Re: [GSoC 2014] Project based on XBaya

[Nadeem Anjum <na...@gmail.com>]

Hi everyone,

This is with reference to Heejon's issue [1] with Xbaya security issue with
the jre(51).

I was able to recreate this issue on Windows.

When the security level in java control panel is set to very high or high,
it gives the following error:
"Your security settings have blocked a *self-signed application* from
running "

When the security level is set to medium or the application is added to
exception site list, the application is allowed to run with a warning,
which displays the *publisher* as "*unknown*"

As per [2], there are two possible reasons for this:

1. *Jar file missing Permission Attribute*
2.* Self signed application* (Certificate not from trusted authority)

I modified the permissions in the main jar adding *permissions:
all-permissions *in the manifest.mf file, but the problem still persists.
According to [3], The Permissions attribute is used to verify that the
permissions level requested by the RIA when it runs matches the permissions
level that was set when the JAR file was created. *This attribute is
required in the manifest of the main JAR file for the RIA, secondary JAR
files and extensions are not required to have the Permissions attribute*.
If the attribute is not present in the main JAR file, then the RIA is
blocked

So it appears the problem is not due to missing permissions in third party
jars.

Rather the problem is apparently due to *self-signed signature*, as when
providing a self-signed signature (the free kind), the "Publisher" field
will always say "UNKNOWN" whether or not it is provided when creating the
signature, as per [4]

Please share your opinion on this issue.

[1]: http://markmail.org/thread/c6exit64mmhhpew7
[2]: https://www.java.com/en/download/help/java_blocked.xml
[3]:
http://download.java.net/jdk8/docs/technotes/guides/jweb/security/manifest.html
[4]: https://code.google.com/p/jzebra/issues/detail?id=155


On Wed, Feb 5, 2014 at 11:47 PM, Suresh Marru <sm...@apache.org> wrote:

> Hi Nadeem,
>
> We still did not compile the list of GSoC projects for 2014, but
> independent of other, I think we certainly can take some help on XBaya and
> we have major refactoring needs come up. Let me suggest a list of tasks for
> you to get started.
>
> * Can you subscribe to Airavata User Mailing list[1] and help Heejoon with
> this thread [2]
>
> * Heejoon and his advisor Prof. Sun Kim's research group uses XBaya for
> interacting with Amazon EC2 Resources so better packaging of the JNLP will
> help them.
>
> As for the GSoC project itself, it will involve changing the current XBaya
> which reads the components in the workflow based on XML Schemas and WSDL's
> and we need to migrate that using in development thrift based data models.
> This will require also changes to XBaya communications to registry and
> workflow interpreter to talk to the new Airavata API. I will clearly
> elaborate on the GSoC project, but for now, please start with helping
> Heejoon and understanding the inner workings of 5    and 10 minute
> tutorials. Stick to Airavata 0.11 version for now. The trunk will be in
> rapid development over the next few weeks.
>
> Suresh
> [1] - http://airavata.apache.org/community/mailing-lists.html
> [2] - http://markmail.org/thread/c6exit64mmhhpew7
> [3] -
> http://biohealth.snu.ac.kr/wiki/index.php/BioVLab_:_Biology_Virtual_Collaborative_Lab
>
> On Feb 5, 2014, at 12:57 PM, Nadeem Anjum <na...@gmail.com> wrote:
>
> > Hello Everyone,
> >
> > Over the last few days I have been going through Airavata codebase. I
> specifically got interested in XBaya, and it will be great if I could get a
> chance to work on a project based on XBaya for GSoC 2014
> >
> > Thanks,
> > Nadeem
>
>

Re: [GSoC 2014] Project based on XBaya

[Suresh Marru <sm...@apache.org>]

Hi Heejoon, Nadeem,

Version 0.12-SNAPSHOT (the current trunk) will have XBaya broken. So for workflow usage please stick to version 0.11.

Also, Nipun is planning to write a GSoC proposal to improve the EC2 provider. That should be of interest to Heejoon and group. So if you have any suggestions for EC2 support in AIravata, please voice them now.

Cheers,
Suresh


On Mar 16, 2014, at 8:34 PM, Heejoon Chae <he...@cs.indiana.edu> wrote:

