RE: Request for 1.2 Feature

David Brownell (David.Brownell@Eng)
Fri, 16 Jan 1998 08:46:29 -0800

Date: Fri, 16 Jan 1998 08:46:29 -0800
From: David.Brownell@Eng (David Brownell)
Message-Id: <199801161646.IAA18477@argon.eng.sun.com>
To: gong@games.eng.sun.com, jgindin@walldata.com
Subject: RE: Request for 1.2 Feature

> The problem, in a nutshell, is that I cannot trust the caller of a
> method to honestly tell the called method who he is.

Right ...

> I'm particularly
> interested in being able to determine if the caller implements a
> particular interface, ISecureObject. If I (the called method) know that
> the caller implements that interface, then I can interrogate the caller
> for authentication information (i.e., calling a method like
> ISecureObject.getCertificate()). At that point, I know that I'm getting
> the real information about the real caller.

But do you really have reason to trust what the object chooses to
tell you about itself?

class EvilCaller ... implements ISecureObject {
...
X509Certificate getCertificate () {
return highlyTrustedCertificateOfSomeoneElse;
}
...
}

I can't speak for Li, but for me what'd be more useful is to hear from
you about problem you're trying to solve, rather than the solution you
would like to see (getting an ISecureObject). The JDK does record data
about who signed a class; is that what you want to use? What do you want
to do with the information you retrieve from ISecureObject ... can you
use the JDK's policy support? Should it relate to the user who at some
level caused the call, rather than the software developer who coded it?

- Dave