SlideShare a Scribd company logo

Deployment Download and Policy Workstream Update - Gábor Pécsy, Nokia

M
mfrancis

OSGi World Congress 2004

Technology
1 of 20
Download to read offline
© copyright 2004 by OSGi Alliance All rights reserved. Policy
© copyright 2004 by OSGi Alliance. All rights reserved. Requirements for Policy • Use cases and requirements: – Policy controlling the management system • Accept/reject various operations based on e.g. actor, target and other conditions – Controlling the runtime behaviors of applications • Allow/deny sensitive operations (assign privileges) for the applications – Delegation model • Possibility to delegate (parts of) the policy forward – Policy tied to subscription • Changing e.g. SIM card or user identity changes the utilized policy – Programmatic Interface • Privilege checking, permission querying/setting, dynamic updating
© copyright 2004 by OSGi Alliance. All rights reserved. General overview • MEG defines a management framework and an application model for OSGi based devices • Therefore, policy has two aspects: – Access control for management operations – Runtime control of applications • These two are solved using different mechanisms: – Policy for management operations is expressed in the form of Access Control Lists for coarse grained and Java permissions for fine grained access control – Applications are running under the standard Java access control – according to JDK 1.2 specification – extended with some OSGi and MEG specific permissions • Policy is manageable via the MEG-defined device management framework – Policy can be updated runtime • Conditional Permission Framework is used to provide additional flexibility to Java permissions
© copyright 2004 by OSGi Alliance. All rights reserved. Policy Architecture • Device Management Tree is used as management object model • Each node in DMT can have an associated Access Control List • ACL is enforced by DMT Admin when performing remote management operation – DMT Admin may also use Java permissions for fine-grained access control • Java permissions are also mapped to the DMT to enable management via the Policy Plug-in • Permission Admin is modified to support conditional permissions • Conditional Permissions require a special Security Manager to evaluate conditions Policy Plugin Enhanced Permission Admin Conditional Permission Framework Security Manager Policy org.osgi.service.permissionadmin DMT Plugin DMT Admin Device Management Tree Access Control Lists Management Server
© copyright 2004 by OSGi Alliance. All rights reserved. DMT Access Control Lists • Device Management Tree is the management object model defined by OMA Device Management specifications. – For details see: http://www.openmobilealliance.org/tech/affiliates/syncml/syncmlindex.html • Each node of DMT may have an associated Access Control List (ACL) • ACLs contains the five management operations permitted by OMA (Add, Get, Delete, Replace and Exec) and associated with each of them a list of management server identifiers, which are permitted to perform the corresponding operation – For example (the exaple is copied from OMA DM specification): Add=www.sonera.fi-8765&Delete=www.sonera.fi-8765&Replace= www.sonera.fi-8765+321_ibm.com&Get=* • DMT Admin authenticates the management servers and based on its identity it enforces the policy described in the ACLs.
© copyright 2004 by OSGi Alliance. All rights reserved. DMT Fine-grained access control • In addition to ACLs, fine-grained access control may be applied to remote management operations • It is possible to associate Java permissions with the management server identifiers • After authenticating management server, DMT Admin loads the associated Java permissions and management operations are performed using those permissions only. • Fine-grained permissions checks are made by the management object targeted by the management operation. • Support of the permission-based fine grain policy check is optional.
© copyright 2004 by OSGi Alliance. All rights reserved. Changes to R3 Permissions • The security mechanisms used in OSGi Release 3 will be extended • AdminPermission is too broad, it will be refined by adding a target and operation category parameters to it. – The target of permission will be a bundle – Admin operations will be classified into categories to enable finer policy definition. • Such categories are: “metadata”, “class”, “lifecycle” etc. • Permission Admin will be updated: – To support conditional permissions – Enable associating permissions to a signer • Bundles may request permissions listing them in META-INF/ permission.perm file. The actual set of permissions for the bundle will be the intersection of this list and that enabled by the policy.
© copyright 2004 by OSGi Alliance. All rights reserved. Application Access Control • Access control for applications is implemented using the standard Java security mechanisms • Permissions may be associated with bundles based on the signer and/or the location of the bundle containing the application • Permission Admin is used to maintain the policy • Services use SecurityManager to check permissions – Usage of SecurityManager instead of AccessController is important to enable the verification of conditions associated with the permissions
© copyright 2004 by OSGi Alliance. All rights reserved. Conditional Permissions • Conditional Permission Framework enables the association of certain conditions with permissions – Any number of conditions can be associated with a permission • Such conditions include the IMEI of the device, the IMSI of the SIM in the device, current geographic location of the device, consent of the device user etc. – Consent of the user means that the user is prompted for allowing the requested operation. – Similarly to MIDlet security model, he/she has the option to deny the request or grant it for one shot, session lifetime or blanket (I.e. forever) • The owner of a conditional permission can hold the corresponding privilege only if all the associated conditions are met. • Conditions are represented by classes implementing them • A special SecurityManager implementation is responsible for the evaluation of conditions prior to granting access to the requested resource.
© copyright 2004 by OSGi Alliance. All rights reserved. Policy for other application models • Application containers for other application models (e.g. MIDlets, Xlets etc.) can be executed in the OSGi framework • These containers are responsible for implementing the security measures specified in the corresponding application model • They are also responsible for mapping their policy structure into DMT to enable remote management.
© copyright 2004 by OSGi Alliance All rights reserved. Download and Deployment
© copyright 2004 by OSGi Alliance. All rights reserved. Requirements for Deployment • Use cases and requirements: – Installation/reinstallation/update/uninstallation • Multiple media, Dependency checks, related data, mass operations, demand loading – Integrity Checking • Checks the dependency tree for conflicts or missing pieces – Software Discovery • List of installed software components – Software subscriptions/unsubscriptions • Possibility to install software multiple times without paying it again – Controlled (un)availability of software • Possibility to make the software accessible on certain time different from deployment time – Operator characteristics • Software can be enabled/disabled or even installed/uninstalled based on the used operator (e.g. SIM dependently)
© copyright 2004 by OSGi Alliance. All rights reserved. General Overview • MEG defines a packaging/install script format called bundle suite • Bundle suites can contain OSGi bundles as well as other customization scripts, e.g. configuration information • Installation of a bundle suite is atomic, it either succeeds completely or fails without side effect. • Architecture supports different delivery media for bundle suites • Bundle dependencies are tracked to ensure system integrity – In addition to the current OSGi dependencies (package and service dependency), bundle dependency is introduced to denote relations between bundles which are otherwise non-traceable. • A bundle-level mechanism is defined, which enables the customization of bundles after installation • Bundle upgrades are not used, new version is installed, old version is uninstalled instead.
© copyright 2004 by OSGi Alliance. All rights reserved. Deployment Architecture • Deployment Plug-in maps deployment related management operations to managed object functions • Download Agents are responsible for fetching bundle suites via different delivery media • Deployment Admin is responsible for the installation of bundle suites • Deployment Manager Services are used to process non-bundle elements of a bundle suite • Deployment Admin relies on Package Admin when installing/removing a bundle Deployment Deployment Plugin DMT Plugin Download Agent Deployment Admin DMT Admin Package Admin Deployment Manager Service BundleSuite Store org.osgi.service.packageadmin
© copyright 2004 by OSGi Alliance. All rights reserved. Bundle Suites • Bundle Suites are installation scripts used to install and customize a number of bundles together. • Bundle Suites are JAR files. The order of the elements in the file is significant as it defines the processing order. • The first entry in the file must be the META-INF/Manifest.mf – This file contains meta information to help the processing of the bundle suite • Manifest.mf is followed by the signature files to enable the verification of the integrity of Manifest.mf and other files as well • The remaining content may come in any order – JAR files are assumed to contain bundles – Other files as used for customization, e.g. configuration of bundles
© copyright 2004 by OSGi Alliance. All rights reserved. Deployment Admin • Deployment Admin is responsible for the installation (execution) of bundle suites • Deployment Admin processes the bundle suite element by element – JAR files are treated as bundles and are installed using Package Admin – Other files are passed to Deployment Manager Services for processing • Deployment Admin verifies the integrity of the bundle suite by checking the digital signature of the package assembler on the suite • Deployment Admin ensures that the installation of a bundle suite is atomic, i.e. if some step fails during the process, the entire transaction is rolled back without leaving any side effect. • Deployment operation are accessible via Deployment DMT Plug-in. • Deployment Admin implements a “garbage collection”-like solution to remove unnecessary bundles. – Deployment Admin tracks dependencies between bundles – Bundles may be marked as root. A non-root bundle is uninstalled if no root bundle depends on it.
© copyright 2004 by OSGi Alliance. All rights reserved. Deployment Manager Services • Deployment Manager Services enable hooking in different customization operations to the processing of a bundle suite • DMSs can be associated with filters on file names. During the installation of a bundle suite, when the name of an element matches some filters, the corresponding DMSs are invoked, passing the element to them. • Any type of DMSs are possible; however, currently only two are standardized: – AUTOCONF.XML • This file contains configuration data. It should be processed by a DMS and using its content, configure bundles via Configuration Admin • The corresponding DMS is also responsible for proper book keeping of the created configuration items to ensure proper cleanup when the corresponding bundles are uninstalled. – Data customization in Manifest.mf: • The corresponding DMS extracts customization information from the bundle suite Manifest and executes customizers at the end of the installation.
© copyright 2004 by OSGi Alliance. All rights reserved. Download Agents • Download Agents implement the support of different delivery media – They may work from a local memory card, connect to an installer on a PC or to a remote server • Depending on the media type, Download Agents may be simple or may implement complex logic – For example they may send inventory of installed bundles of the device to enable the customization of bundle suites and saving bandwidth. • A Download Work Stream was recently formed in MEG to define or select a standard download protocol
© copyright 2004 by OSGi Alliance. All rights reserved. Download Work Stream • Goal: analyze existing technologies and their relevance to the OSGI/MEG specification in order to generate a guideline or even a specification to address the needs for download, security, distribution of DMO's and monitoring of OSGI/MEG enabled device over the air. • The first step is to analyze technologies from OMA, as far as they are accessible to public, and JCP specifications JSR 118, 124 and 233. This will lead to a GAP analysis and helps to formulate the next steps.
© copyright 2004 by OSGi Alliance. All rights reserved. Thank you! Gábor Pécsy Software Technology Specialist gabor.pecsy@nokia.com