> Hi, Nadeem,
> 
> Could you tar all your jars for xbaya jnlp? Actually your v0.12  jar doesn't (I thought I could simply replace it  library section in jnlp file) fit my old 0.10, and 0.11 with saying cannot load while verifying process.
> 
> Thank you!
> Heejoon.
> 
> 
> On Fri, Mar 14, 2014 at 2:12 AM, Nadeem Anjum <na...@gmail.com> wrote:
> Hi Heejon,
> 
> Please find attached the jar file with permissions attribute set to all-permissions
> 
> 
> On Thu, Mar 6, 2014 at 6:29 AM, Heejoon Chae <he...@cs.indiana.edu> wrote:
> Hi, Nadeem,
> 
> Could you send your modified main jar which has permission attribute in it? 
> I have our institute's trusted certificate, so I can test the issue with removing two reason.
> 
> Thank you,
> Heejoon.
> 
> 
> On Thu, Mar 6, 2014 at 8:59 AM, Nadeem Anjum <na...@gmail.com> wrote:
> Hi everyone,
> 
> This is with reference to Heejon's issue [1] with Xbaya security issue with the jre(51).
> 
> I was able to recreate this issue on Windows.
> 
> When the security level in java control panel is set to very high or high, it gives the following error: 
> "Your security settings have blocked a self-signed application from running "
> 
> When the security level is set to medium or the application is added to exception site list, the application is allowed to run with a warning, which displays the publisher as "unknown"
> 
> As per [2], there are two possible reasons for this:
> 
> 1. Jar file missing Permission Attribute
> 2. Self signed application (Certificate not from trusted authority)
> 
> I modified the permissions in the main jar adding permissions: all-permissions in the manifest.mf file, but the problem still persists. According to [3], The Permissions attribute is used to verify that the permissions level requested by the RIA when it runs matches the permissions level that was set when the JAR file was created. This attribute is required in the manifest of the main JAR file for the RIA, secondary JAR files and extensions are not required to have the Permissions attribute. If the attribute is not present in the main JAR file, then the RIA is blocked
> 
> So it appears the problem is not due to missing permissions in third party jars.
> 
> Rather the problem is apparently due to self-signed signature, as when providing a self-signed signature (the free kind), the "Publisher" field will always say "UNKNOWN" whether or not it is provided when creating the signature, as per [4]
> 
> Please share your opinion on this issue.
> 
> [1]: http://markmail.org/thread/c6exit64mmhhpew7
> [2]: https://www.java.com/en/download/help/java_blocked.xml
> [3]: http://download.java.net/jdk8/docs/technotes/guides/jweb/security/manifest.html
> [4]: https://code.google.com/p/jzebra/issues/detail?id=155
> 
> 
> On Wed, Feb 5, 2014 at 11:47 PM, Suresh Marru <sm...@apache.org> wrote:
> Hi Nadeem,
> 
> We still did not compile the list of GSoC projects for 2014, but independent of other, I think we certainly can take some help on XBaya and we have major refactoring needs come up. Let me suggest a list of tasks for you to get started.
> 
> * Can you subscribe to Airavata User Mailing list[1] and help Heejoon with this thread [2]
> 
> * Heejoon and his advisor Prof. Sun Kim’s research group uses XBaya for interacting with Amazon EC2 Resources so better packaging of the JNLP will help them.
> 
> As for the GSoC project itself, it will involve changing the current XBaya which reads the components in the workflow based on XML Schemas and WSDL’s and we need to migrate that using in development thrift based data models. This will require also changes to XBaya communications to registry and workflow interpreter to talk to the new Airavata API. I will clearly elaborate on the GSoC project, but for now, please start with helping Heejoon and understanding the inner workings of 5    and 10 minute tutorials. Stick to Airavata 0.11 version for now. The trunk will be in rapid development over the next few weeks.
> 
> Suresh
> [1] - http://airavata.apache.org/community/mailing-lists.html
> [2] - http://markmail.org/thread/c6exit64mmhhpew7
> [3] - http://biohealth.snu.ac.kr/wiki/index.php/BioVLab_:_Biology_Virtual_Collaborative_Lab
> 
> On Feb 5, 2014, at 12:57 PM, Nadeem Anjum <na...@gmail.com> wrote:
> 
> > Hello Everyone,
> >
> > Over the last few days I have been going through Airavata codebase. I specifically got interested in XBaya, and it will be great if I could get a chance to work on a project based on XBaya for GSoC 2014
> >
> > Thanks,
> > Nadeem
> 
> 
> 
> 
> 

Re: [GSoC 2014] Project based on XBaya

[Suresh Marru <sm...@apache.org>]

Hi Heejoon, Nadeem,

Version 0.12-SNAPSHOT (the current trunk) will have XBaya broken. So for workflow usage please stick to version 0.11.

Also, Nipun is planning to write a GSoC proposal to improve the EC2 provider. That should be of interest to Heejoon and group. So if you have any suggestions for EC2 support in AIravata, please voice them now.

Cheers,
Suresh


On Mar 16, 2014, at 8:34 PM, Heejoon Chae <he...@cs.indiana.edu> wrote:

