Community
Participate
Working Groups
Lotus has a need to restrict the plugins that are allowed to load to be from a list of approved and trusted signers. This will require continued investigation into the issues that prevented the platform from running with signed bundles in 3.2. There will also likely be enhancements to the API for the OSGi JarVerifier to abstract trust to external decision point (a la JSSE TrustManager).
Is anything planned for 3.3 ?
There is partial support for this but we need more help from the community to get this one complete. For 3.3 nothing further is planned.
Consistent language with Equinox site
Moving to Security component
This is marked "P2", which in general means "we'd rather not ship without fixing this". Is the expectation that we are going to do something about this for R3.4?
Yep, and barring documentation this task is complete. We've added the SignedContent, TrustEngine and AuthorizationEngine interfaces to Equinox, and some basic UI for manipulating the default policy (allow-all, only-allow-signed, only-allow-trusted). We scaled back a bit from what I imagined in terms of associated certificate management UI based on P2's related needs. I need to sit down and see what this means to this bug and the ones it blocks, but yes - this is in for 3.4.
Nice. (You got polled because I'm going through all the P1/P2 bugs.)
Is this still planned for 3.4 ? The bug is open, and we are finished with RC1. Feels late for an 'enhancement'...
This has been in for a while. Still needs documentation.