Domino mandates java security controls to avoid code from performing privileged operation.
Control of policies is defined by java.policy files.
This is a burden for customer, partners and admins.
The proposal is to implement a new Java policy provider (implementing java's policy.provider) that:
Loads config from NSF on server / client (names.nsf form or other database)
Stores policies as documents (using java.policy syntax)
Check for a list of trusted signersbefore loading a policy (notes document must be signed by the user)
Allows to quickly enable/disable policy (eg. Enabled field in db document) (eventually with hot-reload of the policy)
Set priority of documents to build the policy
The expected value for everybody is that:
It is good for security (but also for developers)
Is based on NSFs with all advantages ( replication, secturity, no filesystem access needed)
A catalog of policies can be built for sharing, reuse & optimization