This paper has focussed on the way in which delegation is structured and used in SDM to support secure operation when multiple components together provide a given service. SDM builds upon exisitng mechanisms, mainly those already established in the Java JDK1.2 security framework, to establish a practical basis for constructing flexible yet secure components and support infrastruture. SDM extends the JDK1.2 framework to include explicit support for principals. We have provided implementation strategy for SDM to be built over the JDK1.2 framework.
As outlined in section 2.2, implementation of SDM requires that the JDK1.2 domain model be extended to include principals, so that each CodeSource will also have a principal associated with it. One domain will be formed for each such <CodeExecutor, CodeSource>. Further authentication and access control (and delegation) may then be based on the CodeExecutor.
To support PrincipalDomains, the Java runtime system must maintain a mapping from <CodeSource, CodeExecutor> pair to their protection domains and also the mapping between protection domains and their privileges. This could, for example, be implemented at the execution stack level with the aid of class blocks and the executing environment frame, as illustrated in Figure.
In future, we intend to implement our SDM delegation framework over the JDK1.2 security framework. We have already implemented access control mechanisms [16] based on CodeSource information. We plan to extend the mechanism to include the information on principals to further control any access requests.