container format for jigsaw modules
Roger.Riggs at Sun.COM
Thu Nov 12 12:25:23 PST 2009
A couple of comments:
1) I don't see requirements related to security except for hashes that
checking of the integrity of the container and contents.
The Java security mechanisms are in most cases based on authentication
of the source
of the class files that can be verified using pki (signed JARs in the
There should be a requirement to be able to verify the contents as
The granularity should be variable to match the components extracted
and used from
2) To allow dynamic loading of dependencies each container should be
include the URI/URL of the other modules it depends on. In a lightly
application, the URLs can be used directly to download missing
In a more controlled environment the URIs can be used to lookup where
missing dependencies. Another alternative would be identify only the
of a service that would provide the modules.
3) In JavaME, small application descriptors were used to be able to
download the meta-data
for an application/library. It is possible to download the descriptors
ahead of the bulk
of the application's JARs and libraries and be able to verify
dependencies and whether
the components are already present. It is an opportunity to eliminate
transfers when they
are not needed. The key information need to be sufficient to validate
are or are not met with current modules. This allows the entire graph
to be checked before
downloading the bulk of the data.
4) Have you considered being able to use RTSP (Streaming protocol) for
Though it is typically associated more with media than application
delivery it supports random access.
I'll have to take a look at XAR and see how these are handled.
More information about the jigsaw-dev