The Java Security API allows developers to incorporate both low-level and high-level security functionality into their Java applications. The first release of Java Security in JDK 1.1 contains a subset of this functionality, including APIs for digital signatures and message digests. In addition, there are abstract interfaces for key management, certificate management and access control. Specific APIs to support X.509 v3 certificates and other certificate formats, and richer functionality in the area of access control, will follow in subsequent JDK releases.Security GuidesJDK 1.1 also provides a tool named
javakey
, which is used to sign Java ARchive (JAR) files. A JAR file is a Java archive that can contain Java classes and other data, such as images and sounds. The appletviewer allows any downloaded applets in JAR files signed (using the tool) by a trusted entity to run with the same full rights as local applications. That is, such applets are not subject to the sandbox restrictions of the Java security model. Note that the appletviewer is a debugging aid for people experimenting with digital signature technology, and people writing applets; it is not a browser that people typically use for browsing the World Wide Web. JavaSoft is committed to the safety and security features that people have come to expect from the Java security model and the sandbox.Subsequent releases of the JDK will provide ways for you to externally configure policy files for fine-grain access control. The security page has a copy of JavaSoft Security Architect Li Gong's slides from JavaOne that describe the direction we are headed, as well as a one-page handout that summarizes coming features.
There is some confusion abroad in the land about the distinction between fine-grain access control implemented on top of the sandbox, and, a binary trusted/not-trusted model. The two models are quite different. It is possible with the Java sandbox to implement fine-grain access control because such access can be safely controlled in the context of the sandbox. It is not possible in some C/C++ based embedded content models to implement secure fine-grain access control -- the only option open to some of these systems is a binary trusted/not-trusted model. Check out the Java security page and our hypermail Q &A for more information.