> Hi, Nadeem,
> 
> Could you tar all your jars for xbaya jnlp? Actually your v0.12  jar doesn't (I thought I could simply replace it  library section in jnlp file) fit my old 0.10, and 0.11 with saying cannot load while verifying process.
> 
> Thank you!
> Heejoon.
> 
> 
> On Fri, Mar 14, 2014 at 2:12 AM, Nadeem Anjum <na...@gmail.com> wrote:
> Hi Heejon,
> 
> Please find attached the jar file with permissions attribute set to all-permissions
> 
> 
> On Thu, Mar 6, 2014 at 6:29 AM, Heejoon Chae <he...@cs.indiana.edu> wrote:
> Hi, Nadeem,
> 
> Could you send your modified main jar which has permission attribute in it? 
> I have our institute's trusted certificate, so I can test the issue with removing two reason.
> 
> Thank you,
> Heejoon.
> 
> 
> On Thu, Mar 6, 2014 at 8:59 AM, Nadeem Anjum <na...@gmail.com> wrote:
> Hi everyone,
> 
> This is with reference to Heejon's issue [1] with Xbaya security issue with the jre(51).
> 
> I was able to recreate this issue on Windows.
> 
> When the security level in java control panel is set to very high or high, it gives the following error: 
> "Your security settings have blocked a self-signed application from running "
> 
> When the security level is set to medium or the application is added to exception site list, the application is allowed to run with a warning, which displays the publisher as "unknown"
> 
> As per [2], there are two possible reasons for this:
> 
> 1. Jar file missing Permission Attribute
> 2. Self signed application (Certificate not from trusted authority)
> 
> I modified the permissions in the main jar adding permissions: all-permissions in the manifest.mf file, but the problem still persists. According to [3], The Permissions attribute is used to verify that the permissions level requested by the RIA when it runs matches the permissions level that was set when the JAR file was created. This attribute is required in the manifest of the main JAR file for the RIA, secondary JAR files and extensions are not required to have the Permissions attribute. If the attribute is not present in the main JAR file, then the RIA is blocked
> 
> So it appears the problem is not due to missing permissions in third party jars.
> 
> Rather the problem is apparently due to self-signed signature, as when providing a self-signed signature (the free kind), the "Publisher" field will always say "UNKNOWN" whether or not it is provided when creating the signature, as per [4]
> 
> Please share your opinion on this issue.
> 
> [1]: http://markmail.org/thread/c6exit64mmhhpew7
> [2]: https://www.java.com/en/download/help/java_blocked.xml
> [3]: http://download.java.net/jdk8/docs/technotes/guides/jweb/security/manifest.html
> [4]: https://code.google.com/p/jzebra/issues/detail?id=155
> 
> 
> On Wed, Feb 5, 2014 at 11:47 PM, Suresh Marru <sm...@apache.org> wrote:
> Hi Nadeem,
> 
> We still did not compile the list of GSoC projects for 2014, but independent of other, I think we certainly can take some help on XBaya and we have major refactoring needs come up. Let me suggest a list of tasks for you to get started.
> 
> * Can you subscribe to Airavata User Mailing list[1] and help Heejoon with this thread [2]
> 
> * Heejoon and his advisor Prof. Sun Kim’s research group uses XBaya for interacting with Amazon EC2 Resources so better packaging of the JNLP will help them.
> 
> As for the GSoC project itself, it will involve changing the current XBaya which reads the components in the workflow based on XML Schemas and WSDL’s and we need to migrate that using in development thrift based data models. This will require also changes to XBaya communications to registry and workflow interpreter to talk to the new Airavata API. I will clearly elaborate on the GSoC project, but for now, please start with helping Heejoon and understanding the inner workings of 5    and 10 minute tutorials. Stick to Airavata 0.11 version for now. The trunk will be in rapid development over the next few weeks.
> 
> Suresh
> [1] - http://airavata.apache.org/community/mailing-lists.html
> [2] - http://markmail.org/thread/c6exit64mmhhpew7
> [3] - http://biohealth.snu.ac.kr/wiki/index.php/BioVLab_:_Biology_Virtual_Collaborative_Lab
> 
> On Feb 5, 2014, at 12:57 PM, Nadeem Anjum <na...@gmail.com> wrote:
> 
> > Hello Everyone,
> >
> > Over the last few days I have been going through Airavata codebase. I specifically got interested in XBaya, and it will be great if I could get a chance to work on a project based on XBaya for GSoC 2014
> >
> > Thanks,
> > Nadeem
> 
> 
> 
> 
> 

Re: [GSoC 2014] Project based on XBaya

[Heejoon Chae <he...@cs.indiana.edu>]

Hi, Nadeem,

Could you tar all your jars for xbaya jnlp? Actually your v0.12  jar
doesn't (I thought I could simply replace it  library section in jnlp file)
fit my old 0.10, and 0.11 with saying cannot load while verifying process.

Thank you!
Heejoon.


On Fri, Mar 14, 2014 at 2:12 AM, Nadeem Anjum <na...@gmail.com>wrote:

> Hi Heejon,
>
> Please find attached the jar file with permissions attribute set to
> all-permissions
>
>
> On Thu, Mar 6, 2014 at 6:29 AM, Heejoon Chae <he...@cs.indiana.edu>wrote:
>
>> Hi, Nadeem,
>>
>> Could you send your modified main jar which has permission attribute in
>> it?
>> I have our institute's trusted certificate, so I can test the issue with
>> removing two reason.
>>
>> Thank you,
>> Heejoon.
>>
>>
>> On Thu, Mar 6, 2014 at 8:59 AM, Nadeem Anjum <na...@gmail.com>wrote:
>>
>>> Hi everyone,
>>>
>>> This is with reference to Heejon's issue [1] with Xbaya security issue
>>> with the jre(51).
>>>
>>> I was able to recreate this issue on Windows.
>>>
>>> When the security level in java control panel is set to very high or
>>> high, it gives the following error:
>>> "Your security settings have blocked a *self-signed application* from
>>> running "
>>>
>>> When the security level is set to medium or the application is added to
>>> exception site list, the application is allowed to run with a warning,
>>> which displays the *publisher* as "*unknown*"
>>>
>>> As per [2], there are two possible reasons for this:
>>>
>>> 1. *Jar file missing Permission Attribute*
>>> 2.* Self signed application* (Certificate not from trusted authority)
>>>
>>> I modified the permissions in the main jar adding *permissions:
>>> all-permissions *in the manifest.mf file, but the problem still
>>> persists. According to [3], The Permissions attribute is used to verify
>>> that the permissions level requested by the RIA when it runs matches the
>>> permissions level that was set when the JAR file was created. *This
>>> attribute is required in the manifest of the main JAR file for the RIA,
>>> secondary JAR files and extensions are not required to have the Permissions
>>> attribute*. If the attribute is not present in the main JAR file, then
>>> the RIA is blocked
>>>
>>> So it appears the problem is not due to missing permissions in third
>>> party jars.
>>>
>>> Rather the problem is apparently due to *self-signed signature*,
>>> as when providing a self-signed signature (the free kind), the "Publisher"
>>> field will always say "UNKNOWN" whether or not it is provided when creating
>>> the signature, as per [4]
>>>
>>> Please share your opinion on this issue.
>>>
>>> [1]: http://markmail.org/thread/c6exit64mmhhpew7
>>> [2]: https://www.java.com/en/download/help/java_blocked.xml
>>> [3]:
>>> http://download.java.net/jdk8/docs/technotes/guides/jweb/security/manifest.html
>>> [4]: https://code.google.com/p/jzebra/issues/detail?id=155
>>>
>>>
>>> On Wed, Feb 5, 2014 at 11:47 PM, Suresh Marru <sm...@apache.org> wrote:
>>>
>>>> Hi Nadeem,
>>>>
>>>> We still did not compile the list of GSoC projects for 2014, but
>>>> independent of other, I think we certainly can take some help on XBaya and
>>>> we have major refactoring needs come up. Let me suggest a list of tasks for
>>>> you to get started.
>>>>
>>>> * Can you subscribe to Airavata User Mailing list[1] and help Heejoon
>>>> with this thread [2]
>>>>
>>>> * Heejoon and his advisor Prof. Sun Kim's research group uses XBaya for
>>>> interacting with Amazon EC2 Resources so better packaging of the JNLP will
>>>> help them.
>>>>
>>>> As for the GSoC project itself, it will involve changing the current
>>>> XBaya which reads the components in the workflow based on XML Schemas and
>>>> WSDL's and we need to migrate that using in development thrift based data
>>>> models. This will require also changes to XBaya communications to registry
>>>> and workflow interpreter to talk to the new Airavata API. I will clearly
>>>> elaborate on the GSoC project, but for now, please start with helping
>>>> Heejoon and understanding the inner workings of 5    and 10 minute
>>>> tutorials. Stick to Airavata 0.11 version for now. The trunk will be in
>>>> rapid development over the next few weeks.
>>>>
>>>> Suresh
>>>> [1] - http://airavata.apache.org/community/mailing-lists.html
>>>> [2] - http://markmail.org/thread/c6exit64mmhhpew7
>>>> [3] -
>>>> http://biohealth.snu.ac.kr/wiki/index.php/BioVLab_:_Biology_Virtual_Collaborative_Lab
>>>>
>>>> On Feb 5, 2014, at 12:57 PM, Nadeem Anjum <na...@gmail.com>
>>>> wrote:
>>>>
>>>> > Hello Everyone,
>>>> >
>>>> > Over the last few days I have been going through Airavata codebase. I
>>>> specifically got interested in XBaya, and it will be great if I could get a
>>>> chance to work on a project based on XBaya for GSoC 2014
>>>> >
>>>> > Thanks,
>>>> > Nadeem
>>>>
>>>>
>>>
>>
>

