
* JDT UI enhancements
 
* JDT UI enhancements

Revision as of 21:27, 10 June 2007

Document for collecting Security requirements

Requirements

  • Support plugging JCA/JCE classes into the platform dynamically via services or extensions
  • Use Java-standard APIs like KeyStore, CertStore, etc. where appropriate for Key management
  • Support login to the platform
  • Run with a fully-integrated SecurityManager
  • Define domain specific Permissions for eclipse concepts (e.g. ViewPermission, ActionPermission)
  • Find a way to run non trusted plug-ins in a sandbox
  • Make EMF generated code secure: define model specific permissions and use them in the generated code
  • Support a password management (or perhaps service management) UI for storing passwords to CVS, etc.
  • Platform UI enhancements
    • Plug KeyStore instances into the platform for use during code signing (and someday other - e.g.: mail signing) operations
    • Prompt for passwords for KeyStores and their aliases when used
    • User interface for managing KeyStores for code signing trust (cacerts, user's .keystore, etc)
    • User interface for managing permissions granted to bundle signers
    • User interface for managing passwords for services
  • JDT UI enhancements
    • Show the signer information/configuration of classes in jars and projects
    • Configure a project to be signed after compile using a system KeyStore or a project specific KeyStore
    • Manually cause signing to occur from project context menu
    • Simple support for launching with a security manager (ie: a checkbox in the launch config)
    • Ability to run a workspace project as if it was a signed and packaged jar
    • Handle keystore file types (*.keystore,*.jks,*.jceks,*.p12 etc) in project filesystems
  • Scan the Eclipse RCP codebase and ensure that doPrivileged blocks are inserted in appropriate places
  • Run a code scan with each build, and post results in the same location as JUNIT results
  • API
    • Allow other plugins to hook into login, and provide Principle instances to associate with a Subject on login (via services or extensions)
Retrieved from "https://wiki.eclipse.org/index.php?title=Security:_Requirements&oldid=38688"

Back to the top