37692 – [plan item] Add a security model

Bug 37692 - [plan item] Add a security model

Summary: [plan item] Add a security model

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Platform
Classification:	Eclipse Project
Component:	Runtime (show other bugs)
Version:	2.1
Hardware:	All All

Importance:	P4 enhancement with 5 votes (vote)
Target Milestone:	---
Assignee:	DJ Houghton
QA Contact:

URL:
Whiteboard:
Keywords:	plan

Depends on:
Blocks:

Reported:	2003-05-15 11:17 EDT by Jim des Rivieres
Modified:	2021-06-17 10:22 EDT (History)
CC List:	9 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jim des Rivieres

2003-05-15 11:17:22 EDT

Add a security model. Security needs are pervasive. The Eclipse Platform 
should provide the basic framework for a security mechanism that can be used 
by all plug-ins, including a simple credentials store and user authentication. 
Additionally, key parts of the Platform itself should be secured, such the 
ability to install plug-ins, which might need to be restricted in certain 
products or for certain users. [Platform Core, Platform Update] [Theme: Rich 
client platform]

Comment 1 Andre Weinand

2003-07-24 06:01:11 EDT

[I've posted this on platform-core-dev and John Arthon suggested to add this here]

Coming from the Mac I've learned to love the concept of a "keychain", that is a central place in the  
OS where passwords are securely stored and were applications can easily get access to (if the 
keychain is unlocked of course).

The benefits of using a keychain is that
- users have a single sign-on,
- a single policy exists for dealing with passwords,
- passwords are securely stored if keychain is locked,
- user can lookup and edit their passwords in a safe and secure place if they need to
  (for example I change my Novell password in my keychain whenever the system forces me to
  change it and after that I'm sure never to be asked again for the new password from any
  application)

So an API for a Keychain service would probably something like this:
getPasswordFromKeychain(...);
storePasswordInKeychain(...);

Do you think platform specific Keychain support for Eclipse would be feasible?
If yes, I can look into the Keychain manager of MacOS X in order to give you more detailled
information about how a minimal API could look like.

Comment 2 Juergen Weber

2003-12-03 10:13:22 EST

If Eclipse is to be used as a rich client platform, a security model should be
compatibel with J2SE (JAAS, JCE and JSSE) and J2EE (role based security), the
latter if a rich client is to be used as client for EJBs or servlets running in
an application server.

Comment 3 DJ Houghton

2004-04-15 10:45:39 EDT

This originally proposed plan item has been pushed back to deferred and will be
addressed post 3.0.

Comment 4 Dirk Hagener

2005-03-17 10:53:48 EST

(In reply to comment #3)
> This originally proposed plan item has been pushed back to deferred and will 
be
> addressed post 3.0. 

Very sad to read! The missing security capabilities are the major drawback for 
using the Eclipse RCP for serious commercial applications. Are there any plans 
when this item will be addressed?

Comment 5 John Arthorne

2009-08-18 16:15:12 EDT

[LATER->WONTFIX] The "LATER" bugzilla resolution is being removed so reopening to mark as WONTFIX.

Comment 6 John Arthorne

2009-08-18 16:21:09 EDT

[LATER->WONTFIX] The "LATER" bugzilla resolution is being removed so reopening to mark as WONTFIX.