Difference between revisions of "Security: Requirements"

Revision as of 16:42, 23 May 2007

Document for collecting Security requirements

Requirements

• Support plugging JCA/JCE classes into the platform dynamically via services or extensions
• Use Java-standard APIs like KeyStore, CertStore, etc. where appropriate for Key management
• Support login to the platform
• Run with a fully-integrated SecurityManager
• Define domain specific Permissions for eclipse concepts (e.g. ViewPermission, ActionPermission) and make
• Find a way to run non trusted plug-ins in a sandbox
• Make EMF generated code secure: define model specific permissions and use them in the generated code

• Platform UI enhancements
  • Plug KeyStore instances into the platform for use during code signing (and someday other - e.g.: mail signing) operations
  • Prompt for passwords for KeyStores and their aliases when used
  • User interface for managing KeyStores for code signing trust (cacerts, user's .keystore, etc)
  • User interface for managing permissions granted to bundle signers

• JDT UI enhancements
  • Show the signer information/configuration of classes in jars and projects
  • Configure a project to be signed after compile using a system KeyStore or a project specific KeyStore
  • Manually cause signing to occur from project context menu
  • Simple support for launching with a security manager (ie: a checkbox in the launch config)
  • Ability to run a workspace project as if it was a signed and packaged jar
  • Handle keystore file types (*.keystore,*.jks,*.jceks,*.p12 etc) in project filesystems