On 10/05/2010 01:07 PM, Peter Firmstone wrote:
Yes I think Sim is talking about making trust decisions and Michal and I
are talking about the handshake, we need both, I don't think we're
having an issue of agreement, just understanding.
No, i'm talking about both.
Before you can unmarshall, you need code. This code is loaded by a
classloader. The ONLY place where we can check code, is this classloader.
For every trust decision i've made, the classloader should check if what
is loaded is consistent with the trust decision i've made.
I want this trust system to be exclusive. Only when trust is granted am
i willing to perform code i have been given.
I want this trust system to be dynamic. I want to be able to change my mind.
I want this trust system to be automated only in removing trust. I dont
want to have a machine surprise me by downloading a trojan.
I want this system to be certification friendly. So not only based on
Principal alone.
Eh, would this constitute a requirements definition? :-)
Gr. Sim
