Re: [higgins-dev] whoami (was [IdAS] Context open/close semantics)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [higgins-dev] whoami (was [IdAS] Context open/close semantics)

From: Greg Byrd <gbyrd@xxxxxxxx>
Date: Fri, 11 Aug 2006 15:07:31 -0400
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <http://eclipse.org/pipermail/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Thunderbird 1.5.0.4 (Windows/20060516)

Yes, I (mostly) agree. (It's possible in some cases to detected thishijacking -- e.g., using theJAAS getSubject call -- but in general it's not possible. So passingIContext instances around

should be avoided.)

I looked through the API to see if there were places where we return anIContext:


IContextFactory.createContext -- of course

IDigitalSubject.getContext -- this is supposed to "return the Contextthat contains this DigSub"


Should this second one return:
(a) the actual Context instance that created this DigitalSubject object?
(b) a new (unopened) Context instance?
(c) a ContextRef?

We do have methods that return IDigitalSubjects, viaSubjectRelationships. These DigitalSubjectsmay be from different contexts. Should the relationship instead returna reference to a DigitalSubject,

as in ContextRef+CUID?

In other words, if I follow a relationship from a Subject in my openedContext to a Subject thatbelongs to a different (unopened) Context, and then do getContext onthat Subject, what should I get?

My opinion is that getSubject should return a ContextRef, and thatSubjectRelationship should return

Iterable<IDigitalSubjectRef>.

...Greg




Jim Sermersheim wrote:

>>> Greg Byrd <gbyrd@xxxxxxxx> 8/10/06 8:59 AM >>>
<snip>
>I'm not yet in favor of the whoami call.  I guess I'm worried about
>someone random querying a Context and getting my identity object, which
>might contain private credentials.<snip>If there were a way for someone to randomly query a Context and gainaccess to your private credentials via a whoami method, then there isa serious security problem regardless of that method. If I (Jim) cansomehow obtain a Context that you (Greg) originally opened with yourcredentials, then I am now essentially you. I can read and updateanything you have privileges to. For some CP's this includes yourcredentials (even without a whoami method).Applications need to be written in such a way as to not shareauthenticated Contexts among non-trusted parties.
------------------------------------------------------------------------

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

Follow-Ups:
- Re: [higgins-dev] whoami (was [IdAS] Context open/close semantics)
  - From: Jim Sermersheim

References:
- [higgins-dev] [IdAS] Context open/close semantics
  - From: Greg Byrd
- Re: [higgins-dev] [IdAS] Context open/close semantics
  - From: Jim Sermersheim
- Re: [higgins-dev] [IdAS] Context open/close semantics
  - From: Greg Byrd
- Re: [higgins-dev] [IdAS] Context open/close semantics
  - From: Jim Sermersheim
- Re: [higgins-dev] [IdAS] Context open/close semantics
  - From: Greg Byrd
- [higgins-dev] whoami (was [IdAS] Context open/close semantics)
  - From: Jim Sermersheim

Prev by Date: Re: [higgins-dev] [IdAS] Context open/close semantics
Next by Date: Re: [higgins-dev] whoami (was [IdAS] Context open/close semantics)
Previous by thread: [higgins-dev] whoami (was [IdAS] Context open/close semantics)
Next by thread: Re: [higgins-dev] whoami (was [IdAS] Context open/close semantics)
Index(es):
- Date
- Thread

Breadcrumbs