I am pleased to announce that Ted Habeck
and Jay Rosenthal have agreed to push on the various security issues in
Eclipse RCP within the Equinox project.
Ted works in the Security group at IBM
Research (http://www.research.ibm.com/javasec). He is mainly focussed
on enabling and configuring Java2 security for the Eclipse 3.x platform.
His intent is to modify the Eclipse 3.1 code stream by adding doPrivileged()
wrappers where appropriate and providing call path analysis with required
permission reports for the balance of identified privileged operations.
I am very pleased he will be able to apply his (and his group's)
expertise to this extremely important part of the overall security story.
Jay is a member of the Lotus Infrastructure
Security team working on Lotus Workplace (major Eclipse-based RCP app).
He has been focused mainly on areas such as authentication, keystores/credentialstores,
integration of JSSE and the Apache HTTP clients as well as Eclipse/SWT
UI to manage and interact with these components. His experience with
these technologies in a product setting will help add a robust and flexible
authentication and keystore/credentialstore model based on standards (JAAS,
KeyStore, etc) to the Eclipse RCP.
In the spirit of populating a new work
area, I am calling on the Equinox committers to vote in favour of granting
commit rights to Ted and Jay.