Recommended

CIS13: Managing the Keys to the Kingdom: Next-Gen Role-based Access Control a...
CIS13: Managing the Keys to the Kingdom: Next-Gen Role-based Access Control a...CIS13: Managing the Keys to the Kingdom: Next-Gen Role-based Access Control a...
CIS13: Managing the Keys to the Kingdom: Next-Gen Role-based Access Control a...CloudIDSummit
 
Fisma FedRAMP Drupal
Fisma FedRAMP DrupalFisma FedRAMP Drupal
Fisma FedRAMP DrupalMike Lemire
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0Valdez Ladd MBA, CISSP, CISA,
 
NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012Nicolai Henriksen
 
System Center Endpoint Protection 2012 R2
System Center Endpoint Protection 2012 R2System Center Endpoint Protection 2012 R2
System Center Endpoint Protection 2012 R2Norman Mayes
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...James W. De Rienzo
 
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]n|u - The Open Security Community
 
Altiris IT Management Suite 7
Altiris IT Management Suite 7Altiris IT Management Suite 7
Altiris IT Management Suite 7Symantec
 

Recommended

CIS13: Managing the Keys to the Kingdom: Next-Gen Role-based Access Control a...
CIS13: Managing the Keys to the Kingdom: Next-Gen Role-based Access Control a...CIS13: Managing the Keys to the Kingdom: Next-Gen Role-based Access Control a...
CIS13: Managing the Keys to the Kingdom: Next-Gen Role-based Access Control a...CloudIDSummit
 
Fisma FedRAMP Drupal
Fisma FedRAMP DrupalFisma FedRAMP Drupal
Fisma FedRAMP DrupalMike Lemire
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0Valdez Ladd MBA, CISSP, CISA,
 
NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012Nicolai Henriksen
 
System Center Endpoint Protection 2012 R2
System Center Endpoint Protection 2012 R2System Center Endpoint Protection 2012 R2
System Center Endpoint Protection 2012 R2Norman Mayes
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...James W. De Rienzo
 
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]n|u - The Open Security Community
 
Altiris IT Management Suite 7
Altiris IT Management Suite 7Altiris IT Management Suite 7
Altiris IT Management Suite 7Symantec
 
Control Implementation Summary (CIS) Template
Control Implementation Summary (CIS) TemplateControl Implementation Summary (CIS) Template
Control Implementation Summary (CIS) TemplateGovCloud Network
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Schellman & Company
 
Controls Engineering
Controls EngineeringControls Engineering
Controls EngineeringBrian Trimboli
 
NIST Definition of Cloud Computing
NIST Definition of Cloud ComputingNIST Definition of Cloud Computing
NIST Definition of Cloud ComputingScientia Groups
 
vBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical Designs
vBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical DesignsvBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical Designs
vBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical DesignsLarus Hjartarson
 
Healthcare Compliance Software
Healthcare Compliance SoftwareHealthcare Compliance Software
Healthcare Compliance SoftwareJose Ivan Delgado, Ph.D.
 
Amped for FedRAMP
Amped for FedRAMPAmped for FedRAMP
Amped for FedRAMPRay Potter
 
Enterprise Risk Management Solutions
Enterprise Risk Management SolutionsEnterprise Risk Management Solutions
Enterprise Risk Management SolutionsLexComply
 
System Center Endpoint Protection
System Center Endpoint ProtectionSystem Center Endpoint Protection
System Center Endpoint ProtectionScientia Groups
 
Securing Java in the Server Room
Securing Java in the Server RoomSecuring Java in the Server Room
Securing Java in the Server RoomTim Ellison
 
Revealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityRevealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityHelpSystems
 
Completing fedramp-security-authorization-process
Completing fedramp-security-authorization-processCompleting fedramp-security-authorization-process
Completing fedramp-security-authorization-processTuan Phan
 
Systems development and program change activities
Systems development and program change activitiesSystems development and program change activities
Systems development and program change activitieskristine manzano
 
Developing Secure IBM i Applications
Developing Secure IBM i ApplicationsDeveloping Secure IBM i Applications
Developing Secure IBM i ApplicationsHelpSystems
 
Getting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC AccessGetting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC AccessHelpSystems
 
Why do Hand-picked Cherries... (2009)
Why do Hand-picked Cherries... (2009)Why do Hand-picked Cherries... (2009)
Why do Hand-picked Cherries... (2009)Marc Jadoul
 
Aging RPG Programmers in Charge of Your IBM i?
Aging RPG Programmers in Charge of Your IBM i?Aging RPG Programmers in Charge of Your IBM i?
Aging RPG Programmers in Charge of Your IBM i?HelpSystems
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld
 
Application and Systems Development
Application and Systems DevelopmentApplication and Systems Development
Application and Systems Developmentamiable_indian
 
Jiro technology
Jiro technologyJiro technology
Jiro technologyHeena Madan
 
Supercharging your Apache OODT deployments with the Process Control System
Supercharging your Apache OODT deployments with the Process Control SystemSupercharging your Apache OODT deployments with the Process Control System
Supercharging your Apache OODT deployments with the Process Control SystemChris Mattmann
 
