IBM Java Generic Security Service (JGSS)

The Java™ Generic Security Service (JGSS) provides a generic interface for authentication and secure messaging. Under this interface you can plug a variety of security mechanisms based on secret-key, public-key, or other security technologies.

By abstracting the complexity and peculiarities of the underlying security mechanisms to a standardized interface, JGSS provides the following benefits to the development of secure networking applications:

• You can develop the application to a single abstract interface
• You can use the application with different security mechanisms without any changes

JGSS defines the Java bindings for the Generic Security Service Application Programming Interface (GSS-API), which is a cryptographic API that has been standardized by the Internet Engineering Task Force (IETF) and adopted by the X/Open Group.

The IBM^® implementation of JGSS is called IBM JGSS. IBM JGSS is an implementation of the GSS-API framework that uses Kerberos V5 as the default underlying security system. It also features a Java Authentication and Authorization Service (JAAS) login module for creating and using Kerberos credentials. In addition, you can have JGSS perform JAAS authorization checks when you use those credentials.

IBM JGSS includes a native iSeries™ JGSS provider, a Java JGSS provider, and Java versions of the Kerberos credential managerment tools (kinit, ktab, and klist).

• JGSS concepts
  JGSS operations consist of four distinct stages, as standardized by the Generic Security Service Application Programming Interface (GSS-API).
• Configuring your iSeries server to use IBM JGSS
  How you configure your iSeries server to use JGSS depends on which version of the Java 2 Software Development Kit (J2SDK) that you run on your server.
• Running IBM JGSS applications
  The IBM Java Generic Security Service (JGSS) API 1.0 shields secure applications from the complexities and peculiarities of the different underlying security mechanisms. JGSS uses features provided by Java Authentication and Authorization Service (JAAS) and IBM Java Cryptography Extension (JCE).
• Developing IBM JGSS applications
  Use JGSS to develop secure applications. Learn about generating transport tokens, creating JGSS objects, establishing context, and more.
• Debugging
  When you are trying to identify JGSS problems, use the JGSS debugging capability to produce helpful categorized messages.
• Samples: IBM Java Generic Security Service (JGSS)
  The IBM Java Generic Security Service (JGSS) sample files include client and server programs, configuration files, policy files, and javadoc reference information. Use the sample programs to test and verify your JGSS setup.
• IBM JGSS javadoc reference information
  The javadoc reference information for IBM JGSS includes classes and methods in the org.ietf.jgss api package and the Java versions of some Kerberos credential management tools.