JDK-6205526 : Fine grained and well defined levels of security and trust for java webstart and plugin
  • Type: Enhancement
  • Component: deploy
  • Sub-Component: deployment_toolkit
  • Affected Version: 1.4.2,6
  • Priority: P2
  • Status: Resolved
  • Resolution: Won't Fix
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2004-12-08
  • Updated: 2015-02-09
  • Resolved: 2015-02-09
Related Reports
Duplicate :  
Relates :  
Relates :  
Relates :  
Description
A DESCRIPTION OF THE REQUEST :
* Break down security access into groups and categories that can be easily understood in the java control panel.
* Allow webstart to enforce well established levels of security on both signed and unsigned applications.
* Add trust levels that shows what level of trust an appliction requires.
* Make the warning when running unsigned JWS applications less hostile as it currently makes the user _really_ want to press NO.
* The ability to restrict requested security in the JWS application manager for specific apps according to the users need.  (Eg: An IRC app wants socket access, the user specialises this to socket access to the internet ONLY.) (eg: File access? File access to a specific directory ONLY.)

(* Company wide internal certificate certification)


Applications can be split into various clear but broad categories.  Applications that access the disk, applications that access only a predefined subdirectory chosen by webstart, applications that use sockets, applications that use comm ports, applications that are restricted in network communication to with the server that they where downloaded, etc.  These can be broadly defined with certain levels of implications and trust levels that can be associated.

JNLP should furthermore define what types of security the application will interact within and this should allow webstart to configure its security manager appropriately.

Webstart currently provides a 'scary' warning sign that really wants me to never run an untrusted application.  This furthermore makes a signed appication have complete control over every resource.

  Company wide certificate certification is covered in another RFE.  Such a mechanism would allow further trust to be certified.  This is partially related to (Review ID: 338796 - Application and Java Control Panel integration into Microsoft Management Console) and an RFE not yet submitted (Trusted Computing).

JUSTIFICATION :
This is one of many RFEs produced from a community discussion at
http://forums.java.net/jive/thread.jspa?threadID=143.  Further
justification could typically be found at the given link or off a
thread listed at the given link.

Security is a major issue in any software environment.  I would want the security warning to be measured according to the trust levels configured. It is not unreasonable to expect that downloading a java webstart application - an IRC Client - it would be reasonable to expect socket access.  I would furthermore want the possibility to

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Levels of trust, better communication of threats, the ability to easily configure and trust applications aswell as the ability to ensure that particular machines are locked down.
ACTUAL -
A frightening message for untrusted jws applications that makes even myself not want to use JWS.  (I dont advocate using a less frightening message without adequate security measures).
###@###.### 2004-12-08 01:07:22 GMT
I an adding the following description, to focus this RFE on a particular request.
---------------------------------------------------------------------------------
Add the ability, from both the Object tag of a plugin applet, and the jnlp file of a jnlp application, to specify a policy file to be used to grant additional permissions to an application or applet.
The future security dialogs, should be able to extract most well know policy file entries from the policy file and present them to the user in an easy to understand dialog.  Other entries may need to be presented to users as the specific policy grant statements (which may be less understandable to the average consumer), but arbitrary policy files should be supported.
For example, we can define several expected policy such as:
permission to read from within certain file directories.
permission to write to within certain file directories.
permission to connect to any socket address.
permission to read and/or write any system properties.
and so on.
In each of these cases and more, we can inform the user of the degree of danger implied by granting these permissions to the app.

Comments
After 10 years of not acting this I am closing as will not fix. When and If security model is changed to allow fine-grained permissions a new Enhancement will be opened for it.
09-02-2015

EVALUATION This RFE is all over the map, requesting a lot of unrelated things, some of which allready exist, some of which are allready rejected, and some of which may be constructive suggestions. ###@###.### 2004-12-10 18:54:41 GMT This RFE is mainly talking about Fine Grained control of security level in Java Webstart, we are not going to fix it in Mustang, therefore I am targeting it to Dolphin. ###@###.### 2005-07-11 17:12:34 GMT
10-12-2004