See JavaSoft's JDK 1.2 Security Specification (don't have an URL yet). This is very similar in structure to the ProcessSecurity proposal, with a few significant differences (like there are only concerns about codesecurity yet, so we have to add an Thread to user relation for accesscontrol). Of course, the API and the system of security that JavaSoft has defined will need to be blended with several pieces of JOS. These include:
Any AccessControlList s that are used to define user's security rights.
Another idea is user/group dependant property access:
Any user might have his own profile (that is obvious).
The admin should control which property might be individual and which might not. Example: In companys, the average user should be banned from changing something like his proxy or the security police of applets.
Work being done:
Thinking in progress...
Content of these pages are owned and copyrighted by the poster.