The Java Security API allows developers to incorporate
both low-level and high-level security functionality into their Java
applications. The first release of Java Security in JDK 1.1 contains
a subset of this functionality, including APIs for digital signatures
and message digests. In addition, there are abstract interfaces for
key management, certificate management and access control. Specific
APIs to support X.509 v3 certificates and other certificate formats,
and richer functionality in the area of access control, will follow in
subsequent JDK releases.
JDK 1.1 also provides a tool named javakey, which is
used to sign Java ARchive (JAR) files. A JAR file is a Java archive
that can contain Java classes and other data, such as images and
sounds. The appletviewer allows any downloaded applets in JAR files
signed (using the tool) by a trusted entity to run with the same full
rights as local applications. That is, such applets are not subject to
the sandbox restrictions of the Java security model. Note that the
appletviewer is a debugging aid for people experimenting with digital
signature technology, and people writing applets; it is not a browser
that people typically use for browsing the World Wide Web. JavaSoft
is committed to the safety and security features that people have come
to expect from the Java security model and the sandbox.
Subsequent releases of the JDK will provide ways for you to externally
configure policy files for fine-grain access control. The security page has a copy of
JavaSoft Security Architect Li Gong's slides
from JavaOne that describe the direction we are headed, as well as
a one-page handout that
summarizes coming features.
There is some confusion abroad in the land about the distinction
between fine-grain access control implemented on top of the sandbox,
and, a binary trusted/not-trusted model. The two models are quite
different. It is possible with the Java sandbox to implement
fine-grain access control because such access can be safely
controlled in the context of the sandbox. It is not possible in some
C/C++ based embedded content models to implement secure fine-grain
access control -- the only option open to some of these systems is a binary
trusted/not-trusted model. Check out the Java security page and our hypermail
Q &A for more information.
The hypermail Q
& A archive, for questions sent to the java-security@java.sun.com mailing list.
Note that this mailing list is not a subscription list, but a one-way
channel for sending questions to the Java team.