Appended at 14:09:54 on 92/07/21 GMT (by TARNOLD at CLTVM1) Subject: Trusted OS/2 Workstation????? Ref: Append at 13:13:44 on 92/07/16 GMT (by UST1013 at OS2CUST) *** Long append *** There was an announcement today of a "Restricted Shell" for OS/2 2.0. Does it meet all or some of your needs? Here's the announcement: RESTRICTED WORKPLACE SHELL SERVICE OFFERING FOR OS/2 2.0. IBM United Kingdom announces an offering of software and services to assist customers who may wish to limit the ability of the end user to access and/or modify the OS/2 2.0 system or its interface. HIGHLIGHTS: ----------- OS/2 Version 2.0 provides an object-oriented user interface through its Workplace Shell. This interface conforms to the 1991 SAA CUA Workplace Environment guidelines, and provides great power and flexibility for the end user. However, in certain segments of the market, such power and flexibility is undesirable. Customers may wish to limit the ability of the end user to access and/or modify the system or its interface. This requirement is notable in finance and insurance industries. Additional components have been created to enable such restriction of the user interface. These components allow the user to carry out basic operations such as starting programs, printing, etc., while preventing the user from modifying the user interface, or modifying or deleting objects. These components are known collectively as the RESTRICTED SHELL. The Restricted Shell components operate as part of the Workplace Shell and have an identical 'look and feel' to the standard Workplace Shell objects. The Restricted Shell is offered to customers as a service offering made up of the following parts: o A set of basic components which enable restriction of the user interface. o A set of common capabilities which may be selectively applied to any or all of the basic components, to suit customer requirements. o Utilities which may be used to perform operations such as the removal of items from the Workplace Shell's Window List. o Customisation services, providing programming expertise to integrate these components and capabilities with the standard Workplace Shell environment, and to incorporate any additional customer requirements. CONTENTS: --------- The Restricted Shell package consists of the following basic components: o A PASSWORD PROTECTED FOLDER object class, which enables folders to be locked by the user, and only opened upon entry of the correct folder password. o A RESTRICTED PROGRAM object class, which enables objects to be created without a Settings view, to prevent a user from modifying the object's settings. o A REMOTE FOLDER object class which, upon being opened, performs a logon to a remote system and obtains user profile information, then populates itself according to that information. Each of these components consists of a number of subcomponents which can be disabled or modified to meet specific users' requirements. New subcomponents may also be added to further restrict the user's environment. Certain generic capabilities are also provided, which can be added to any of the components. The addition of such capabilities, and customisation of the components to meet specific customer requirements, is carried out as part of the customisation services which are included in this offering. Password Protected Folder ------------------------- The password protected folder object class (PWFolder) behaves in the same way as the standard folder object class (WPFolder) except for the following: o A password protected folder has an additional item 'Lock Folder' on its context menu. o When in the locked state, any attempt to open the folder results in the display of a password prompt. The user must enter the correct folder password before the 'open' operation may proceed. o The user is provided with visual indication of the locked state; the suffix is added to the folder title, and a different icon is displayed. A password protected folder may be created in the locked state, by supplying appropriate keywords in the setup string passed when creating the object. Remote Folder ------------- The remote folder object class (RemoteFolder) is similar to the standard folder object class (WPFolder), with the following exceptions: o Upon opening a folder, a logon dialog is presented to the user. When the user completes this dialog, the folder performs a LAN logon with the user-specified userid and password. o Once the logon is complete, the folder populates itself based on information stored in an ASCII file on the LAN server. o A LOGOFF item appears on the folder's context menu. When the user selects this item, the folder closes down any programs which have been started from within the folder or from other folders within the folder, deletes all its contents and redisplays the logon dialog box. The logon, logoff and self-population functions are designed as separate functions which are called from the object's methods. This approach allows these functions to be tailored to suit the individual environment of each customer installation. Such tailoring may form part of the customisation services included in this offering. This folder may also be used in a local (ie. not LAN- or host-connected) workstation environment, in conjunction with OS/2's user profile management facilities. In this way, the Restricted Shell can be used to provide access to a restricted set of objects for multiple users on the same workstation. Restricted Program ------------------ The restricted program object class (SecProg) behaves in the same way as the standard program object class (WPProgram) except for the following: o Only the OPEN submenu with the PROGRAM submenu item, and the HELP submenu are provided in an object's context menu. Therefore, the user cannot open a SETTINGS view of an object in order to modify the object's settings. o An object cannot be moved, copied, shadowed, renamed or deleted. o No entry for the secure program object class appears in the TEMPLATES folder. It is envisaged that secure program objects would be created within objects of the password protected folder or remote folder classes. Optional Capabilities --------------------- The object classes described above may be customised with the following optional capabilities, to suit specific customer requirements. FOLDERS The following optional capabilities may be applied to the remote folder and password protected folder object classes: o Restriction of the ability for the user to move, copy, shadow, rename or delete an object. o Ability to prevent the user moving or sizing a view. Note that this is restricted to the password protected folder and remote folder object classes only; the window created when a program object is opened is under the control of a different process, and cannot be directly controlled from within the Workplace Shell. o Ability to prevent the user maximizing or minimizing a view. This is also restricted as above. o Restriction of the ability to exit from a folder. This can simply be prevented in order to restrict the user to a single folder and its descendants, or exit can be password protected. o Removal of the SETTINGS view for an object. These capabilities can be added to the object classes as part of the customisation services provided under this offering. RESTRICTED PROGRAM The following optional capabilities may be added to the restricted program object class: o Restriction of the ability for the user to move, copy, shadow, rename or delete an object. o Removal of the SETTINGS view for an object. These capabilities can be added to the object classes as part of the customisation services provided under this offering. MISCELLANEOUS The following additional capabilities are supplied as utilities which may be run in the system, along with the object classes already described: o The ability to return the Workplace Shell to a default state upon system startup; that is, the previously running configuration is NOT restored at IPL-time. o A utility to selectively remove items from the Workplace Shell's Window List. o A LOGOFF object, which may be added to a remote folder class or placed on the desktop, for those customers who prefer logoff to be initiated from an icon rather than a context menu item. These capabilities can be added to the system as part of the customisation services provided under this offering. PLANNED AVAILABILITY: --------------------- This offering is available immediately. PRICES: ------- This offering will be priced by individual quote. This announcement was in the UK, but I believe it is available elsewhere to customers who want it. I have a contact if you're interested. Note that services are available to customize the restricted shell, if it doesn't entirely meet your needs.