Telecom Convergence
Telecom ConvergenceTelecom Convergence
Telecom ConvergenceSiddhant Jain
 

More Related Content

What's hot

Control Implementation Summary (CIS) Template
Control Implementation Summary (CIS) TemplateControl Implementation Summary (CIS) Template
Control Implementation Summary (CIS) TemplateGovCloud Network
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Schellman & Company
 
NIST Definition of Cloud Computing
NIST Definition of Cloud ComputingNIST Definition of Cloud Computing
NIST Definition of Cloud ComputingScientia Groups
 
vBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical Designs
vBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical DesignsvBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical Designs
vBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical DesignsLarus Hjartarson
 
Amped for FedRAMP
Amped for FedRAMPAmped for FedRAMP
Amped for FedRAMPRay Potter
 
Enterprise Risk Management Solutions
Enterprise Risk Management SolutionsEnterprise Risk Management Solutions
Enterprise Risk Management SolutionsLexComply
 
System Center Endpoint Protection
System Center Endpoint ProtectionSystem Center Endpoint Protection
System Center Endpoint ProtectionScientia Groups
 
Securing Java in the Server Room
Securing Java in the Server RoomSecuring Java in the Server Room
Securing Java in the Server RoomTim Ellison
 
Revealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityRevealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityHelpSystems
 
Completing fedramp-security-authorization-process
Completing fedramp-security-authorization-processCompleting fedramp-security-authorization-process
Completing fedramp-security-authorization-processTuan Phan
 
Systems development and program change activities
Systems development and program change activitiesSystems development and program change activities
Systems development and program change activitieskristine manzano
 
Developing Secure IBM i Applications
Developing Secure IBM i ApplicationsDeveloping Secure IBM i Applications
Developing Secure IBM i ApplicationsHelpSystems
 
Getting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC AccessGetting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC AccessHelpSystems
 
Why do Hand-picked Cherries... (2009)
Why do Hand-picked Cherries... (2009)Why do Hand-picked Cherries... (2009)
Why do Hand-picked Cherries... (2009)Marc Jadoul
 
Aging RPG Programmers in Charge of Your IBM i?
Aging RPG Programmers in Charge of Your IBM i?Aging RPG Programmers in Charge of Your IBM i?
Aging RPG Programmers in Charge of Your IBM i?HelpSystems
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld
 
Application and Systems Development
Application and Systems DevelopmentApplication and Systems Development
Application and Systems Developmentamiable_indian
 

What's hot (20)

Control Implementation Summary (CIS) Template
Control Implementation Summary (CIS) TemplateControl Implementation Summary (CIS) Template
Control Implementation Summary (CIS) Template
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
 
Controls Engineering
Controls EngineeringControls Engineering
Controls Engineering
 
NIST Definition of Cloud Computing
NIST Definition of Cloud ComputingNIST Definition of Cloud Computing
NIST Definition of Cloud Computing
 
vBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical Designs
vBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical DesignsvBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical Designs
vBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical Designs
 
Healthcare Compliance Software
Healthcare Compliance SoftwareHealthcare Compliance Software
Healthcare Compliance Software
 
Amped for FedRAMP
Amped for FedRAMPAmped for FedRAMP
Amped for FedRAMP
 
Enterprise Risk Management Solutions
Enterprise Risk Management SolutionsEnterprise Risk Management Solutions
Enterprise Risk Management Solutions
 
System Center Endpoint Protection
System Center Endpoint ProtectionSystem Center Endpoint Protection
System Center Endpoint Protection
 
Securing Java in the Server Room
Securing Java in the Server RoomSecuring Java in the Server Room
Securing Java in the Server Room
 
Revealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityRevealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i Security
 
Completing fedramp-security-authorization-process
Completing fedramp-security-authorization-processCompleting fedramp-security-authorization-process
Completing fedramp-security-authorization-process
 
Systems development and program change activities
Systems development and program change activitiesSystems development and program change activities
Systems development and program change activities
 
Developing Secure IBM i Applications
Developing Secure IBM i ApplicationsDeveloping Secure IBM i Applications
Developing Secure IBM i Applications
 
Getting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC AccessGetting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC Access
 
Why do Hand-picked Cherries... (2009)
Why do Hand-picked Cherries... (2009)Why do Hand-picked Cherries... (2009)
Why do Hand-picked Cherries... (2009)
 
Aging RPG Programmers in Charge of Your IBM i?
Aging RPG Programmers in Charge of Your IBM i?Aging RPG Programmers in Charge of Your IBM i?
Aging RPG Programmers in Charge of Your IBM i?
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
 
Application and Systems Development
Application and Systems DevelopmentApplication and Systems Development
Application and Systems Development
 
Jiro technology
Jiro technologyJiro technology
Jiro technology
 

Viewers also liked

Supercharging your Apache OODT deployments with the Process Control System
Supercharging your Apache OODT deployments with the Process Control SystemSupercharging your Apache OODT deployments with the Process Control System
Supercharging your Apache OODT deployments with the Process Control SystemChris Mattmann
 
Policy control in epc
Policy control in epcPolicy control in epc
Policy control in epcInam Khosa
 
OSGi and Next Generation Trains - Jens Haeger, Deutsche Bahn
OSGi and Next Generation Trains - Jens Haeger, Deutsche BahnOSGi and Next Generation Trains - Jens Haeger, Deutsche Bahn
OSGi and Next Generation Trains - Jens Haeger, Deutsche Bahnmfrancis
 
The Universal Device Needs the Universal Gateway - Chris Wild, Siemens VDO Au...
The Universal Device Needs the Universal Gateway - Chris Wild, Siemens VDO Au...The Universal Device Needs the Universal Gateway - Chris Wild, Siemens VDO Au...
The Universal Device Needs the Universal Gateway - Chris Wild, Siemens VDO Au...mfrancis
 
Cisco Application eXtension Platform (AXP) - James Weathersby, Cisco
Cisco Application eXtension Platform (AXP) - James Weathersby, CiscoCisco Application eXtension Platform (AXP) - James Weathersby, Cisco
Cisco Application eXtension Platform (AXP) - James Weathersby, Ciscomfrancis
 
Town Hall - From Proof Points to Volume - Getting to the Mass Market - Stan M...
Town Hall - From Proof Points to Volume - Getting to the Mass Market - Stan M...Town Hall - From Proof Points to Volume - Getting to the Mass Market - Stan M...
Town Hall - From Proof Points to Volume - Getting to the Mass Market - Stan M...mfrancis
 
Reviving the HTTP Service - Felix Meschberger
Reviving the HTTP Service - Felix MeschbergerReviving the HTTP Service - Felix Meschberger
Reviving the HTTP Service - Felix Meschbergermfrancis
 
Bundle deployment at state machine level - Ales Justin, JBoss
Bundle deployment at state machine level - Ales Justin, JBossBundle deployment at state machine level - Ales Justin, JBoss
Bundle deployment at state machine level - Ales Justin, JBossmfrancis
 
History and Future of the Downloadable Mobile Marketplace - Jon Bostrom, Nokia
History and Future of the Downloadable Mobile Marketplace - Jon Bostrom, NokiaHistory and Future of the Downloadable Mobile Marketplace - Jon Bostrom, Nokia
History and Future of the Downloadable Mobile Marketplace - Jon Bostrom, Nokiamfrancis
 
Developments in Asia - D Inglin
Developments in Asia - D InglinDevelopments in Asia - D Inglin
Developments in Asia - D Inglinmfrancis
 
