Distributed Policy Management for JDK 1.2

In JDK 1.2, the security architecture supports fine grained access control. In the default implementation, Java runtime modules (classes) are signed, and permissions are configured through a configuration file using the signer’s identity and the loading location (URL) of the module. In a large network, the number of applets and the frequency of changes to the security policy will eventually grow very large. In a large organization, changing the configuration file in all Java enabled workstations and devices every time a need arises may be very hard. In this paper, we describe a better scaling solution. We use authorization certificates to delegate permissions to Java modules. In JDK 1.2, the permissions are attached to the runtime modules through protection domains. In our implementation, each protection domain may be decorated with one or more SPKI certificates. These certificates directly describe the possible permissions of the domain. The actual permissions depend on the currently valid certificate chains leading to these certificates. In addition to the certificates distributed with the modules, certificates for the chains may be retrieved from a distributed directory service. This approach makes it possible to fully distribute Java security policy management, allowing, among other things, security policy to be changed and new permissions types to be introduced without any modifications to the local configuration. Furthermore, the permissions need not be statically assigned but can be dynamically derived from the SPKI certificates as