ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaha_5.4.0.1/rzahajgssconcept.htm

91 lines
8.0 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="JGSS concepts" />
<meta name="abstract" content="JGSS operations consist of four distinct stages, as standardized by the Generic Security Service Application Programming Interface (GSS-API)." />
<meta name="description" content="JGSS operations consist of four distinct stages, as standardized by the Generic Security Service Application Programming Interface (GSS-API)." />
<meta name="DC.Relation" scheme="URI" content="rzahajgssover.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgsscfgmain.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssuse.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssdev.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssdebug.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgsssamp.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssjavadoc.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssconcept10.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssconcept20.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssconcept30.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssconcept40.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssconcept50.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahajgssconcept" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>JGSS concepts</title>
</head>
<body id="rzahajgssconcept"><a name="rzahajgssconcept"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">JGSS concepts</h1>
<div><p>JGSS operations consist of four distinct stages, as standardized
by the Generic Security Service Application Programming Interface (GSS-API).</p>
<p>The stages are as follows:</p>
<ol><li>Gathering of credentials for principals.</li>
<li>Creating and establishing a security context between the communicating
peer principals.</li>
<li>Exchanging secure messages between the peers.</li>
<li>Cleaning up and releasing resources.</li>
</ol>
<p>Additionally, JGSS leverages the Java™ Cryptographic Architecture to offer
seamless pluggability of different security mechanisms.</p>
<p>Use the following links to read high-level descriptions of these important
JGSS concepts.</p>
<ul><li><a href="rzahajgssconcept10.htm">Principals and credentials</a></li>
<li><a href="rzahajgssconcept20.htm">Context establishment</a></li>
<li><a href="rzahajgssconcept30.htm">Message protection and exchange</a></li>
<li><a href="rzahajgssconcept40.htm">Resource cleanup and release</a></li>
<li><a href="rzahajgssconcept50.htm">Security mechanisms</a></li>
</ul>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzahajgssconcept10.htm">Principals and credentials</a></strong><br />
The identity under which an application engages in JGSS secure communication with a peer is called a principal. A principal may be a real user or an unattended service. A principal acquires security mechanism-specific credentials as proof of identity under that mechanism.</li>
<li class="ulchildlink"><strong><a href="rzahajgssconcept20.htm">Context establishment</a></strong><br />
Having acquired security credentials, the two communicating peers establish a security context using their credentials. Although the peers establish a single joint context, each peer maintains its own local copy of the context. Context establishment involves the initiating peer authenticating itself to the accepting peer. The initiator optionally may request mutual authentication, in which case the acceptor authenticates itself to the initiator.</li>
<li class="ulchildlink"><strong><a href="rzahajgssconcept30.htm">Message protection and exchange</a></strong><br />
Following context establishment, the two peers are ready to engage in secure message exchanges. The originator of the message calls on its local GSS-API implementation to encode the message, which ensures message integrity and, optionally, message confidentiality. The application then transports the resulting token to the peer.</li>
<li class="ulchildlink"><strong><a href="rzahajgssconcept40.htm">Resource cleanup and release</a></strong><br />
In order to free up resources, a JGSS application deletes a context that is no longer needed. Although a JGSS application can access a deleted context, any attempt to use it for message exchange results in an exception.</li>
<li class="ulchildlink"><strong><a href="rzahajgssconcept50.htm">Security mechanisms</a></strong><br />
The GSS-API consists of an abstract framework over one or more underlying security mechanisms. How the framework interacts with the underlying security mechanisms is implementation specific.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahajgssover.htm" title="The Java Generic Security Service (JGSS) provides a generic interface for authentication and secure messaging. Under this interface you can plug a variety of security mechanisms based on secret-key, public-key, or other security technologies.">IBM Java Generic Security Service (JGSS)</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzahajgsscfgmain.htm" title="How you configure your iSeries server to use JGSS depends on which version of the Java 2 Software Development Kit (J2SDK) that you run on your server.">Configuring your iSeries server to use IBM JGSS</a></div>
<div><a href="rzahajgssuse.htm" title="The IBM Java Generic Security Service (JGSS) API 1.0 shields secure applications from the complexities and peculiarities of the different underlying security mechanisms. JGSS uses features provided by Java Authentication and Authorization Service (JAAS) and IBM Java Cryptography Extension (JCE).">Running IBM JGSS applications</a></div>
<div><a href="rzahajgssdev.htm" title="Use JGSS to develop secure applications. Learn about generating transport tokens, creating JGSS objects, establishing context, and more.">Developing IBM JGSS applications</a></div>
<div><a href="rzahajgssdebug.htm" title="When you are trying to identify JGSS problems, use the JGSS debugging capability to produce helpful categorized messages.">Debugging</a></div>
<div><a href="rzahajgsssamp.htm" title="The IBM Java Generic Security Service (JGSS) sample files include client and server programs, configuration files, policy files, and javadoc reference information. Use the sample programs to test and verify your JGSS setup.">Samples: IBM Java Generic Security Service (JGSS)</a></div>
</div>
<div class="relref"><strong>Related reference</strong><br />
<div><a href="rzahajgssjavadoc.htm" title="The javadoc reference information for IBM JGSS includes classes and methods in the org.ietf.jgss api package and the Java versions of some Kerberos credential management tools.">IBM JGSS javadoc reference information</a></div>
</div>
</div>
</body>
</html>