Town Hall - Business Implications of Open Source OSGi Implementations - BJ Ha...
Town Hall - Business Implications of Open Source OSGi Implementations - BJ Ha...Town Hall - Business Implications of Open Source OSGi Implementations - BJ Ha...
Town Hall - Business Implications of Open Source OSGi Implementations - BJ Ha...mfrancis
 
Business plan Metavector - B Mariman
Business plan Metavector - B MarimanBusiness plan Metavector - B Mariman
Business plan Metavector - B Marimanmfrancis
 
The Role of the OSGi Gateway in GST Security Objectives and Architecture - An...
The Role of the OSGi Gateway in GST Security Objectives and Architecture - An...The Role of the OSGi Gateway in GST Security Objectives and Architecture - An...
The Role of the OSGi Gateway in GST Security Objectives and Architecture - An...mfrancis
 
Creating Enterprise Services for the Siemens OpenSOA Product Line - Manfred H...
Creating Enterprise Services for the Siemens OpenSOA Product Line - Manfred H...Creating Enterprise Services for the Siemens OpenSOA Product Line - Manfred H...
Creating Enterprise Services for the Siemens OpenSOA Product Line - Manfred H...mfrancis
 
What's new in the OSGi Enterprise Release 5.0 - David Bosschaert and Tim Diek...
What's new in the OSGi Enterprise Release 5.0 - David Bosschaert and Tim Diek...What's new in the OSGi Enterprise Release 5.0 - David Bosschaert and Tim Diek...
What's new in the OSGi Enterprise Release 5.0 - David Bosschaert and Tim Diek...mfrancis
 
OSGi Service Platform and the Mobile Ecosystem - John R. Barr, Ph.D., Chair O...
OSGi Service Platform and the Mobile Ecosystem - John R. Barr, Ph.D., Chair O...OSGi Service Platform and the Mobile Ecosystem - John R. Barr, Ph.D., Chair O...
OSGi Service Platform and the Mobile Ecosystem - John R. Barr, Ph.D., Chair O...mfrancis
 
A TSP Perspective on OSGi - A Lunggren
A TSP Perspective on OSGi - A LunggrenA TSP Perspective on OSGi - A Lunggren
A TSP Perspective on OSGi - A Lunggrenmfrancis
 
Providing a Holistic, Service-Oriented Infrastructure for Integration of Real...
Providing a Holistic, Service-Oriented Infrastructure for Integration of Real...Providing a Holistic, Service-Oriented Infrastructure for Integration of Real...
Providing a Holistic, Service-Oriented Infrastructure for Integration of Real...mfrancis
 
Issues in Designing Push Based Mobile Application Platform - Rafiul Ahad, Oracle
Issues in Designing Push Based Mobile Application Platform - Rafiul Ahad, OracleIssues in Designing Push Based Mobile Application Platform - Rafiul Ahad, Oracle
Issues in Designing Push Based Mobile Application Platform - Rafiul Ahad, Oraclemfrancis
 

Viewers also liked (20)

Supercharging your Apache OODT deployments with the Process Control System
Supercharging your Apache OODT deployments with the Process Control SystemSupercharging your Apache OODT deployments with the Process Control System
Supercharging your Apache OODT deployments with the Process Control System
 
Telecom Convergence
Telecom ConvergenceTelecom Convergence
Telecom Convergence
 
Policy control in epc
Policy control in epcPolicy control in epc
Policy control in epc
 
OSGi and Next Generation Trains - Jens Haeger, Deutsche Bahn
OSGi and Next Generation Trains - Jens Haeger, Deutsche BahnOSGi and Next Generation Trains - Jens Haeger, Deutsche Bahn
OSGi and Next Generation Trains - Jens Haeger, Deutsche Bahn
 
The Universal Device Needs the Universal Gateway - Chris Wild, Siemens VDO Au...
The Universal Device Needs the Universal Gateway - Chris Wild, Siemens VDO Au...The Universal Device Needs the Universal Gateway - Chris Wild, Siemens VDO Au...
The Universal Device Needs the Universal Gateway - Chris Wild, Siemens VDO Au...
 
Cisco Application eXtension Platform (AXP) - James Weathersby, Cisco
Cisco Application eXtension Platform (AXP) - James Weathersby, CiscoCisco Application eXtension Platform (AXP) - James Weathersby, Cisco
Cisco Application eXtension Platform (AXP) - James Weathersby, Cisco
 
Town Hall - From Proof Points to Volume - Getting to the Mass Market - Stan M...
Town Hall - From Proof Points to Volume - Getting to the Mass Market - Stan M...Town Hall - From Proof Points to Volume - Getting to the Mass Market - Stan M...
Town Hall - From Proof Points to Volume - Getting to the Mass Market - Stan M...
 
Reviving the HTTP Service - Felix Meschberger
Reviving the HTTP Service - Felix MeschbergerReviving the HTTP Service - Felix Meschberger
Reviving the HTTP Service - Felix Meschberger
 
Bundle deployment at state machine level - Ales Justin, JBoss
Bundle deployment at state machine level - Ales Justin, JBossBundle deployment at state machine level - Ales Justin, JBoss
Bundle deployment at state machine level - Ales Justin, JBoss
 
History and Future of the Downloadable Mobile Marketplace - Jon Bostrom, Nokia
History and Future of the Downloadable Mobile Marketplace - Jon Bostrom, NokiaHistory and Future of the Downloadable Mobile Marketplace - Jon Bostrom, Nokia
History and Future of the Downloadable Mobile Marketplace - Jon Bostrom, Nokia
 
Developments in Asia - D Inglin
Developments in Asia - D InglinDevelopments in Asia - D Inglin
Developments in Asia - D Inglin
 
Town Hall - Business Implications of Open Source OSGi Implementations - BJ Ha...
Town Hall - Business Implications of Open Source OSGi Implementations - BJ Ha...Town Hall - Business Implications of Open Source OSGi Implementations - BJ Ha...
Town Hall - Business Implications of Open Source OSGi Implementations - BJ Ha...
 
Business plan Metavector - B Mariman
Business plan Metavector - B MarimanBusiness plan Metavector - B Mariman
Business plan Metavector - B Mariman
 
The Role of the OSGi Gateway in GST Security Objectives and Architecture - An...
The Role of the OSGi Gateway in GST Security Objectives and Architecture - An...The Role of the OSGi Gateway in GST Security Objectives and Architecture - An...
The Role of the OSGi Gateway in GST Security Objectives and Architecture - An...
 
Creating Enterprise Services for the Siemens OpenSOA Product Line - Manfred H...
Creating Enterprise Services for the Siemens OpenSOA Product Line - Manfred H...Creating Enterprise Services for the Siemens OpenSOA Product Line - Manfred H...
Creating Enterprise Services for the Siemens OpenSOA Product Line - Manfred H...
 
What's new in the OSGi Enterprise Release 5.0 - David Bosschaert and Tim Diek...
What's new in the OSGi Enterprise Release 5.0 - David Bosschaert and Tim Diek...What's new in the OSGi Enterprise Release 5.0 - David Bosschaert and Tim Diek...
What's new in the OSGi Enterprise Release 5.0 - David Bosschaert and Tim Diek...
 
OSGi Service Platform and the Mobile Ecosystem - John R. Barr, Ph.D., Chair O...
OSGi Service Platform and the Mobile Ecosystem - John R. Barr, Ph.D., Chair O...OSGi Service Platform and the Mobile Ecosystem - John R. Barr, Ph.D., Chair O...
OSGi Service Platform and the Mobile Ecosystem - John R. Barr, Ph.D., Chair O...
 
