What's New in the Recently Released JDK 1.4
Beta<br>By Todd Sundsted<br><br>Sun released the first beta
version of JDK 1.4 this month. This release<br>gives the
world its first official glimpse of added
security<br>functionality.<br><br>The Java Cryptography Extension (JCE), Java
Secure
Socket Extension<br>(JSSE), and Java Authentication and
Authorization Service (JAAS) are<br>now part of the core JDK.
The Java Certification Path API, being<br>developed
as JSR 55, is included as well. The Java
Certification Path<br>API allows applications to build and
validate certificate chains.<br><br>The Java GSS-API joins
JSSE as a mechanism that applications can use
to<br>securely exchange messages. The GSS-API offers
applications uniform<br>access to security services that are
layered on top of a variety of<br>underlying security
mechanisms, including Kerberos.<br><br>JDK 1.4 also includes
support for dynamic policies, an
often-requested<br>security feature. The binding of permissions to classes is
now<br>dynamically linked to the lifetime of the security policy,
rather than<br>the class loader that loaded the classes
in question.<br><br>Finally, government restrictions
(this time related to the import of<br>strong
cryptography into other countries rather than the export
of<br>strong encryption from the United States) continue to
play a part in<br>limiting JDK functionality. JDK v1.4
includes support for "strong"<br>encryption with
restrictions on maximum cryptographic strength.
Sun<br>provides a separate download to provide "unlimited"
strength<br>cryptography.<br><br>About the
author(s)<br>-------------------<br>Todd
Sundsted has been writing programs since computers
became<br>available in desktop models. Though originally interested
in building<br>distributed applications in C++, Todd
moved on to the Java programming<br>language when it
became the obvious choice for that sort of thing.
In<br>addition to writing, Todd is cofounder and chief architect
of<br>PointFire,
Inc.<br>________________________________________________________________________\
____<br>____<br><br>ADDITIONAL RESOURCES<br><br>What's New in JDK
1.4<br><a
href=http://www.itworld.com/jump/javsec_nl/www.wrox.com/News/ViewReview.asp?id=3\
9
target=new>http://www.itworld.com/jump/javsec_nl/www.wrox.com/News/ViewReview.as\
p?id=39</a><br>7<br><br>The magic of Merlin<br>How the new JDK 1.4 --
code-named Merlin -- levitates its
functionality<br><a
href=http://www.javaworld.com/jjw/javsec_nl//jw-03-2001/jw-0316-jdk.html
target=new>http://www.javaworld.com/jjw/javsec_nl//jw-03-2001/jw-0316-jdk.html</\
a><br><br>Java Secure Socket Extension
(JSSE)<br><a
href=http://www.itworld.com/jump/javsec_nl/java.sun.com/products/jsse/
target=new>http://www.itworld.com/jump/javsec_nl/java.sun.com/products/jsse/</a>\
<br><br>Java Cryptography Extension
(JCE)<br><a
href=http://www.itworld.com/jump/javsec_nl/java.sun.com/products/jce/
target=new>http://www.itworld.com/jump/javsec_nl/java.sun.com/products/jce/</a><\
br><br>Java Authentication and Authorization Service
(JAAS)<br><a
href=http://www.itworld.com/jump/javsec_nl/java.sun.com/products/jaas/
target=new>http://www.itworld.com/jump/javsec_nl/java.sun.com/products/jaas/</a>