IBM Java Generic Security Service (JGSS)

The Java™ Generic Security Service (JGSS) provides a generic interface for authentication and secure messaging. Under this interface you can plug a variety of security mechanisms based on secret-key, public-key, or other security technologies.

By abstracting the complexity and peculiarities of the underlying security mechanisms to a standardized interface, JGSS provides the following benefits to the development of secure networking applications:

  • You can develop the application to a single abstract interface
  • You can use the application with different security mechanisms without any changes

JGSS defines the Java bindings for the Generic Security Service Application Programming Interface (GSS-API), which is a cryptographic API that has been standardized by the Internet Engineering Task Force (IETF) and adopted by the X/Open Group.

The IBM® implementation of JGSS is called IBM JGSS. IBM JGSS is an implementation of the GSS-API framework that uses Kerberos V5 as the default underlying security system. It also features a Java Authentication and Authorization Service (JAAS) login module for creating and using Kerberos credentials. In addition, you can have JGSS perform JAAS authorization checks when you use those credentials.

IBM JGSS includes a native IBM i JGSS provider, a Java JGSS provider, and Java versions of the Kerberos credential management tools (kinit, ktab, and klist).

Note: The native IBM i JGSS provider uses the native IBM i Network Authentication Services (NAS) library. When you use the native provider, you must use the native IBM i Kerberos utilities. For more information, see JGSS providers.