A TSP Perspective on OSGi - A Lunggren
A TSP Perspective on OSGi - A LunggrenA TSP Perspective on OSGi - A Lunggren
A TSP Perspective on OSGi - A Lunggren
 
Providing a Holistic, Service-Oriented Infrastructure for Integration of Real...
Providing a Holistic, Service-Oriented Infrastructure for Integration of Real...Providing a Holistic, Service-Oriented Infrastructure for Integration of Real...
Providing a Holistic, Service-Oriented Infrastructure for Integration of Real...
 
Issues in Designing Push Based Mobile Application Platform - Rafiul Ahad, Oracle
Issues in Designing Push Based Mobile Application Platform - Rafiul Ahad, OracleIssues in Designing Push Based Mobile Application Platform - Rafiul Ahad, Oracle
Issues in Designing Push Based Mobile Application Platform - Rafiul Ahad, Oracle
 

Similar to Deployment Download and Policy Workstream Update - Gábor Pécsy, Nokia

Lecture 11 managing the network
Lecture 11 managing the networkLecture 11 managing the network
Lecture 11 managing the networkWiliam Ferraciolli
 
Custom policies in mule 4 and a circuit breaker example
Custom policies in mule 4 and a circuit breaker exampleCustom policies in mule 4 and a circuit breaker example
Custom policies in mule 4 and a circuit breaker exampleRoyston Lobo
 
Computer security design principles
Computer security design principlesComputer security design principles
Computer security design principlesShaishav Dahal
 
Policy Guided Fulfillmentof Murano Applications
Policy Guided Fulfillmentof Murano ApplicationsPolicy Guided Fulfillmentof Murano Applications
Policy Guided Fulfillmentof Murano Applicationsrpospisil
 
Oracle Enterprise Manager Security A Practitioners Guide
Oracle Enterprise Manager Security A Practitioners GuideOracle Enterprise Manager Security A Practitioners Guide
Oracle Enterprise Manager Security A Practitioners GuideCourtney Llamas
 
Oracle Enterprise Manager Security: A Practitioners Guide
Oracle Enterprise Manager Security: A Practitioners GuideOracle Enterprise Manager Security: A Practitioners Guide
Oracle Enterprise Manager Security: A Practitioners GuideCourtney Llamas
 
Security concerns in web erp
Security concerns in web erpSecurity concerns in web erp
Security concerns in web erpManoj Jhawar
 
Automating Security Management in PBCS!
Automating Security Management in PBCS!Automating Security Management in PBCS!
Automating Security Management in PBCS!Dayalan Punniyamoorthy
 
TrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTuan Phan
 
Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12gameaxt
 
Design principles and common security related programming principles
Design principles and common security related programming principlesDesign principles and common security related programming principles
Design principles and common security related programming principlesSaurav Aryal
 
The OSGi Service Platform in Integrated Management Environments - Cristina Di...
The OSGi Service Platform in Integrated Management Environments - Cristina Di...The OSGi Service Platform in Integrated Management Environments - Cristina Di...
The OSGi Service Platform in Integrated Management Environments - Cristina Di...mfrancis
 
How to Secure Mule API's With a Demo
How to Secure Mule API's With a DemoHow to Secure Mule API's With a Demo
How to Secure Mule API's With a DemoManjuKumara GH
 
MEG- OSGi Based Operational Management of Mobile Devices - Vadim Draluk, Moto...
MEG- OSGi Based Operational Management of Mobile Devices - Vadim Draluk, Moto...MEG- OSGi Based Operational Management of Mobile Devices - Vadim Draluk, Moto...
MEG- OSGi Based Operational Management of Mobile Devices - Vadim Draluk, Moto...mfrancis
 
PowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersPowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersHelpSystems
 
ANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main AdvantagesANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main AdvantagesMurat Korucu
 
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...Jayesh Naik
 

Similar to Deployment Download and Policy Workstream Update - Gábor Pécsy, Nokia (20)

Lecture 11 managing the network
Lecture 11 managing the networkLecture 11 managing the network
Lecture 11 managing the network
 
Chapter 12 Access Management
Chapter 12 Access ManagementChapter 12 Access Management
Chapter 12 Access Management
 
Custom policies in mule 4 and a circuit breaker example
Custom policies in mule 4 and a circuit breaker exampleCustom policies in mule 4 and a circuit breaker example
Custom policies in mule 4 and a circuit breaker example
 
Computer security design principles
Computer security design principlesComputer security design principles
Computer security design principles
 
Policy Guided Fulfillmentof Murano Applications
Policy Guided Fulfillmentof Murano ApplicationsPolicy Guided Fulfillmentof Murano Applications
Policy Guided Fulfillmentof Murano Applications
 
Oracle Enterprise Manager Security A Practitioners Guide
Oracle Enterprise Manager Security A Practitioners GuideOracle Enterprise Manager Security A Practitioners Guide
Oracle Enterprise Manager Security A Practitioners Guide
 
Stormwatch micration
Stormwatch micrationStormwatch micration
Stormwatch micration
 
Feature Flags.pdf
Feature Flags.pdfFeature Flags.pdf
Feature Flags.pdf
 
Oracle Enterprise Manager Security: A Practitioners Guide
Oracle Enterprise Manager Security: A Practitioners GuideOracle Enterprise Manager Security: A Practitioners Guide
Oracle Enterprise Manager Security: A Practitioners Guide
 
Security concerns in web erp
Security concerns in web erpSecurity concerns in web erp
Security concerns in web erp
 
Automating Security Management in PBCS!
Automating Security Management in PBCS!Automating Security Management in PBCS!
Automating Security Management in PBCS!
 
TrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security Authorization
 
Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12
 
Design principles and common security related programming principles
Design principles and common security related programming principlesDesign principles and common security related programming principles
Design principles and common security related programming principles
 
The OSGi Service Platform in Integrated Management Environments - Cristina Di...
The OSGi Service Platform in Integrated Management Environments - Cristina Di...The OSGi Service Platform in Integrated Management Environments - Cristina Di...
The OSGi Service Platform in Integrated Management Environments - Cristina Di...
 
How to Secure Mule API's With a Demo
How to Secure Mule API's With a DemoHow to Secure Mule API's With a Demo
How to Secure Mule API's With a Demo
 
MEG- OSGi Based Operational Management of Mobile Devices - Vadim Draluk, Moto...
MEG- OSGi Based Operational Management of Mobile Devices - Vadim Draluk, Moto...MEG- OSGi Based Operational Management of Mobile Devices - Vadim Draluk, Moto...
MEG- OSGi Based Operational Management of Mobile Devices - Vadim Draluk, Moto...
 
PowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersPowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful Users
 
ANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main AdvantagesANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main Advantages
 
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
 

More from mfrancis

Eclipse Modeling Framework and plain OSGi the easy way - Mark Hoffman (Data I...
Eclipse Modeling Framework and plain OSGi the easy way - Mark Hoffman (Data I...Eclipse Modeling Framework and plain OSGi the easy way - Mark Hoffman (Data I...
Eclipse Modeling Framework and plain OSGi the easy way - Mark Hoffman (Data I...mfrancis
 
OSGi and Java 9+ - BJ Hargrave (IBM)
OSGi and Java 9+ - BJ Hargrave (IBM)OSGi and Java 9+ - BJ Hargrave (IBM)
OSGi and Java 9+ - BJ Hargrave (IBM)mfrancis
 
Simplify Web UX Coding using OSGi Modularity Magic - Paul Fraser (A2Z Living)
Simplify Web UX Coding using OSGi Modularity Magic - Paul Fraser (A2Z Living)Simplify Web UX Coding using OSGi Modularity Magic - Paul Fraser (A2Z Living)
Simplify Web UX Coding using OSGi Modularity Magic - Paul Fraser (A2Z Living)mfrancis
 
