Security: Resources for learning

Use the following links to find relevant supplemental information about Securing applications and their environment. The information resides on IBM and non-IBM Internet sites, whose sponsors control the technical accuracy of the information.

These links are provided for convenience. Often, the information is not specific to the IBM WAS product, but is useful in all or part for understanding the product. When possible, links are provided to technical papers and Redbooks that supplement the broad coverage of the release documentation with in-depth examinations of particular product areas.

View links to additional information about:

• Planning, business scenarios and IT architecture

• Programming model and decisions

• Programming specifications

• Administration

 

Planning, business scenarios and IT architecture

• WebSphere Application Server Library

• WebSphere Application Server Support

• WebSphere Application Server V5 Security Redbook

• Accessing the Samples (Samples Gallery)

  The technology sample in the WAS Samples Gallery contains several security-related samples including the form login sample and the Java Authentication and Authorization Service (JAAS) login sample.

• WebSphere Application Server security: Presentation series

• WebSphere Application Server V5 advanced security and system hardening

 

Programming model and decisions

• Sun Java Secure Socket Extension (JSSE) documentation:

  Refer to http://www-106.ibm.com/developerworks/websphere/library/techarticles/0403_yu/0403_yu.html?ca=dnp-314#IDACKF3B for information on setting up WAS using Sun Java Secure Socket Extension (JSSE) at runtime.

• Java Secure Socket Extension (JSSE) documentation:

  Refer to the http://www.ibm.com/developerworks/java/jdk/security/jsseDocs.zip file for the Javadoc of the APIs, JSSE Reference Guide, and JSSE samples.

• iKeyman documentation:

  Look in the http://www.ibm.com/developerworks/java/jdk/security/iKeymanDocs.zip file for the SSL introduction and iKeyman documentation.

• Java Cryptography Extension (JCE) documentation:

  • For Java Cryptography Architecture (JCA) specification and JCE API usage information, refer to the http://www.ibm.com/developerworks/java/jdk/security/jceDocs.zip file.

  • For information about JCE sample applications, refer to the http://www.ibm.com/developerworks/java/jdk/security/jceDocs.zip file.

  • For JCA reference information, refer to thehttp://www.ibm.com/developerworks/java/jdk/security/jceDocs.zip file.

  • For how to implement a JCE provider refer to the http://www.ibm.com/developerworks/java/jdk/security/jceDocs.zip file.

  • For the Javadoc of JCE APIs refer to the http://www.ibm.com/developerworks/java/jdk/security/jceDocs.zip file.

  • For the 1.4.2 release of the IBM developer kit for the Java platform refer to the http://www-106.ibm.com/developerworks/java/library/j-ibmsecurity.html file.

 

Programming specifications

• J2EE Specifications

• EJB Specifications

• Servlet Specifications

• CSIv2 (CSIv2) Specification

• JAAS Specification.

  For programming and usage in JAAS, refer to the specification located at http://www.ibm.com/developerworks/java/jdk/security/ and scroll down to find the JAAS documentation for your platform. This document contains the following when unpacked:

  • login.html - LoginModule Developer's Guide

  • api.html - Developer's Guide (JAAS JavaDoc)

  • HelloWorld.tar - Sample JAAS Application

• Java 2 Platform, Standard Edition, v 1.4.2 API Specification

• Java Authorization Contract for Containers (JSR 115) Specification

 

Administration

• WebSphere Application Server V6: Security Handbook

  This is a redpiece or a draft version of WAS V6 Security handbook. It is designed to help programmers, administrators, and architects understand the features available in WebSphere Application Server V6.

• IBM WebSphere V5.0 Security

• IBM WebSphere V4.0 Advanced Edition Security

• IBM HTTP Server Support and Documentation

• IBM Directory Server Support and Documentation

• IBM developer kits

  This Web site provides access to the IBM developer kits provided by the IBM Centre for Java Technology Development. Using this Web site, one can find various security and diagnostic information including information on the Federal Information Processing Standard, Java V1.4.1, Java V1.4.2, the iKeyman tool, and the Public Key Cryptography Standards (PKCS).

• IBM cryptographic hardware devices

• Supported hardware, software and APIs prerequisite Web site

• IBM Education Assistant

• Understanding LDAP - Design and Implementation

• WebSphere security fundamentals

• WebSphere Application Server V6 Migration Guide

 

---