From: wayne.lund@ac.com
To: java-security@web1.javasoft.com
Date: Tue, 26 May 1998 09:59:19 -0700
Subject: Java Security Programming Guidelines
Java Security,
We have 2 clients that are looking at implementing Java based internet
applications. We are in the process of reviewing the different services
offered by the new 1.2 JDK and that have existed in the 1.1. Does Sun have
any programming guidelines (patterns) for when a particularly type of Java
Security Model should be used? how to mix and match? etc. These clients
do have users in very disparate domains - for example "Self Service
Customer" (Untrusted user), "Field Engineer" (More trusted user), "System
User" (Most trusted user) with some applications/components shared by all
and others specific to the user group. How do you best decide whether the
right approach is Signed Applets, Customizing security domains, etc.
Any information will be greatly appreciated. Please feel free to contact
me at:
(206) 689-8062
Wayne Lund