OSGi for the data centre - Connecting OSGi to Kubernetes - Frank Lyaruu
OSGi for the data centre - Connecting OSGi to Kubernetes - Frank LyaruuOSGi for the data centre - Connecting OSGi to Kubernetes - Frank Lyaruu
OSGi for the data centre - Connecting OSGi to Kubernetes - Frank Lyaruumfrancis
 
Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...
Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...
Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...mfrancis
 
OSGi with Docker - a powerful way to develop Java systems - Udo Hafermann (So...
OSGi with Docker - a powerful way to develop Java systems - Udo Hafermann (So...OSGi with Docker - a powerful way to develop Java systems - Udo Hafermann (So...
OSGi with Docker - a powerful way to develop Java systems - Udo Hafermann (So...mfrancis
 
A real world use case with OSGi R7 - Jurgen Albert (Data In Motion Consulting...
A real world use case with OSGi R7 - Jurgen Albert (Data In Motion Consulting...A real world use case with OSGi R7 - Jurgen Albert (Data In Motion Consulting...
A real world use case with OSGi R7 - Jurgen Albert (Data In Motion Consulting...mfrancis
 
OSGi Feature Model - Where Art Thou - David Bosschaert (Adobe)
OSGi Feature Model - Where Art Thou - David Bosschaert (Adobe)OSGi Feature Model - Where Art Thou - David Bosschaert (Adobe)
OSGi Feature Model - Where Art Thou - David Bosschaert (Adobe)mfrancis
 
Migrating from PDE to Bndtools in Practice - Amit Kumar Mondal (Deutsche Tele...
Migrating from PDE to Bndtools in Practice - Amit Kumar Mondal (Deutsche Tele...Migrating from PDE to Bndtools in Practice - Amit Kumar Mondal (Deutsche Tele...
Migrating from PDE to Bndtools in Practice - Amit Kumar Mondal (Deutsche Tele...mfrancis
 
OSGi CDI Integration Specification - Ray Augé (Liferay)
OSGi CDI Integration Specification - Ray Augé (Liferay)OSGi CDI Integration Specification - Ray Augé (Liferay)
OSGi CDI Integration Specification - Ray Augé (Liferay)mfrancis
 
How OSGi drives cross-sector energy management - Jörn Tümmler (SMA Solar Tech...
How OSGi drives cross-sector energy management - Jörn Tümmler (SMA Solar Tech...How OSGi drives cross-sector energy management - Jörn Tümmler (SMA Solar Tech...
How OSGi drives cross-sector energy management - Jörn Tümmler (SMA Solar Tech...mfrancis
 
Improved developer productivity thanks to Maven and OSGi - Lukasz Dywicki (Co...
Improved developer productivity thanks to Maven and OSGi - Lukasz Dywicki (Co...Improved developer productivity thanks to Maven and OSGi - Lukasz Dywicki (Co...
Improved developer productivity thanks to Maven and OSGi - Lukasz Dywicki (Co...mfrancis
 
It Was Twenty Years Ago Today - Building an OSGi based Smart Home System - Ch...
It Was Twenty Years Ago Today - Building an OSGi based Smart Home System - Ch...It Was Twenty Years Ago Today - Building an OSGi based Smart Home System - Ch...
It Was Twenty Years Ago Today - Building an OSGi based Smart Home System - Ch...mfrancis
 
Popular patterns revisited on OSGi - Christian Schneider (Adobe)
Popular patterns revisited on OSGi - Christian Schneider (Adobe)Popular patterns revisited on OSGi - Christian Schneider (Adobe)
Popular patterns revisited on OSGi - Christian Schneider (Adobe)mfrancis
 
Integrating SLF4J and the new OSGi LogService 1.4 - BJ Hargrave (IBM)
Integrating SLF4J and the new OSGi LogService 1.4 - BJ Hargrave (IBM)Integrating SLF4J and the new OSGi LogService 1.4 - BJ Hargrave (IBM)
Integrating SLF4J and the new OSGi LogService 1.4 - BJ Hargrave (IBM)mfrancis
 
OSG(a)i: because AI needs a runtime - Tim Verbelen (imec)
OSG(a)i: because AI needs a runtime - Tim Verbelen (imec)OSG(a)i: because AI needs a runtime - Tim Verbelen (imec)
OSG(a)i: because AI needs a runtime - Tim Verbelen (imec)mfrancis
 
Flying to Jupiter with OSGi - Tony Walsh (ESA) & Hristo Indzhov (Telespazio V...
Flying to Jupiter with OSGi - Tony Walsh (ESA) & Hristo Indzhov (Telespazio V...Flying to Jupiter with OSGi - Tony Walsh (ESA) & Hristo Indzhov (Telespazio V...
Flying to Jupiter with OSGi - Tony Walsh (ESA) & Hristo Indzhov (Telespazio V...mfrancis
 
MicroProfile, OSGi was meant for this - Ray Auge (Liferay)
MicroProfile, OSGi was meant for this - Ray Auge (Liferay)MicroProfile, OSGi was meant for this - Ray Auge (Liferay)
MicroProfile, OSGi was meant for this - Ray Auge (Liferay)mfrancis
 
Prototyping IoT systems with a hybrid OSGi & Node-RED platform - Bruce Jackso...
Prototyping IoT systems with a hybrid OSGi & Node-RED platform - Bruce Jackso...Prototyping IoT systems with a hybrid OSGi & Node-RED platform - Bruce Jackso...
Prototyping IoT systems with a hybrid OSGi & Node-RED platform - Bruce Jackso...mfrancis
 
How to connect your OSGi application - Dirk Fauth (Bosch)
How to connect your OSGi application - Dirk Fauth (Bosch)How to connect your OSGi application - Dirk Fauth (Bosch)
How to connect your OSGi application - Dirk Fauth (Bosch)mfrancis
 

More from mfrancis (20)

Eclipse Modeling Framework and plain OSGi the easy way - Mark Hoffman (Data I...
Eclipse Modeling Framework and plain OSGi the easy way - Mark Hoffman (Data I...Eclipse Modeling Framework and plain OSGi the easy way - Mark Hoffman (Data I...
Eclipse Modeling Framework and plain OSGi the easy way - Mark Hoffman (Data I...
 
OSGi and Java 9+ - BJ Hargrave (IBM)
OSGi and Java 9+ - BJ Hargrave (IBM)OSGi and Java 9+ - BJ Hargrave (IBM)
OSGi and Java 9+ - BJ Hargrave (IBM)
 
Simplify Web UX Coding using OSGi Modularity Magic - Paul Fraser (A2Z Living)
Simplify Web UX Coding using OSGi Modularity Magic - Paul Fraser (A2Z Living)Simplify Web UX Coding using OSGi Modularity Magic - Paul Fraser (A2Z Living)
Simplify Web UX Coding using OSGi Modularity Magic - Paul Fraser (A2Z Living)
 
OSGi for the data centre - Connecting OSGi to Kubernetes - Frank Lyaruu
OSGi for the data centre - Connecting OSGi to Kubernetes - Frank LyaruuOSGi for the data centre - Connecting OSGi to Kubernetes - Frank Lyaruu
OSGi for the data centre - Connecting OSGi to Kubernetes - Frank Lyaruu
 
Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...
Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...
Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...
 
OSGi with Docker - a powerful way to develop Java systems - Udo Hafermann (So...
OSGi with Docker - a powerful way to develop Java systems - Udo Hafermann (So...OSGi with Docker - a powerful way to develop Java systems - Udo Hafermann (So...
OSGi with Docker - a powerful way to develop Java systems - Udo Hafermann (So...
 
