IBM Skip to main content
  Home     Products & services     Support & downloads     My account  
  Select a country  
Journals Home  
  Systems Journal  
  ·  Current Issue  
  ·  Recent Issues  
  ·  Papers in Progress  
  ·  Search/Index  
  ·  Orders  
  ·  Description  
  ·  Author's Guide  
Journal of Research
and Development
  Staff  
  Contact Us  
sj head  
Volume 40, Number 1, 2001
Technology for e-business
 Table of contents: arrowHTML arrowPDF arrowASCII   This article: arrowHTML arrowPDF arrowASCII arrowCopyright info
   

Security challenges for Enterprise Java in an e-business environment - References

by L. Koved, A. Nadalin, N. Nagaratnam, M. Pistoia, and T. Shrader

Cited references and notes

  1. J. Hunter and W. Crawford, Java Servlet Programming, O'Reilly & Associates, Sebastapol, CA (1998).
  2. B. Shannon, M. Hapner, V. Matena, J. Davidson, E. Pelegri-Llopart, and L. Cable, Java 2 Platform, Enterprise Edition: Platform and Component Specifications, Addison-Wesley Publishing Co., Reading, MA (2000).
  3. A. Goldberg and D. Robson, Smalltalk-80: The Language and Its Implementation, Addison-Wesley Publishing Co., Reading, MA (1983).
  4. G. Krasner, Smalltalk-80: Bits of History, Words of Advice, Addison-Wesley Publishing Co., Reading, MA (1983).
  5. Acronym definitions: LDAP is Lightweight Directory Access Protocol; RACF is Resource Access Control Facility.
  6. EJB 1.1 specification, http://java.sun.com/products/ejb/.
  7. R. Monson-Haefel, Enterprise JavaBeans, O'Reilly & Associates, Sebastapol, CA (1999).
  8. Java Naming and Directory Interface specifications, http://java.sun.com/products/jndi/.
  9. CORBA security specification, http://www.omg.org.
  10. B. Blakley, CORBA Security: An Introduction to Safe Computing with Objects, Addison-Wesley Publishing Co., Reading, MA (1999).
  11. Java language mapping to Object Management Group's Interface Definition Language, http://www.omg.org/technology/documents/formal/
    java_language_mapping_to_omg_idl.htm    .
  12. RMI over IIOP, http://java.sun.com/products/rmi-iiop/.
  13. OMG Common Secure Interoperability, version 2 specifications, http://www.omg.org/.
  14. WebSphere security overview, http://www-4.ibm.com/software/webservers/appserv/security.pdf.
  15. N. Nagaratnam and D. Lea, “Secure Delegation for Distributed Object Environments,” Proceedings, USENIX Conference on Object-Oriented Technologies and Systems, Santa Fe, NM (April 27­30, 1998), pp. 101­116.
  16. N. Nagaratnam, Practical Delegation for Secure Distributed Object Environments, Ph.D. dissertation, computer engineering degree program, Syracuse University (April 1998).
  17. M. Pistoia, D. F. Reller, D. Gupta, M. Nagnur, and A. K. Ramani, Java 2 Network Security, Prentice Hall, Englewood Cliffs, NJ (2000).
  18. L. Gong, Inside Java 2 Platform Security: Architecture, API Design, and Implementation, Addison-Wesley Publishing Co., Reading, MA (1999).
  19. V. Samar and C. Lai, “Making Login Services Independent of Authentication Technologies,” http://java.sun.com/security/jaas/doc/pam.html.
  20. GSS-API Security Attribute and Delegation Extensions, The Open Group.
  21. RFC 2222, Simple Authentication and Security Layer (SASL).
  22. N. Nagaratnam, B. Maso, and A. Srinivasan, Java Networking and AWT API SuperBible: The Comprehensive Reference for the Java Programming Language, Macmillan USA, Indianapolis, IN (1996).
