Security: Resources for learning

Use the following links to find relevant supplemental information about Securing applications and their environment. The information resides on IBM and non-IBM Internet sites, whose sponsors control the technical accuracy of the information.

These links are provided for convenience. Often, the information is not specific to the IBM WebSphere Application Server, but is useful in all or part for understanding the product. When possible, links are provided to technical papers and IBM Redbooks that supplement the broad coverage of the release documentation with in-depth examinations of particular product areas.

View links to additional information about:

• Plan, business scenarios and IT architecture
• Programming model and decisions
• Programming specifications
• Administration

Plan, business scenarios and IT architecture

• WAS Library
• WAS Support
• WAS v6 Security
• Accessing the samples

  The technology sample in the WAS Samples Gallery contains several security-related samples including the form login sample and the JAAS login sample.

• WAS security: Presentation series
• (iSeries) AS/400 Tips and Tools for Securing your AS/400, SC41-5300

  This book provides a set of practical suggestions for using the security features and for establishing operating procedures that are security-conscious.

• (iSeries) OS/400 Security Reference, SC41-5302

  This book provides information about planning, setting up, managing, and auditing security. It describes all the features of security on the system and discusses how security features relate to other aspects of the system, such as work management, backup and recovery, and application design.

Programming model and decisions

• IBM Software Development Kit resource packages and documentation

  This website contains documentation, example code, and ancillary files relating to the IBM Software Development Kits (SDK). We can obtain information about the IBM implementation of JSSE, Java Cryptography Extension (JCE), Java Generic Security Services (JGSS), iKeyman, and so on.

• Java 2 security documentation for z/OS
• Federated Identity Management and Web Services Security with IBM Tivoli Security Solutions

Programming specifications

• J2EE Specifications
• EJB Specifications
• Servlet Specifications
• CSIv2 Specification

• (iSeries) JAAS Specification.

  For programming and usage in JAAS, refer to the specification located at http://www.ibm.com/developerworks/java/jdk/security/ and scroll down to find the JAAS documentation for our platform. This document contains the following when unpacked:

  • login.html - LoginModule Developer's Guide
  • api.html - Developer's Guide (JAAS JavaDoc)
  • HelloWorld.tar - Sample JAAS Application

• Java 2 Platform, Standard Edition, v5.0 API Specification
• Java Authorization Contract for Containers (JSR 115) Specification
• Java Authentication Service Provider Interface for Containers (JSR 196) Specification
• The Kerberos Network Authentication Service Version 5
• The Simple and Protected GSS-API Negotiation Mechanism
• Kerberos: The Network Authentication Protocol

Administration

• WAS v6: Security Handbook

  This is a redpiece or a draft version of WAS v6 Security handbook. It is designed to help programmers, administrators, and architects understand the features available in WAS v6.

  WAS V6 Migration Guide

• z/OS WAS v5 and J2EE 1.3 Security Handbook

  This book is designed to help application programmers, security administrators, and application and network architects understand the features provided by WAS v5.x on the z/OS platform.

• IBM WebSphere v5.0 Security

  This book provides an overview of WAS v5 Security, including J2EE security and programmatic security techniques. It also provides information about end-to-end security solutions that include WAS v5 as part of an e-business solution.

• (iSeries) AS/400 Internet Security: Protecting Your AS/400 from HARM in the Internet, SG24-4929-00

  This document describes what we need to know about security and how the different security elements fit together. This book explains the comprehensive security options available to secure the system and data.

• (iSeries) HTTP Server (powered by Apache): An Integrated Solution for IBM iSeries Servers, SG24-6716-00

  This book is designed to help us plan, install, configure, troubleshoot, and understand the HTTP Server (powered by Apache) running on the server. The book explains how to configure the HTTP server for basic authentication, access control and SSL. The document also explains the steps to implement a web application using Java and WAS.

• IBM HTTP Server Support and Documentation
• IBM Directory Server Support and Documentation
• IBM developer kits

  This website provides access to the IBM developer kits provided by the IBM Centre for Java Technology Development. Using this website, we can find various security and diagnostic information including information on the Federal Information Processing Standard, Java Version 1.4.1, Java Version 1.4.2, the iKeyman tool, and the Public Key Cryptography Standards (PKCS).

• IBM cryptographic hardware devices
• IBM Education Assistant
• Understanding LDAP - Design and Implementation
• WebSphere security fundamentals

• z/OS 1.6 Security Services Update
• Advanced authentication in WAS
• (iSeries) WAS for iSeries V6: Building Advanced Configurations

Related:

Overview: Securing

Task overview: Securing resources