Juan, You asked people to comment in both the wiki and the emails but you didn’t include comments from the wiki below.
I have two issues, the first I raised in the wiki is what about caching the authentication lookups: > Can we safely assume that some caching of authorization requests will be > performed? What will the scope and lifetime of this caching be? Are the > authentication rules and modules assumed to be immutable at runtime? All of > this will have significant implications on performance. The second issue is how does this differ, augment are compete with Java’s built in Security Manager / Policy system. It was designed for a lot of these same reasons, restricting application access to specific OS level operations that can be dangerous if executed by malicious code. Why is such a system not sufficient to handle our concerns in OQL? Beyond creating sockets, files, threads, forks, etc. what are we intending to prevent the OQL user executing? Thanks, Jake > On Jun 28, 2019, at 10:36 AM, Juan José Ramos <jra...@pivotal.io> wrote: > > Hello all, > > Below are some answers/comments to the questions and feedback gathered > during the last round, along with some final ideas at the end of the email. >