  23. B. Rich, A. Nadalin, and T. Shrader, “All that JAAS: An Overview of the Java Authentication and Authorization Services,” IBM Developer Connection (March 2000); http://www.developer.ibm.com/devcon/mag.htm.
  24. Java Servlet API Specification version 2.2, http://java.sun.com/products/servlet/.
  25. IBM WebSphere Standard/Advanced 3.02 Security Overview, http://www-4.ibm.com/software/webservers/appserv/security.pdf.
  26. MIME (Multipurpose Internet Mail Extensions), http://www.ietf.org/rfc/rfc1521.txt?number=1521.
  27. IBM J2SE specifications, http://www.ibm.com/java/.
  28. A. O. Freier, P. Karlton, and P. C. Kocher, SSL 3.0 Specification, Technical Report, Netscape Communications Corporation (November 1996); available at http://home.netscape.com/eng/ssl3/.
  29. SSL 3.0 Specifications, http://home.netscape.com/eng/ssl3/.
  30. B. Nusbaum, M. Pistoia, G. Rochester, and T. Liu, Network Computing Framework Component Guide, SG24-2119-00, IBM Corporation (1997).
  31. B. Nusbaum, M. Pistoia, G. Rochester, and T. Liu, IBM Network Computing Framework for e-business Guide, SG24-5296-00, IBM Corporation (1998).
  32. M. Pistoia, K. Kojima, and N. Raghu, Internet Security in the Network Computing Framework, SG24-5220-00, IBM Corporation (1998).
  33. RFC 2109, HTTP State Management Mechanism, http://www.ietf.org/rfc/rfc2109.txt?number=2109.
  34. M. Pistoia and C. Letilley, IBM WebSphere Performance Pack: Load Balancing with IBM SecureWay Network Dispatcher, SG24-5858-00, IBM Corporation (1999).
  35. M. Pistoia, T. Menner, C. Milligan, and B. G. Pham, IBM WebSphere Performance Pack: Web Content Management with IBM AFS Enterprise File System, SG24-5857-00, IBM Corporation (1999).
  36. M. Pistoia, V. Iovine, and S. Pischedda, IBM WebSphere Performance Pack Usage and Administration, SG24-5233-00, IBM Corporation (1998).
  37. T. Shrader, B. Rich, and A. Nadalin, Java and Internet Security, iUniverse, http://www.iuniverse.com/ (2000).
  38. RFC 2315, PKCS #7: Cryptographic Message Syntax Version 1.5, ftp://ftp.isi.edu/in-notes/rfc2315.txt.
  39. RFC 2630, Cryptographic Message Syntax, ftp://ftp.isi.edu/in-notes/rfc2630.txt.
  40. B. S. Kaliski, Jr., A Layman's Guide to a Subset of ASN.1, BER, and DER, RSA Laboratories (November 1993).
  41. B. Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition, John Wiley & Sons, Inc., New York (1995).
  42. RFC 2311, S/MIME Version 2 Message Specification, ftp://ftp.isi.edu/in-notes/rfc2311.txt.
  43. T. Shrader, A. Nadalin, and B. Rich, “Understanding Cryptographic Messages in e-business,” IBM DeveloperToolbox Technical Magazine (March 2000); http://www.developer.ibm.com/devcon/mag.htm.
  44. ASCII was first defined by the American National Standards Institute (ANSI) in ANSI Standard X3.4 in 1968. The ASCII code is also described in ISO 636 (1973) and CCITT V.2, which calls the standard IA5 (International Alphabet #5). ASCII is a 7-bit code, resulting in a maximum of 128 characters.
  45. JavaMail version 1.1.3 specifications, http://www.javasoft.com/products/javamail/.
  46. T. Shrader, “Choosing the Right Cryptography for Your e-business Application,” IBM DeveloperToolbox Technical Magazine, on-line edition at http://www.developer.ibm.com/devcon/mag.htm.

About IBM | Privacy | Legal | Contact