celix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From e...@jansman.eu
Subject Re: Implementing security features in Celix
Date Thu, 14 Nov 2013 08:36:07 GMT

> Hey everyone,
> I'm currently working on implementing a proof of concept concerning signed
> bundles in Celix. It is currently implemented as a bundle, but
> security-wise a bundle is not the best solution considering a malicious
> bundle can be inserted prior to a security bundle. I'm therefore curious
> if
> anyone has any thoughts on the following questions:
> What is the best way to implement security features (e.g. signed bundles)
> into Celix?
> - include it as a linked library?
> - put it directly into the framework?
> - or create a security bundle, but make sure it loads first?

What are the advantages and disadvantages of the options? Would for
example having a bundle give the option to reuse parts of the security
bundle to do data encryption?

> Concerning activation and configuration:
> - include a configuration option to (de)activate the requirement of signed
> bundles?
> - choose whether or not signed bundles are required prior to compilation,
> such that it becomes an always on/off feature?

I think having the option to toggle the requirement after compilation
would be nice to have because it allows you to compile the framework once
and use it on multiple systems.

> Personally I'm leaning towards including it as a linked library and
> configuring the feature(s) during compilation. But I'm curious if some of
> you have a specific opinion on this and what that opinion is.
> Regards,
> Ben.



View raw message