A real world use case with OSGi R7 - Jurgen Albert (Data In Motion Consulting...
A real world use case with OSGi R7 - Jurgen Albert (Data In Motion Consulting...A real world use case with OSGi R7 - Jurgen Albert (Data In Motion Consulting...
A real world use case with OSGi R7 - Jurgen Albert (Data In Motion Consulting...
 
OSGi Feature Model - Where Art Thou - David Bosschaert (Adobe)
OSGi Feature Model - Where Art Thou - David Bosschaert (Adobe)OSGi Feature Model - Where Art Thou - David Bosschaert (Adobe)
OSGi Feature Model - Where Art Thou - David Bosschaert (Adobe)
 
Migrating from PDE to Bndtools in Practice - Amit Kumar Mondal (Deutsche Tele...
Migrating from PDE to Bndtools in Practice - Amit Kumar Mondal (Deutsche Tele...Migrating from PDE to Bndtools in Practice - Amit Kumar Mondal (Deutsche Tele...
Migrating from PDE to Bndtools in Practice - Amit Kumar Mondal (Deutsche Tele...
 
OSGi CDI Integration Specification - Ray Augé (Liferay)
OSGi CDI Integration Specification - Ray Augé (Liferay)OSGi CDI Integration Specification - Ray Augé (Liferay)
OSGi CDI Integration Specification - Ray Augé (Liferay)
 
How OSGi drives cross-sector energy management - Jörn Tümmler (SMA Solar Tech...
How OSGi drives cross-sector energy management - Jörn Tümmler (SMA Solar Tech...How OSGi drives cross-sector energy management - Jörn Tümmler (SMA Solar Tech...
How OSGi drives cross-sector energy management - Jörn Tümmler (SMA Solar Tech...
 
Improved developer productivity thanks to Maven and OSGi - Lukasz Dywicki (Co...
Improved developer productivity thanks to Maven and OSGi - Lukasz Dywicki (Co...Improved developer productivity thanks to Maven and OSGi - Lukasz Dywicki (Co...
Improved developer productivity thanks to Maven and OSGi - Lukasz Dywicki (Co...
 
It Was Twenty Years Ago Today - Building an OSGi based Smart Home System - Ch...
It Was Twenty Years Ago Today - Building an OSGi based Smart Home System - Ch...It Was Twenty Years Ago Today - Building an OSGi based Smart Home System - Ch...
It Was Twenty Years Ago Today - Building an OSGi based Smart Home System - Ch...
 
Popular patterns revisited on OSGi - Christian Schneider (Adobe)
Popular patterns revisited on OSGi - Christian Schneider (Adobe)Popular patterns revisited on OSGi - Christian Schneider (Adobe)
Popular patterns revisited on OSGi - Christian Schneider (Adobe)
 
Integrating SLF4J and the new OSGi LogService 1.4 - BJ Hargrave (IBM)
Integrating SLF4J and the new OSGi LogService 1.4 - BJ Hargrave (IBM)Integrating SLF4J and the new OSGi LogService 1.4 - BJ Hargrave (IBM)
Integrating SLF4J and the new OSGi LogService 1.4 - BJ Hargrave (IBM)
 
OSG(a)i: because AI needs a runtime - Tim Verbelen (imec)
OSG(a)i: because AI needs a runtime - Tim Verbelen (imec)OSG(a)i: because AI needs a runtime - Tim Verbelen (imec)
OSG(a)i: because AI needs a runtime - Tim Verbelen (imec)
 
Flying to Jupiter with OSGi - Tony Walsh (ESA) & Hristo Indzhov (Telespazio V...
Flying to Jupiter with OSGi - Tony Walsh (ESA) & Hristo Indzhov (Telespazio V...Flying to Jupiter with OSGi - Tony Walsh (ESA) & Hristo Indzhov (Telespazio V...
Flying to Jupiter with OSGi - Tony Walsh (ESA) & Hristo Indzhov (Telespazio V...
 
MicroProfile, OSGi was meant for this - Ray Auge (Liferay)
MicroProfile, OSGi was meant for this - Ray Auge (Liferay)MicroProfile, OSGi was meant for this - Ray Auge (Liferay)
MicroProfile, OSGi was meant for this - Ray Auge (Liferay)
 
Prototyping IoT systems with a hybrid OSGi & Node-RED platform - Bruce Jackso...
Prototyping IoT systems with a hybrid OSGi & Node-RED platform - Bruce Jackso...Prototyping IoT systems with a hybrid OSGi & Node-RED platform - Bruce Jackso...
Prototyping IoT systems with a hybrid OSGi & Node-RED platform - Bruce Jackso...
 
How to connect your OSGi application - Dirk Fauth (Bosch)
How to connect your OSGi application - Dirk Fauth (Bosch)How to connect your OSGi application - Dirk Fauth (Bosch)
How to connect your OSGi application - Dirk Fauth (Bosch)
 