Re: [GSoC 2014] Project based on XBaya

[Nadeem Anjum <na...@gmail.com>]

Hi Heejon,

Please find attached the jar file with permissions attribute set to
all-permissions


On Thu, Mar 6, 2014 at 6:29 AM, Heejoon Chae <he...@cs.indiana.edu> wrote:

> Hi, Nadeem,
>
> Could you send your modified main jar which has permission attribute in
> it?
> I have our institute's trusted certificate, so I can test the issue with
> removing two reason.
>
> Thank you,
> Heejoon.
>
>
> On Thu, Mar 6, 2014 at 8:59 AM, Nadeem Anjum <na...@gmail.com>wrote:
>
>> Hi everyone,
>>
>> This is with reference to Heejon's issue [1] with Xbaya security issue
>> with the jre(51).
>>
>> I was able to recreate this issue on Windows.
>>
>> When the security level in java control panel is set to very high or
>> high, it gives the following error:
>> "Your security settings have blocked a *self-signed application* from
>> running "
>>
>> When the security level is set to medium or the application is added to
>> exception site list, the application is allowed to run with a warning,
>> which displays the *publisher* as "*unknown*"
>>
>> As per [2], there are two possible reasons for this:
>>
>> 1. *Jar file missing Permission Attribute*
>> 2.* Self signed application* (Certificate not from trusted authority)
>>
>> I modified the permissions in the main jar adding *permissions:
>> all-permissions *in the manifest.mf file, but the problem still
>> persists. According to [3], The Permissions attribute is used to verify
>> that the permissions level requested by the RIA when it runs matches the
>> permissions level that was set when the JAR file was created. *This
>> attribute is required in the manifest of the main JAR file for the RIA,
>> secondary JAR files and extensions are not required to have the Permissions
>> attribute*. If the attribute is not present in the main JAR file, then
>> the RIA is blocked
>>
>> So it appears the problem is not due to missing permissions in third
>> party jars.
>>
>> Rather the problem is apparently due to *self-signed signature*, as when
>> providing a self-signed signature (the free kind), the "Publisher" field
>> will always say "UNKNOWN" whether or not it is provided when creating the
>> signature, as per [4]
>>
>> Please share your opinion on this issue.
>>
>> [1]: http://markmail.org/thread/c6exit64mmhhpew7
>> [2]: https://www.java.com/en/download/help/java_blocked.xml
>> [3]:
>> http://download.java.net/jdk8/docs/technotes/guides/jweb/security/manifest.html
>> [4]: https://code.google.com/p/jzebra/issues/detail?id=155
>>
>>
>> On Wed, Feb 5, 2014 at 11:47 PM, Suresh Marru <sm...@apache.org> wrote:
>>
>>> Hi Nadeem,
>>>
>>> We still did not compile the list of GSoC projects for 2014, but
>>> independent of other, I think we certainly can take some help on XBaya and
>>> we have major refactoring needs come up. Let me suggest a list of tasks for
>>> you to get started.
>>>
>>> * Can you subscribe to Airavata User Mailing list[1] and help Heejoon
>>> with this thread [2]
>>>
>>> * Heejoon and his advisor Prof. Sun Kim's research group uses XBaya for
>>> interacting with Amazon EC2 Resources so better packaging of the JNLP will
>>> help them.
>>>
>>> As for the GSoC project itself, it will involve changing the current
>>> XBaya which reads the components in the workflow based on XML Schemas and
>>> WSDL's and we need to migrate that using in development thrift based data
>>> models. This will require also changes to XBaya communications to registry
>>> and workflow interpreter to talk to the new Airavata API. I will clearly
>>> elaborate on the GSoC project, but for now, please start with helping
>>> Heejoon and understanding the inner workings of 5    and 10 minute
>>> tutorials. Stick to Airavata 0.11 version for now. The trunk will be in
>>> rapid development over the next few weeks.
>>>
>>> Suresh
>>> [1] - http://airavata.apache.org/community/mailing-lists.html
>>> [2] - http://markmail.org/thread/c6exit64mmhhpew7
>>> [3] -
>>> http://biohealth.snu.ac.kr/wiki/index.php/BioVLab_:_Biology_Virtual_Collaborative_Lab
>>>
>>> On Feb 5, 2014, at 12:57 PM, Nadeem Anjum <na...@gmail.com>
>>> wrote:
>>>
>>> > Hello Everyone,
>>> >
>>> > Over the last few days I have been going through Airavata codebase. I
>>> specifically got interested in XBaya, and it will be great if I could get a
>>> chance to work on a project based on XBaya for GSoC 2014
>>> >
>>> > Thanks,
>>> > Nadeem
>>>
>>>
>>
>

