Participant Technical Reference Manual - IESO
Participant Technical Reference Manual - IESO
Participant Technical Reference Manual - IESO
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Participant</strong> <strong>Technical</strong> <strong>Reference</strong> <strong>Manual</strong><br />
2. <strong>Participant</strong> Workstation, Network & Security<br />
<strong>IESO</strong> Java Policy File<br />
62 A special <strong>IESO</strong> Java, policy file with the file name “.java.policy" (note the dot at the<br />
beginning of the filename) is required for successful <strong>IESO</strong> PKI and MPI processing on<br />
the workstation when using Internet Explorer as the browser for the MPI. It is not<br />
required for use with the MIM IDK or <strong>IESO</strong> Portal. This is a simple text-format file<br />
available from the <strong>IESO</strong> <strong>Technical</strong> Interfaces page. It must be installed in each user's<br />
"C:\Documents and Settings\userID" (e.g. C:\Documents and Settings\smithj) directory<br />
on the workstation where userID represents the login ID for the user. As of release<br />
19.0the Verizon CA update in early March, this file will be updated to include the new<br />
Verizon CA domain names for its replacement CA servers to handle the May 2010<br />
issuing CA certificate replacement, to simplify the content and improve MPI login<br />
performance while maintaining java security. Users can, if desired, still use the<br />
original java policy file which is available on the <strong>Technical</strong> Interfaces, Software<br />
downloads page. This version of the Java policy file has few security restrictions but<br />
high login performance. The edited latest version of the .java.policy file has the<br />
following content for java permissions:<br />
grant {<br />
permission java.lang.RuntimePermission "getProtectionDomain";<br />
permission java.security.SecurityPermission "removeProvider.IAIK";<br />
permission java.security.SecurityPermission "insertProvider.IAIK";<br />
permission java.security.SecurityPermission "putProviderProperty.IAIK";<br />
permission java.security.SecurityPermission "removeProvider.Entrust";<br />
permission java.security.SecurityPermission "insertProvider.Entrust";<br />
permission java.security.SecurityPermission "putProviderProperty.Entrust";<br />
permission java.io.FilePermission "", "read, write";<br />
permission java.util.PropertyPermission "*", "read, write";<br />
permission java.lang.RuntimePermission "queuePrintJob";<br />
permission java.net.SocketPermission "ccica1.idm.cybertrust.com", "connect,resolve";<br />
permission java.net.SocketPermission "ccipdir.idm.cybertrust.com", "connect,resolve";<br />
permission java.net.SocketPermission "ccica2.idm.cybertrust.com", "connect,resolve";<br />
permission java.net.SocketPermission "ccipdir2.idm.cybertrust.com", "connect,resolve";<br />
permission java.net.SocketPermission "cdp1.public-trust.com", "connect,resolve";<br />
permission java.net.SocketPermission "crl.globalsign.net", "connect,resolve";<br />
};<br />
Without this java policy file with the above content in the home directory location for each user,<br />
the MPI applet PKI java code will not function correctly when attempting to login. Under such<br />
circumstances an "applet not inited" error on the browser status line at the bottom may display<br />
and/or a dialogue box with an error message "Login failed: access denied<br />
(java.security.SecurityPermission removeProvider.IAIK)".<br />
63 To download the file from the <strong>Technical</strong> Interfaces page the user can right mouse<br />
button click on the file's POL link on the web-site and choose to save to the required<br />
location as show in Figure 2-15. This will activate the typical Windows "Save As"<br />
window to allow the user to choose the directory location to save the file to.<br />
Issue 21.1 – March 15, 2010 - estimated Public 29