Security: Resources for learning
Use the following links to find relevant supplemental information about Securing applications and their environment. The information resides on IBM and non-IBM Internet sites, whose sponsors control the technical accuracy of the information.
These links are provided for convenience. Often, the information is not specific to the IBM WebSphere Application Server, but is useful in all or part for understanding the product. When possible, links are provided to technical papers and IBM Redbooks that supplement the broad coverage of the release documentation with in-depth examinations of particular product areas.
View links to additional information about:
- Planning, business scenarios and IT architecture
- Programming model and decisions
- Programming specifications
- Administration
- #rsecinteover/ad_tutor
Planning, business scenarios and IT architecture
- WebSphere Application Server Library
- WebSphere Application Server Support
- WAS v6 Security
- Access the samples
The technology sample in the WAS Samples Gallery contains several security-related samples including the form login sample and the JAAS login sample.
- WAS security: Presentation series
- (iseries) AS/400 Tips and Tools for Securing the AS/400, SC41-5300
This book provides a set of practical suggestions for using the security features and for establishing operating procedures that are security-conscious.
- (iseries) OS/400 Security Reference, SC41-5302
This book provides information about planning, setting up, managing, and auditing security. It describes all the features of security on the system and discusses how security features relate to other aspects of the system, such as work management, backup and recovery, and application design.
Programming model and decisions
- IBM Software Development Kit resource packages and documentation
This website contains documentation, example code, and ancillary files relating to the IBM Software Development Kits (SDK). We can obtain information about the IBM implementation of Java Secure Sockets Extension (JSSE), Java Cryptography Extension (JCE), Java Generic Security Services (JGSS), iKeyman, and so on.
- (zos) Java 2 security documentation for z/OS
- Federated Identity Management and Web Services Security with IBM Tivoli Security Solutions
Programming specifications
- J2EE Specifications
- EJB Specifications
- Servlet Specifications
- CSIv2 (CSIv2) Specification
- JAAS Specification.
For programming and usage in JAAS, refer to the specification located at http://www.ibm.com/developerworks/java/jdk/security/ and scroll down to find the JAAS documentation for the platform. This document contains the following when unpacked:
- login.html - LoginModule Developer's Guide
- api.html - Developer's Guide (JAAS JavaDoc)
- HelloWorld.tar - Sample JAAS Application
- Java 2 Platform, Standard Edition, v5.0 API Specification
- Java Authorization Contract for Containers (JSR 115) Specification
- Java Authentication Service Provider Interface for Containers (JSR 196) Specification
- The Kerberos Network Authentication Service Version 5
- The Simple and Protected GSS-API Negotiation Mechanism
- Kerberos: The Network Authentication Protocol
Administration
- WAS v6: Security Handbook
This is a redpiece or a draft version of WAS v6 Security handbook. It is designed to help programmers, administrators, and architects understand the features available in WAS v6. WebSphere Application Server V6 Migration Guide
- (zos) z/OS WebSphere Application Server Version 5 and J2EE 1.3 Security Handbook
This book is designed to help application programmers, security administrators, and application and network architects understand the features provided by WebSphere Application Server Version 5.x on the z/OS platform.
- IBM WebSphere Version 5.0 Security
This book provides an overview of WAS Version 5 Security, including J2EE security and programmatic security techniques. It also provides information about end-to-end security solutions that include WebSphere Application Server Version 5 as part of an e-business solution.
- (iseries) AS/400 Internet Security: Protecting Your AS/400 from HARM in the Internet, SG24-4929-00
This document describes what we need to know about security and how the different security elements fit together. This book explains the comprehensive security options that are available to secure the system and data.
- (iseries) HTTP Server (powered by Apache): An Integrated Solution for IBM iSeries Servers, SG24-6716-00
This book is designed to help plan, install, configure, troubleshoot, and understand the HTTP Server (powered by Apache) running on the server. The book explains how to configure the HTTP server for basic authentication, access control and SSL. The document also explains the steps to implement a web application using Java and WebSphere Application Server.
- IBM HTTP Server Support and Documentation
- IBM Directory Server Support and Documentation
- IBM developer kits
This website provides access to the IBM developer kits provided by the IBM Centre for Java Technology Development. Using this website, we can find various security and diagnostic information including information on the Federal Information Processing Standard, Java Version 1.4.1, Java Version 1.4.2, the iKeyman tool, and the Public Key Cryptography Standards (PKCS).
- IBM cryptographic hardware devices
- IBM Education Assistant
- Understand LDAP - Design and Implementation
- WebSphere security fundamentals
- (iseries)
- Digital certificate management
Digital Certificate Manager (DCM) is a feature that centrally manages certificates for the applications.
- IBM HTTP Server for iSeries
Information for this topic applies to HTTP Server, which is powered by Apache.
- Security and Directory Services
Read this information to understand e-business security and Directory Services offerings.
- (zos) z/OS 1.6 Security Services Update
- Advanced authentication in WebSphere Application Server
- (iseries) WebSphere Application Server for iSeries V6: Building Advanced Configurations
Related concepts
Overview: Securing
Related tasks
Task overview: Securing resources