Java Generic Security Service(JGSS)

JGSS (Java Generic Security Service) provides an interface for secure messaging and authentication. Using this interface we can implement a variety of security mechanisms based on public-key, secret-key or other security technologies.

By abstracting the peculiarities and complexity of the security mechanisms to a standardized interface, JGSS provides the following benefits for the development of networking applications.

1. We can develop an application to a ‘single abstract interface’.

    2. We can use this application with different security mechanisms without making any changes. 



Java Generic Security Service operations consist of four different stages, as standardized by the GSS-API ( Generic Security Service Application Programming Interface).

  1. Gathers credentials for principals (A principal may be a user or an unattended service)

  2. Creates and establishes a security context between the communicating principals. Context establishment involves initiator authentication itself to the accepting peer. It is optional for the initiator to request mutual authentication, in that case the acceptor authenticates itself to the initiating peer.

  3. Message protection and exchange secure messages between the peer principals. The originator of the message encode the message by calling on its local GSS-API implementation, which ensures integrity of the message and optionally, message confidentiality.

  4. Cleans up ,releasing the resources (In order to free up the resources, a JGSS application deletes the contexts that are no longer needed. So that the resources can be used by other applications). 

JGSS uses features of JAAS ( Java Authentication and Authorization Service) and JCE (Java Cryptography Extension). For securing the communication using JGSS-API, we can make use of the JAAS authentication before that. So in most time both are needed together. But they can also perform their operations individually. That means for authentication and authorization we can use JAAS.

JGSS features include:

    1. Identity authentication.

    2. Confidentiality and Message integrity.

    3. Optional JAAS Kerberos login and authorization.

     

For Generic security Services, there are Java bindings in it. And we can access these security services. Some of the JGSS operation generates tokens in the form of Java byte array. It is the responsibility of JGSS application to forward these tokens from peer to peer.

Steps in JGSS application programming are:

  1. Creating a GSSManager

  2. Creating a GSSName

  3. Creating a GSSCredential

  4. Creating a GSSContext

  5. Selecting optional services on the context

  6. Establishing context

  7. Using per-message services

  8. Deleting context

So for secure message exchanging in communicating applications we can make use of JGSS API.