Last revised: 10Aug2003 GLG
2003-Aug-10 -- Full Release of Authorization Toolkit
This is the first full release of the Authorization Toolkit for Java (AuthKit).The core API is essentially unchanged from the preliminary release. The documentation has been expanded, and some tools have been added, which also serve as real-world working examples.
- Tamper-Resistant Mac OS X App-Bundles describes safeguards which should be taken when distributing, installing, and using AuthKit in a Mac OS X app-bundled Java program. Similar safeguards should be taken on all platforms, but the details of how to lock down trusted elements are entirely platform-specific.
- AuthKit Tools are provided in the packages app.authkit.envoy and app.authkit.tools. These may be useful to Java developers as tools, in addition to serving as real-world examples.
- The package glguerin.util has additional classes to support the tools.
- UnauthorizedCancellation is a new subclass of UnauthorizedException, thrown to distinguish intentional cancellation by the user from any other authorization failures.
- MacOSXAuthorization is the principal concrete implementation. It uses JNI and requires a Mach-O native library, which is supplied in pre-compiled form. This implementation has now been tested under J2SE 1.3.1 and 1.4.1 on Mac OS 10.1 through 10.2.3. Use on Mac OS 10.0 is not advised.
2003-Jul-02 -- Preliminary Release of Authorization Toolkit
This is the initial preliminary release of the Authorization Toolkit for Java (AuthKit).The core API is essentially complete and fully functional. Unless serious flaws are found in this public release, it should not change significantly, if at all, for the final release.
This release is preliminary because the documentation is incomplete, and testing has been limited.
In the documentation in particular, there are several specific points for securing a Mac OS X app-bundle to make it reasonably trustworthy and complete, so it can't be tampered with. Any app-bundle that can potentially run other programs as root, not just a Java app-bundle, must be trustworthy itself. If it's not, arbitrary programs might be run as root, often with dire consequences. Securing the app-bundle is pivotal, and all the necessary steps and safeguards may not be obvious.
It would be nice if I could provide a GUI demo app. I probably won't provide one, though, unless it's very simple or specialized. One problem with simple or specialized apps is that they often don't illustrate or exemplify real-world security procedures or techniques. The simplicity that makes them understandable as illustrations limits the kind of security capabilities they can illustrate. As a result, approaches which are adequate for a simple task may be mistaken as the be-all and end-all of security, and are then copied in places where they are inadequate or entirely wrong. This is actually a danger of any kind of security example, not just simple ones. Let's face it, if good computer security were easy, it would happen more often. The fact that it doesn't happen more often should illustrate its difficulty, even for engineers who regularly eat other kinds of complexity for breakfast.
- MacOSXAuthorization is the principal concrete implementation. It uses JNI and requires a Mach-O native library (supplied in pre-compiled form). It has been tested under J2SE 1.3.1 and 1.4.1_01 on Mac OS X 10.2.3. It should work on all the 10.2.* sub-versions, but this has not been tested. It should work as far back as 10.0, but this has not been tested. I don't know how far forward it will work (10.3 Panther preview?) because it has not been tested there.
To Greg's Home Page
To Greg's Software Page