JGSS concepts
JGSS operations consist of four distinct stages, as standardized by the Generic Security Service Application Programming Interface (GSS-API).
The stages are as follows:
- Gathering of credentials for principals.
- Creating and establishing a security context between the communicating peer principals.
- Exchanging secure messages between the peers.
- Cleaning up and releasing resources.
Additionally, JGSS leverages the Java™ Cryptographic Architecture to offer seamless pluggability of different security mechanisms.
Use the following links to read high-level descriptions of these important JGSS concepts.
- JGSS principals and credentials
The identity under which an application engages in JGSS secure communication with a peer is called a principal. A principal may be a real user or an unattended service. A principal acquires security mechanism-specific credentials as proof of identity under that mechanism.
- JGSS context establishment
Having acquired security credentials, the two communicating peers establish a security context using their credentials. Although the peers establish a single joint context, each peer maintains its own local copy of the context. Context establishment involves the initiating peer authenticating itself to the accepting peer. The initiator optionally may request mutual authentication, in which case the acceptor authenticates itself to the initiator.
- JGSS message protection and exchange
Following context establishment, the two peers are ready to engage in secure message exchanges. The originator of the message calls on its local GSS-API implementation to encode the message, which ensures message integrity and, optionally, message confidentiality. The application then transports the resulting token to the peer.
- Resource cleanup and release
In order to free up resources, a JGSS application deletes a context that is no longer needed. Although a JGSS application can access a deleted context, any attempt to use it for message exchange results in an exception.
- Security mechanisms
The GSS-API consists of an abstract framework over one or more underlying security mechanisms. How the framework interacts with the underlying security mechanisms is implementation specific.
Parent topic:
IBM Java Generic Security Service (JGSS)
Related concepts
Configuring your server to use IBM JGSS Running IBM JGSS applications Developing IBM JGSS applications JGSS debugging Samples: IBM Java Generic Security Service (JGSS)