Solaris 8 Software Developer Supplement

Security Advances

With the security enhancements available in J2SE 1.3.0, developers have more tools at their disposal for protecting their technology investments. New support for RSA signatures and J2SE 1.3.0's enhanced dynamic trust management facilities also greatly increase the ease of web-based deployment.

Support for RSA Signatures

J2SE 1.3.0 includes a cryptographic service provider to support the widely used RSA signatures for electronically signing software that is delivered over the Web. Standard RSA certificates are supported, including those from VeriSign and Thawte.

Prior to J2SE 1.3.0, Java platform users who wanted to use RSA certificates needed to write their own RSA service providers or purchase an RSA service provider from a third party. Now an RSA provider is included as a standard part of J2SE 1.3.0.

Dynamic Trust Management

New dynamic trust management facilities in J2SE 1.3.0 provide pop-up dialogs to let users validate applet signers, eliminating the need to deploy security key files to each client that runs the signed applet.

Previously, if a user wanted to give an applet from a trusted source extra security permissions to allow the applet to perform normally forbidden operations, the user needed to preconfigure his or her local cache of trusted signer certificates to recognize the certificate of the applet's trusted source. This would need to be done for every client machine on which the applet might potentially be run.

J2SE 1.3.0 provides a better solution by providing facilities to extract the applet's signers from the applet's codesource and pass them to the browser. The browser then verifies the certificate chain all the way up to its root certificate, and checks if that root certificate is contained in the browser's database of trusted root certificates. If so, the browser displays the chain of the authenticated signer and give the user the option to remove all security restrictions on the applet.

Improved Support for Public-Key Certificates

J2SE 1.3.0 provides enhanced support for X.509 public-key certificates. J2SE 1.3.0 now supports all X.520 attributes that are either mandated or recommended by the most recent proposed standard protocol (RFC 2459). In addition, J2SE 1.3.0 can handle multiple Attribute/Value Assertions within a Relative Distinguished Name.