Recently uploaded

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 

Recently uploaded (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 

Deployment Download and Policy Workstream Update - Gábor Pécsy, Nokia

  • 1. © copyright 2004 by OSGi Alliance All rights reserved. Policy
  • 2. © copyright 2004 by OSGi Alliance. All rights reserved. Requirements for Policy • Use cases and requirements: – Policy controlling the management system • Accept/reject various operations based on e.g. actor, target and other conditions – Controlling the runtime behaviors of applications • Allow/deny sensitive operations (assign privileges) for the applications – Delegation model • Possibility to delegate (parts of) the policy forward – Policy tied to subscription • Changing e.g. SIM card or user identity changes the utilized policy – Programmatic Interface • Privilege checking, permission querying/setting, dynamic updating
  • 3. © copyright 2004 by OSGi Alliance. All rights reserved. General overview • MEG defines a management framework and an application model for OSGi based devices • Therefore, policy has two aspects: – Access control for management operations – Runtime control of applications • These two are solved using different mechanisms: – Policy for management operations is expressed in the form of Access Control Lists for coarse grained and Java permissions for fine grained access control – Applications are running under the standard Java access control – according to JDK 1.2 specification – extended with some OSGi and MEG specific permissions • Policy is manageable via the MEG-defined device management framework – Policy can be updated runtime • Conditional Permission Framework is used to provide additional flexibility to Java permissions
  • 4. © copyright 2004 by OSGi Alliance. All rights reserved. Policy Architecture • Device Management Tree is used as management object model • Each node in DMT can have an associated Access Control List • ACL is enforced by DMT Admin when performing remote management operation – DMT Admin may also use Java permissions for fine-grained access control • Java permissions are also mapped to the DMT to enable management via the Policy Plug-in • Permission Admin is modified to support conditional permissions • Conditional Permissions require a special Security Manager to evaluate conditions Policy Plugin Enhanced Permission Admin Conditional Permission Framework Security Manager Policy org.osgi.service.permissionadmin DMT Plugin DMT Admin Device Management Tree Access Control Lists Management Server
  • 5. © copyright 2004 by OSGi Alliance. All rights reserved. DMT Access Control Lists • Device Management Tree is the management object model defined by OMA Device Management specifications. – For details see: http://www.openmobilealliance.org/tech/affiliates/syncml/syncmlindex.html • Each node of DMT may have an associated Access Control List (ACL) • ACLs contains the five management operations permitted by OMA (Add, Get, Delete, Replace and Exec) and associated with each of them a list of management server identifiers, which are permitted to perform the corresponding operation – For example (the exaple is copied from OMA DM specification): Add=www.sonera.fi-8765&Delete=www.sonera.fi-8765&Replace= www.sonera.fi-8765+321_ibm.com&Get=* • DMT Admin authenticates the management servers and based on its identity it enforces the policy described in the ACLs.
  • 6. © copyright 2004 by OSGi Alliance. All rights reserved. DMT Fine-grained access control • In addition to ACLs, fine-grained access control may be applied to remote management operations • It is possible to associate Java permissions with the management server identifiers • After authenticating management server, DMT Admin loads the associated Java permissions and management operations are performed using those permissions only. • Fine-grained permissions checks are made by the management object targeted by the management operation. • Support of the permission-based fine grain policy check is optional.
  • 7. © copyright 2004 by OSGi Alliance. All rights reserved. Changes to R3 Permissions • The security mechanisms used in OSGi Release 3 will be extended • AdminPermission is too broad, it will be refined by adding a target and operation category parameters to it. – The target of permission will be a bundle – Admin operations will be classified into categories to enable finer policy definition. • Such categories are: “metadata”, “class”, “lifecycle” etc. • Permission Admin will be updated: – To support conditional permissions – Enable associating permissions to a signer • Bundles may request permissions listing them in META-INF/ permission.perm file. The actual set of permissions for the bundle will be the intersection of this list and that enabled by the policy.
  • 8. © copyright 2004 by OSGi Alliance. All rights reserved. Application Access Control • Access control for applications is implemented using the standard Java security mechanisms • Permissions may be associated with bundles based on the signer and/or the location of the bundle containing the application • Permission Admin is used to maintain the policy • Services use SecurityManager to check permissions – Usage of SecurityManager instead of AccessController is important to enable the verification of conditions associated with the permissions
  • 9. © copyright 2004 by OSGi Alliance. All rights reserved. Conditional Permissions • Conditional Permission Framework enables the association of certain conditions with permissions – Any number of conditions can be associated with a permission • Such conditions include the IMEI of the device, the IMSI of the SIM in the device, current geographic location of the device, consent of the device user etc. – Consent of the user means that the user is prompted for allowing the requested operation. – Similarly to MIDlet security model, he/she has the option to deny the request or grant it for one shot, session lifetime or blanket (I.e. forever) • The owner of a conditional permission can hold the corresponding privilege only if all the associated conditions are met. • Conditions are represented by classes implementing them • A special SecurityManager implementation is responsible for the evaluation of conditions prior to granting access to the requested resource.
  • 10. © copyright 2004 by OSGi Alliance. All rights reserved. Policy for other application models • Application containers for other application models (e.g. MIDlets, Xlets etc.) can be executed in the OSGi framework • These containers are responsible for implementing the security measures specified in the corresponding application model • They are also responsible for mapping their policy structure into DMT to enable remote management.
  • 11. © copyright 2004 by OSGi Alliance All rights reserved. Download and Deployment
  • 12. © copyright 2004 by OSGi Alliance. All rights reserved. Requirements for Deployment • Use cases and requirements: – Installation/reinstallation/update/uninstallation • Multiple media, Dependency checks, related data, mass operations, demand loading – Integrity Checking • Checks the dependency tree for conflicts or missing pieces – Software Discovery • List of installed software components – Software subscriptions/unsubscriptions • Possibility to install software multiple times without paying it again – Controlled (un)availability of software • Possibility to make the software accessible on certain time different from deployment time – Operator characteristics • Software can be enabled/disabled or even installed/uninstalled based on the used operator (e.g. SIM dependently)
  • 13. © copyright 2004 by OSGi Alliance. All rights reserved. General Overview • MEG defines a packaging/install script format called bundle suite • Bundle suites can contain OSGi bundles as well as other customization scripts, e.g. configuration information • Installation of a bundle suite is atomic, it either succeeds completely or fails without side effect. • Architecture supports different delivery media for bundle suites • Bundle dependencies are tracked to ensure system integrity – In addition to the current OSGi dependencies (package and service dependency), bundle dependency is introduced to denote relations between bundles which are otherwise non-traceable. • A bundle-level mechanism is defined, which enables the customization of bundles after installation • Bundle upgrades are not used, new version is installed, old version is uninstalled instead.
  • 14. © copyright 2004 by OSGi Alliance. All rights reserved. Deployment Architecture • Deployment Plug-in maps deployment related management operations to managed object functions • Download Agents are responsible for fetching bundle suites via different delivery media • Deployment Admin is responsible for the installation of bundle suites • Deployment Manager Services are used to process non-bundle elements of a bundle suite • Deployment Admin relies on Package Admin when installing/removing a bundle Deployment Deployment Plugin DMT Plugin Download Agent Deployment Admin DMT Admin Package Admin Deployment Manager Service BundleSuite Store org.osgi.service.packageadmin
  • 15. © copyright 2004 by OSGi Alliance. All rights reserved. Bundle Suites • Bundle Suites are installation scripts used to install and customize a number of bundles together. • Bundle Suites are JAR files. The order of the elements in the file is significant as it defines the processing order. • The first entry in the file must be the META-INF/Manifest.mf – This file contains meta information to help the processing of the bundle suite • Manifest.mf is followed by the signature files to enable the verification of the integrity of Manifest.mf and other files as well • The remaining content may come in any order – JAR files are assumed to contain bundles – Other files as used for customization, e.g. configuration of bundles
  • 16. © copyright 2004 by OSGi Alliance. All rights reserved. Deployment Admin • Deployment Admin is responsible for the installation (execution) of bundle suites • Deployment Admin processes the bundle suite element by element – JAR files are treated as bundles and are installed using Package Admin – Other files are passed to Deployment Manager Services for processing • Deployment Admin verifies the integrity of the bundle suite by checking the digital signature of the package assembler on the suite • Deployment Admin ensures that the installation of a bundle suite is atomic, i.e. if some step fails during the process, the entire transaction is rolled back without leaving any side effect. • Deployment operation are accessible via Deployment DMT Plug-in. • Deployment Admin implements a “garbage collection”-like solution to remove unnecessary bundles. – Deployment Admin tracks dependencies between bundles – Bundles may be marked as root. A non-root bundle is uninstalled if no root bundle depends on it.
  • 17. © copyright 2004 by OSGi Alliance. All rights reserved. Deployment Manager Services • Deployment Manager Services enable hooking in different customization operations to the processing of a bundle suite • DMSs can be associated with filters on file names. During the installation of a bundle suite, when the name of an element matches some filters, the corresponding DMSs are invoked, passing the element to them. • Any type of DMSs are possible; however, currently only two are standardized: – AUTOCONF.XML • This file contains configuration data. It should be processed by a DMS and using its content, configure bundles via Configuration Admin • The corresponding DMS is also responsible for proper book keeping of the created configuration items to ensure proper cleanup when the corresponding bundles are uninstalled. – Data customization in Manifest.mf: • The corresponding DMS extracts customization information from the bundle suite Manifest and executes customizers at the end of the installation.
  • 18. © copyright 2004 by OSGi Alliance. All rights reserved. Download Agents • Download Agents implement the support of different delivery media – They may work from a local memory card, connect to an installer on a PC or to a remote server • Depending on the media type, Download Agents may be simple or may implement complex logic – For example they may send inventory of installed bundles of the device to enable the customization of bundle suites and saving bandwidth. • A Download Work Stream was recently formed in MEG to define or select a standard download protocol
  • 19. © copyright 2004 by OSGi Alliance. All rights reserved. Download Work Stream • Goal: analyze existing technologies and their relevance to the OSGI/MEG specification in order to generate a guideline or even a specification to address the needs for download, security, distribution of DMO's and monitoring of OSGI/MEG enabled device over the air. • The first step is to analyze technologies from OMA, as far as they are accessible to public, and JCP specifications JSR 118, 124 and 233. This will lead to a GAP analysis and helps to formulate the next steps.
  • 20. © copyright 2004 by OSGi Alliance. All rights reserved. Thank you! Gábor Pécsy Software Technology Specialist gabor.pecsy@nokia.com