 |  |  |  |  |
| | | | |
 |  |
The optional OSGi Security layer is based on Java permissions. It provides an infrastructure to define, deploy, and manage fine-grained application permissions.
The OSGi Framework specification provides a well-defined security management API for real time management of permissions. This enables management applications to dynamically control the permissions of other applications with immediate effect.
When bundles are authenticated, they receive a set of authorizations (permissions). Permissions are granted on a per bundle basis. Bundles can be signed. Code is authenticated by location or signer. The OSGi alliance specification defines permissions for various activities, for example, importing and exporting Java packages.
Permission management is based on a general mode of conditional permissions. Conditional permissions match permissions to bundles using OSGi Alliance or user-defined conditions. With this model, groups of permissions can be shared based on signers and locations.
You can also use conditions to enable a group of permissions when an external condition is true, an online connection to the management system is established, or a user has approved a permission after prompting. This model allows you to create and enforce a dynamic security policy.
Two OSGi Framework services provide APIs to support the security model:
Permission Admin service — Dynamically manipulate permissions, by changing policies on the fly and adding new policies for newly installed components. Use policy files to control what software bundles do.
Conditional Permission Admin service — Conditions determine the selection of the bundles that the permissions apply to.
| |  | |
 |