Re: [GSoC 2014] Project based on XBaya

[Nadeem Anjum <na...@gmail.com>]

Hi Heejon,

Please find attached the jar file with permissions attribute set to
all-permissions


On Thu, Mar 6, 2014 at 6:29 AM, Heejoon Chae <he...@cs.indiana.edu> wrote:

> Hi, Nadeem,
>
> Could you send your modified main jar which has permission attribute in
> it?
> I have our institute's trusted certificate, so I can test the issue with
> removing two reason.
>
> Thank you,
> Heejoon.
>
>
> On Thu, Mar 6, 2014 at 8:59 AM, Nadeem Anjum <na...@gmail.com>wrote:
>
>> Hi everyone,
>>
>> This is with reference to Heejon's issue [1] with Xbaya security issue
>> with the jre(51).
>>
>> I was able to recreate this issue on Windows.
>>
>> When the security level in java control panel is set to very high or
>> high, it gives the following error:
>> "Your security settings have blocked a *self-signed application* from
>> running "
>>
>> When the security level is set to medium or the application is added to
>> exception site list, the application is allowed to run with a warning,
>> which displays the *publisher* as "*unknown*"
>>
>> As per [2], there are two possible reasons for this:
>>
>> 1. *Jar file missing Permission Attribute*
>> 2.* Self signed application* (Certificate not from trusted authority)
>>
>> I modified the permissions in the main jar adding *permissions:
>> all-permissions *in the manifest.mf file, but the problem still
>> persists. According to [3], The Permissions attribute is used to verify
>> that the permissions level requested by the RIA when it runs matches the
>> permissions level that was set when the JAR file was created. *This
>> attribute is required in the manifest of the main JAR file for the RIA,
>> secondary JAR files and extensions are not required to have the Permissions
>> attribute*. If the attribute is not present in the main JAR file, then
>> the RIA is blocked
>>
>> So it appears the problem is not due to missing permissions in third
>> party jars.
>>
>> Rather the problem is apparently due to *self-signed signature*, as when
>> providing a self-signed signature (the free kind), the "Publisher" field
>> will always say "UNKNOWN" whether or not it is provided when creating the
>> signature, as per [4]
>>
>> Please share your opinion on this issue.
>>
>> [1]: http://markmail.org/thread/c6exit64mmhhpew7
>> [2]: https://www.java.com/en/download/help/java_blocked.xml
>> [3]:
>> http://download.java.net/jdk8/docs/technotes/guides/jweb/security/manifest.html
>> [4]: https://code.google.com/p/jzebra/issues/detail?id=155
>>
>>
>> On Wed, Feb 5, 2014 at 11:47 PM, Suresh Marru <sm...@apache.org> wrote:
>>
>>> Hi Nadeem,
>>>
>>> We still did not compile the list of GSoC projects for 2014, but
>>> independent of other, I think we certainly can take some help on XBaya and
>>> we have major refactoring needs come up. Let me suggest a list of tasks for
>>> you to get started.
>>>
>>> * Can you subscribe to Airavata User Mailing list[1] and help Heejoon
>>> with this thread [2]
>>>
>>> * Heejoon and his advisor Prof. Sun Kim's research group uses XBaya for
>>> interacting with Amazon EC2 Resources so better packaging of the JNLP will
>>> help them.
>>>
>>> As for the GSoC project itself, it will involve changing the current
>>> XBaya which reads the components in the workflow based on XML Schemas and
>>> WSDL's and we need to migrate that using in development thrift based data
>>> models. This will require also changes to XBaya communications to registry
>>> and workflow interpreter to talk to the new Airavata API. I will clearly
>>> elaborate on the GSoC project, but for now, please start with helping
>>> Heejoon and understanding the inner workings of 5    and 10 minute
>>> tutorials. Stick to Airavata 0.11 version for now. The trunk will be in
>>> rapid development over the next few weeks.
>>>
>>> Suresh
>>> [1] - http://airavata.apache.org/community/mailing-lists.html
>>> [2] - http://markmail.org/thread/c6exit64mmhhpew7
>>> [3] -
>>> http://biohealth.snu.ac.kr/wiki/index.php/BioVLab_:_Biology_Virtual_Collaborative_Lab
>>>
>>> On Feb 5, 2014, at 12:57 PM, Nadeem Anjum <na...@gmail.com>
>>> wrote:
>>>
>>> > Hello Everyone,
>>> >
>>> > Over the last few days I have been going through Airavata codebase. I
>>> specifically got interested in XBaya, and it will be great if I could get a
>>> chance to work on a project based on XBaya for GSoC 2014
>>> >
>>> > Thanks,
>>> > Nadeem
>>>
>>>
>>
>

Re: [GSoC 2014] Project based on XBaya

[Heejoon Chae <he...@cs.indiana.edu>]

Hi, Nadeem,

Could you send your modified main jar which has permission attribute in it?
I have our institute's trusted certificate, so I can test the issue with
removing two reason.

