127 lines
9.9 KiB
HTML
127 lines
9.9 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="IBM Java Generic Security Service (JGSS)" />
|
||
|
<meta name="abstract" content="The Java Generic Security Service (JGSS) provides a generic interface for authentication and secure messaging. Under this interface you can plug a variety of security mechanisms based on secret-key, public-key, or other security technologies." />
|
||
|
<meta name="description" content="The Java Generic Security Service (JGSS) provides a generic interface for authentication and secure messaging. Under this interface you can plug a variety of security mechanisms based on secret-key, public-key, or other security technologies." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="http://java.sun.com/j2se/1.4/docs/guide/security/" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="http://www.ietf.org/rfc/rfc2743.txt" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="http://www.ietf.org/rfc/rfc2853.txt" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="http://www.opengroup.org/tech/rfc/rfc5.2.html" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="security.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="securmod.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahajce.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahajssemain.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="jaasbase.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahajgssconcept.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahajgsscfgmain.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahajgssuse.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahajgssdev.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahajgssdebug.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahajgsssamp.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahajgssjavadoc.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzahajgssover" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>IBM Java Generic
|
||
|
Security Service (JGSS)</title>
|
||
|
</head>
|
||
|
<body id="rzahajgssover"><a name="rzahajgssover"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">IBM Java Generic
|
||
|
Security Service (JGSS)</h1>
|
||
|
<div><p>The Java™ Generic Security Service (JGSS) provides a generic
|
||
|
interface for authentication and secure messaging. Under this interface you
|
||
|
can plug a variety of security mechanisms based on secret-key, public-key,
|
||
|
or other security technologies.</p>
|
||
|
<p>By abstracting the complexity and peculiarities of the underlying security
|
||
|
mechanisms to a standardized interface, JGSS provides the following benefits
|
||
|
to the development of secure networking applications: </p>
|
||
|
<ul><li>You can develop the application to a single abstract interface</li>
|
||
|
<li>You can use the application with different security mechanisms without
|
||
|
any changes</li>
|
||
|
</ul>
|
||
|
<p>JGSS defines the Java bindings for the Generic Security Service
|
||
|
Application Programming Interface (GSS-API), which is a cryptographic API
|
||
|
that has been standardized by the Internet Engineering Task Force (IETF) and
|
||
|
adopted by the X/Open Group.</p>
|
||
|
<p>The IBM<sup>®</sup> implementation
|
||
|
of JGSS is called IBM JGSS. IBM JGSS is an implementation of the GSS-API
|
||
|
framework that uses Kerberos V5 as the default underlying security system.
|
||
|
It also features a Java Authentication and Authorization Service
|
||
|
(JAAS) login module for creating and using Kerberos credentials. In addition,
|
||
|
you can have JGSS perform JAAS authorization checks when you use those credentials.</p>
|
||
|
<p>IBM JGSS
|
||
|
includes a native iSeries™ JGSS provider, a Java JGSS provider, and Java versions
|
||
|
of the Kerberos credential managerment tools (kinit, ktab, and klist).</p>
|
||
|
<div class="note"><span class="notetitle">Note:</span> The native iSeries JGSS
|
||
|
provider uses the native iSeries Network Authentication Services (NAS) library.
