[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [equinox-dev] authentication vs authorization
|
Hi Neil,
Neil Bartlett wrote:
<stuff deleted>
The problem is that there is a wide and multifarious range of
scenarios that need to be supported. For example:
<stuff deleted>
You are of course correct about the need to support many use cases. But
I feel that's frequently true for platform security...it's something
different for nearly everyone.
I think there needs to be a dialog between the Equinox security group
and those of us who are trying to write secure RCP apps. For my needs
in particular, bundle signing and Java permissions are irrelevant
(although Sword4J is very cool). It's not the code I don't trust, it's
the users!
True...and for several of my use cases (storing/accessing user
information about accounts/credentials) it's also about the
(authenticated) users rather than trusting/restricting the bundles. I
know these are not independent, of course. But if there's not some way
to satisfy these use sorts of relatively simple security use cases (that
depend upon authentication but perhaps not on authorization) I think
many RCP developers would be prevented from building their applications
with 3.2.
Scott