Thank you,
Heejoon.


On Thu, Mar 6, 2014 at 8:59 AM, Nadeem Anjum <na...@gmail.com>wrote:

> Hi everyone,
>
> This is with reference to Heejon's issue [1] with Xbaya security issue
> with the jre(51).
>
> I was able to recreate this issue on Windows.
>
> When the security level in java control panel is set to very high or high,
> it gives the following error:
> "Your security settings have blocked a *self-signed application* from
> running "
>
> When the security level is set to medium or the application is added to
> exception site list, the application is allowed to run with a warning,
> which displays the *publisher* as "*unknown*"
>
> As per [2], there are two possible reasons for this:
>
> 1. *Jar file missing Permission Attribute*
> 2.* Self signed application* (Certificate not from trusted authority)
>
> I modified the permissions in the main jar adding *permissions:
> all-permissions *in the manifest.mf file, but the problem still persists.
> According to [3], The Permissions attribute is used to verify that the
> permissions level requested by the RIA when it runs matches the permissions
> level that was set when the JAR file was created. *This attribute is
> required in the manifest of the main JAR file for the RIA, secondary JAR
> files and extensions are not required to have the Permissions attribute*.
> If the attribute is not present in the main JAR file, then the RIA is
> blocked
>
> So it appears the problem is not due to missing permissions in third party
> jars.
>
> Rather the problem is apparently due to *self-signed signature*, as when
> providing a self-signed signature (the free kind), the "Publisher" field
> will always say "UNKNOWN" whether or not it is provided when creating the
> signature, as per [4]
>
> Please share your opinion on this issue.
>
> [1]: http://markmail.org/thread/c6exit64mmhhpew7
> [2]: https://www.java.com/en/download/help/java_blocked.xml
> [3]:
> http://download.java.net/jdk8/docs/technotes/guides/jweb/security/manifest.html
> [4]: https://code.google.com/p/jzebra/issues/detail?id=155
>
>
> On Wed, Feb 5, 2014 at 11:47 PM, Suresh Marru <sm...@apache.org> wrote:
>
>> Hi Nadeem,
>>
>> We still did not compile the list of GSoC projects for 2014, but
>> independent of other, I think we certainly can take some help on XBaya and
>> we have major refactoring needs come up. Let me suggest a list of tasks for
>> you to get started.
>>
>> * Can you subscribe to Airavata User Mailing list[1] and help Heejoon
>> with this thread [2]
>>
>> * Heejoon and his advisor Prof. Sun Kim's research group uses XBaya for
>> interacting with Amazon EC2 Resources so better packaging of the JNLP will
>> help them.
>>
>> As for the GSoC project itself, it will involve changing the current
>> XBaya which reads the components in the workflow based on XML Schemas and
>> WSDL's and we need to migrate that using in development thrift based data
>> models. This will require also changes to XBaya communications to registry
>> and workflow interpreter to talk to the new Airavata API. I will clearly
>> elaborate on the GSoC project, but for now, please start with helping
>> Heejoon and understanding the inner workings of 5    and 10 minute
>> tutorials. Stick to Airavata 0.11 version for now. The trunk will be in
>> rapid development over the next few weeks.
>>
>> Suresh
>> [1] - http://airavata.apache.org/community/mailing-lists.html
>> [2] - http://markmail.org/thread/c6exit64mmhhpew7
>> [3] -
>> http://biohealth.snu.ac.kr/wiki/index.php/BioVLab_:_Biology_Virtual_Collaborative_Lab
>>
>> On Feb 5, 2014, at 12:57 PM, Nadeem Anjum <na...@gmail.com>
>> wrote:
>>
>> > Hello Everyone,
>> >
>> > Over the last few days I have been going through Airavata codebase. I
>> specifically got interested in XBaya, and it will be great if I could get a
>> chance to work on a project based on XBaya for GSoC 2014
>> >
>> > Thanks,
>> > Nadeem
>>
>>
>

Re: [GSoC 2014] Project based on XBaya

[Nadeem Anjum <na...@gmail.com>]

Hi Marlon,

Is it possible to prevent the jars from being self-signed in XBaya's JNLP?

Thanks,
Nadeem


On Thu, Mar 6, 2014 at 6:48 AM, Marlon Pierce <ma...@iu.edu> wrote:

> Nice detective work, Nadeem.  We use several self-signed jars in XBaya's
> JNLP. We used to sign them during the build process, but I think we
> finally just placed the signed jars in the repo.
>
> Security problems with Java applets and webstart apps may be why the
> default permissions have gotten more restrictive, so I suggest being
> careful if turning the permissions down.
>
> Marlon
>
> On 3/5/14 6:59 PM, Nadeem Anjum wrote:
> > Hi everyone,
> >
> > This is with reference to Heejon's issue [1] with Xbaya security issue
> with
> > the jre(51).
> >
> > I was able to recreate this issue on Windows.
> >
> > When the security level in java control panel is set to very high or
> high,
> > it gives the following error:
> > "Your security settings have blocked a *self-signed application* from
> > running "
> >
> > When the security level is set to medium or the application is added to
> > exception site list, the application is allowed to run with a warning,
> > which displays the *publisher* as "*unknown*"
> >
> > As per [2], there are two possible reasons for this:
> >
> > 1. *Jar file missing Permission Attribute*
> > 2.* Self signed application* (Certificate not from trusted authority)
> >
> > I modified the permissions in the main jar adding *permissions:
> > all-permissions *in the manifest.mf file, but the problem still persists.
> > According to [3], The Permissions attribute is used to verify that the
> > permissions level requested by the RIA when it runs matches the
> permissions
> > level that was set when the JAR file was created. *This attribute is
> > required in the manifest of the main JAR file for the RIA, secondary JAR
> > files and extensions are not required to have the Permissions attribute*.
> > If the attribute is not present in the main JAR file, then the RIA is
> > blocked
> >
> > So it appears the problem is not due to missing permissions in third
> party
> > jars.
> >
> > Rather the problem is apparently due to *self-signed signature*, as when
> > providing a self-signed signature (the free kind), the "Publisher" field
> > will always say "UNKNOWN" whether or not it is provided when creating the
> > signature, as per [4]
> >
> > Please share your opinion on this issue.
> >
> > [1]: http://markmail.org/thread/c6exit64mmhhpew7
> > [2]: https://www.java.com/en/download/help/java_blocked.xml
> > [3]:
> >
> http://download.java.net/jdk8/docs/technotes/guides/jweb/security/manifest.html
> > [4]: https://code.google.com/p/jzebra/issues/detail?id=155
> >
> >
> > On Wed, Feb 5, 2014 at 11:47 PM, Suresh Marru <sm...@apache.org> wrote:
> >
> >> Hi Nadeem,
> >>
> >> We still did not compile the list of GSoC projects for 2014, but
> >> independent of other, I think we certainly can take some help on XBaya
> and
> >> we have major refactoring needs come up. Let me suggest a list of tasks
> for
> >> you to get started.
> >>
> >> * Can you subscribe to Airavata User Mailing list[1] and help Heejoon
> with
> >> this thread [2]
> >>
> >> * Heejoon and his advisor Prof. Sun Kim's research group uses XBaya for
> >> interacting with Amazon EC2 Resources so better packaging of the JNLP
> will
> >> help them.
> >>
> >> As for the GSoC project itself, it will involve changing the current
> XBaya
> >> which reads the components in the workflow based on XML Schemas and
> WSDL's
> >> and we need to migrate that using in development thrift based data
> models.
> >> This will require also changes to XBaya communications to registry and
> >> workflow interpreter to talk to the new Airavata API. I will clearly
> >> elaborate on the GSoC project, but for now, please start with helping
> >> Heejoon and understanding the inner workings of 5    and 10 minute
> >> tutorials. Stick to Airavata 0.11 version for now. The trunk will be in
> >> rapid development over the next few weeks.
> >>
> >> Suresh
> >> [1] - http://airavata.apache.org/community/mailing-lists.html
> >> [2] - http://markmail.org/thread/c6exit64mmhhpew7
> >> [3] -
> >>
> http://biohealth.snu.ac.kr/wiki/index.php/BioVLab_:_Biology_Virtual_Collaborative_Lab
> >>
> >> On Feb 5, 2014, at 12:57 PM, Nadeem Anjum <na...@gmail.com>
> wrote:
> >>
> >>> Hello Everyone,
> >>>
> >>> Over the last few days I have been going through Airavata codebase. I
> >> specifically got interested in XBaya, and it will be great if I could
> get a
> >> chance to work on a project based on XBaya for GSoC 2014
> >>> Thanks,
> >>> Nadeem
> >>
>
>

Re: [GSoC 2014] Project based on XBaya

[Marlon Pierce <ma...@iu.edu>]

Nice detective work, Nadeem.  We use several self-signed jars in XBaya's
JNLP. We used to sign them during the build process, but I think we
finally just placed the signed jars in the repo. 

Security problems with Java applets and webstart apps may be why the
default permissions have gotten more restrictive, so I suggest being
careful if turning the permissions down.

Marlon

On 3/5/14 6:59 PM, Nadeem Anjum wrote:
> Hi everyone,
>
> This is with reference to Heejon's issue [1] with Xbaya security issue with
> the jre(51).
>
> I was able to recreate this issue on Windows.
>
> When the security level in java control panel is set to very high or high,
> it gives the following error:
> "Your security settings have blocked a *self-signed application* from
> running "
>
> When the security level is set to medium or the application is added to
> exception site list, the application is allowed to run with a warning,
> which displays the *publisher* as "*unknown*"
>
> As per [2], there are two possible reasons for this:
>
> 1. *Jar file missing Permission Attribute*
> 2.* Self signed application* (Certificate not from trusted authority)
>
> I modified the permissions in the main jar adding *permissions:
> all-permissions *in the manifest.mf file, but the problem still persists.
> According to [3], The Permissions attribute is used to verify that the
> permissions level requested by the RIA when it runs matches the permissions
> level that was set when the JAR file was created. *This attribute is
> required in the manifest of the main JAR file for the RIA, secondary JAR
> files and extensions are not required to have the Permissions attribute*.
> If the attribute is not present in the main JAR file, then the RIA is
> blocked
>
> So it appears the problem is not due to missing permissions in third party
> jars.
>
> Rather the problem is apparently due to *self-signed signature*, as when
> providing a self-signed signature (the free kind), the "Publisher" field
> will always say "UNKNOWN" whether or not it is provided when creating the
> signature, as per [4]
>
> Please share your opinion on this issue.
>
> [1]: http://markmail.org/thread/c6exit64mmhhpew7
> [2]: https://www.java.com/en/download/help/java_blocked.xml
> [3]:
> http://download.java.net/jdk8/docs/technotes/guides/jweb/security/manifest.html
> [4]: https://code.google.com/p/jzebra/issues/detail?id=155
>
>
> On Wed, Feb 5, 2014 at 11:47 PM, Suresh Marru <sm...@apache.org> wrote:
>
>> Hi Nadeem,
>>
>> We still did not compile the list of GSoC projects for 2014, but
>> independent of other, I think we certainly can take some help on XBaya and
>> we have major refactoring needs come up. Let me suggest a list of tasks for
>> you to get started.
>>
>> * Can you subscribe to Airavata User Mailing list[1] and help Heejoon with
>> this thread [2]
>>
>> * Heejoon and his advisor Prof. Sun Kim's research group uses XBaya for
>> interacting with Amazon EC2 Resources so better packaging of the JNLP will
>> help them.
>>
>> As for the GSoC project itself, it will involve changing the current XBaya
>> which reads the components in the workflow based on XML Schemas and WSDL's
>> and we need to migrate that using in development thrift based data models.
>> This will require also changes to XBaya communications to registry and
>> workflow interpreter to talk to the new Airavata API. I will clearly
>> elaborate on the GSoC project, but for now, please start with helping
>> Heejoon and understanding the inner workings of 5    and 10 minute
>> tutorials. Stick to Airavata 0.11 version for now. The trunk will be in
>> rapid development over the next few weeks.
>>
>> Suresh
>> [1] - http://airavata.apache.org/community/mailing-lists.html
>> [2] - http://markmail.org/thread/c6exit64mmhhpew7
>> [3] -
>> http://biohealth.snu.ac.kr/wiki/index.php/BioVLab_:_Biology_Virtual_Collaborative_Lab
>>
>> On Feb 5, 2014, at 12:57 PM, Nadeem Anjum <na...@gmail.com> wrote:
>>
>>> Hello Everyone,
>>>
>>> Over the last few days I have been going through Airavata codebase. I
>> specifically got interested in XBaya, and it will be great if I could get a
>> chance to work on a project based on XBaya for GSoC 2014
>>> Thanks,
>>> Nadeem
>>