|
||
|
When you use the native provider, you must use the native iSeries Kerberos
|
||
|
utilities. For more information, see <a href="rzahajgsscfg15.htm">JGSS
|
||
|
providers </a>.</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<ul class="ullinks">
|
||
|
<li class="ulchildlink"><strong><a href="rzahajgssconcept.htm">JGSS concepts</a></strong><br />
|
||
|
JGSS operations consist of four distinct stages, as standardized by the Generic Security Service Application Programming Interface (GSS-API).</li>
|
||
|
<li class="ulchildlink"><strong><a href="rzahajgsscfgmain.htm">Configuring your iSeries server to use IBM JGSS</a></strong><br />
|
||
|
How you configure your iSeries server to use JGSS depends on
|
||
|
which version of the Java 2 Software Development Kit (J2SDK)
|
||
|
that you run on your server.</li>
|
||
|
<li class="ulchildlink"><strong><a href="rzahajgssuse.htm">Running IBM JGSS applications</a></strong><br />
|
||
|
The IBM Java Generic
|
||
|
Security Service (JGSS) API 1.0 shields secure applications from the complexities
|
||
|
and peculiarities of the different underlying security mechanisms. JGSS uses
|
||
|
features provided by Java Authentication and Authorization Service
|
||
|
(JAAS) and IBM Java Cryptography
|
||
|
Extension (JCE).</li>
|
||
|
<li class="ulchildlink"><strong><a href="rzahajgssdev.htm">Developing IBM JGSS applications</a></strong><br />
|
||
|
Use JGSS to develop secure applications. Learn about generating transport tokens, creating JGSS objects, establishing context, and more.</li>
|
||
|
<li class="ulchildlink"><strong><a href="rzahajgssdebug.htm">Debugging</a></strong><br />
|
||
|
When you are trying to identify JGSS problems, use the JGSS debugging capability to produce helpful categorized messages.</li>
|
||
|
<li class="ulchildlink"><strong><a href="rzahajgsssamp.htm">Samples: IBM Java Generic Security Service (JGSS)</a></strong><br />
|
||
|
The IBM Java Generic
|
||
|
Security Service (JGSS) sample files include client and server programs, configuration
|
||
|
files, policy files, and javadoc reference information. Use the sample programs
|
||
|
to test and verify your JGSS setup.</li>
|
||
|
<li class="ulchildlink"><strong><a href="rzahajgssjavadoc.htm">IBM JGSS javadoc reference information</a></strong><br />
|
||
|
The javadoc reference information for IBM JGSS includes classes and methods in
|
||
|
the org.ietf.jgss api package and the Java versions of some Kerberos credential
|
||
|
management tools.</li>
|
||
|
</ul>
|
||
|
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="security.htm" title="This topic provides details on adopted authority and explains how you can use SSL to make socket streams secure in your Java application.">Java security</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="securmod.htm" title="You can download Java applets from any system; thus, security mechanisms exist within the Java virtual machine to protect against malicious applets. The Java runtime system verifies the bytecodes as the Java virtual machine loads them. This ensures that they are valid bytecodes and that the code does not violate any of the restrictions that the Java virtual machine places on Java applets.">Java security model</a></div>
|
||
|
<div><a href="rzahajce.htm" title="The Java Cryptography Extension (JCE) 1.2 is a standard extension to the Java 2 Software Development Kit (J2SDK), Standard Edition. The JCE implementation on an iSeries server is compatible with the implementation of Sun Microsystems, Inc. This documentation covers the unique aspects of the iSeries implementation.">Java Cryptography Extension</a></div>
|
||
|
<div><a href="rzahajssemain.htm" title="The Java Secure Socket Extension (JSSE) is the Java implementation of the Secure Sockets Layer (SSL) protocol. JSSE uses SSL and the Transport Layer Security (TLS) protocol to enable clients and servers to conduct secure communications over TCP/IP.">Java Secure Socket Extension</a></div>
|
||
|
<div><a href="jaasbase.htm" title="The Java Authentication and Authorization Service (JAAS) is a standard extension to the Java 2 Software Development Kit (J2SDK), Standard Edition. J2SDK provides access controls that are based on where the code originated and who signed the code (code source-based access controls). It lacks, however, the ability to enforce additional access controls based on who runs the code. JAAS provides a framework that adds this support to the Java 2 security model.">Java Authentication and Authorization Service</a></div>
|
||
|
</div>
|
||
|
|
||
|
<div class="linklist">
|
||
|
<div><a href="http://java.sun.com/j2se/1.4/docs/guide/security/" target="_blank">J2SDK Security enhancement from Sun Microsystems,
|
||
|
Inc.</a></div>
|
||
|
<div><a href="http://www.ietf.org/rfc/rfc2743.txt" target="_blank">Internet Engineering Task Force (IETF) RFC 2743 Generic Security
|
||
|
Services Application Programming Interface Version 2, Update 1</a></div>
|
||
|
<div><a href="http://www.ietf.org/rfc/rfc2853.txt" target="_blank">IETF RFC 2853 Generic Security Service API Version 2: Java Bindings</a></div>
|
||
|
<div><a href="http://www.opengroup.org/tech/rfc/rfc5.2.html" target="_blank">The X/Open Group GSS-API Extensions for DCE</a></div></div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|