Re: [GSoC 2014] Project based on XBaya

[Heejoon Chae <he...@cs.indiana.edu>]

Hi, Nadeem,

Could you send your modified main jar which has permission attribute in it?
I have our institute's trusted certificate, so I can test the issue with
removing two reason.

Thank you,
Heejoon.


On Thu, Mar 6, 2014 at 8:59 AM, Nadeem Anjum <na...@gmail.com>wrote:

> Hi everyone,
>
> This is with reference to Heejon's issue [1] with Xbaya security issue
> with the jre(51).
>
> I was able to recreate this issue on Windows.
>
> When the security level in java control panel is set to very high or high,
> it gives the following error:
> "Your security settings have blocked a *self-signed application* from
> running "
>
> When the security level is set to medium or the application is added to
> exception site list, the application is allowed to run with a warning,
> which displays the *publisher* as "*unknown*"
>
> As per [2], there are two possible reasons for this:
>
> 1. *Jar file missing Permission Attribute*
> 2.* Self signed application* (Certificate not from trusted authority)
>
> I modified the permissions in the main jar adding *permissions:
> all-permissions *in the manifest.mf file, but the problem still persists.
> According to [3], The Permissions attribute is used to verify that the
> permissions level requested by the RIA when it runs matches the permissions
> level that was set when the JAR file was created. *This attribute is
> required in the manifest of the main JAR file for the RIA, secondary JAR
> files and extensions are not required to have the Permissions attribute*.
> If the attribute is not present in the main JAR file, then the RIA is
> blocked
>
> So it appears the problem is not due to missing permissions in third party
> jars.
>
> Rather the problem is apparently due to *self-signed signature*, as when
> providing a self-signed signature (the free kind), the "Publisher" field
> will always say "UNKNOWN" whether or not it is provided when creating the
> signature, as per [4]
>
> Please share your opinion on this issue.
>
> [1]: http://markmail.org/thread/c6exit64mmhhpew7
> [2]: https://www.java.com/en/download/help/java_blocked.xml
> [3]:
> http://download.java.net/jdk8/docs/technotes/guides/jweb/security/manifest.html
> [4]: https://code.google.com/p/jzebra/issues/detail?id=155
>
>
> On Wed, Feb 5, 2014 at 11:47 PM, Suresh Marru <sm...@apache.org> wrote:
>
>> Hi Nadeem,
>>
>> We still did not compile the list of GSoC projects for 2014, but
>> independent of other, I think we certainly can take some help on XBaya and
>> we have major refactoring needs come up. Let me suggest a list of tasks for
>> you to get started.
>>
>> * Can you subscribe to Airavata User Mailing list[1] and help Heejoon
>> with this thread [2]
>>
>> * Heejoon and his advisor Prof. Sun Kim's research group uses XBaya for
>> interacting with Amazon EC2 Resources so better packaging of the JNLP will
>> help them.
>>
>> As for the GSoC project itself, it will involve changing the current
>> XBaya which reads the components in the workflow based on XML Schemas and
>> WSDL's and we need to migrate that using in development thrift based data
>> models. This will require also changes to XBaya communications to registry
>> and workflow interpreter to talk to the new Airavata API. I will clearly
>> elaborate on the GSoC project, but for now, please start with helping
>> Heejoon and understanding the inner workings of 5    and 10 minute
>> tutorials. Stick to Airavata 0.11 version for now. The trunk will be in
>> rapid development over the next few weeks.
>>
>> Suresh
>> [1] - http://airavata.apache.org/community/mailing-lists.html
>> [2] - http://markmail.org/thread/c6exit64mmhhpew7
>> [3] -
>> http://biohealth.snu.ac.kr/wiki/index.php/BioVLab_:_Biology_Virtual_Collaborative_Lab
>>
>> On Feb 5, 2014, at 12:57 PM, Nadeem Anjum <na...@gmail.com>
>> wrote:
>>
>> > Hello Everyone,
>> >
>> > Over the last few days I have been going through Airavata codebase. I
>> specifically got interested in XBaya, and it will be great if I could get a
>> chance to work on a project based on XBaya for GSoC 2014
>> >
>> > Thanks,
>> > Nadeem
>>
>>
>