Java^TM Authentication and Authorization Service (JAAS) 1.0

Q: What does JAAS 1.0 do in simple terms?
A: JAAS extends the security architecture of the Java^TM 2 Platform with additional support to authenticate and enforce access controls upon users.

Q: Where does JAAS fit in the Java Security Architecture?
A: JAAS is the latest development in the Java^TM Security Architecture, building upon the javax.security package in the core SDK, the Java^TM Secure Socket Extension (JSSE), the Java^TM Cryptography Extension (JCE), and the Java^TM Security Tools.

Q: Why should I be interested in JAAS 1.0?
A: JAAS enables developers to authenticate users and enforce access controls upon those users in their applications. It simplifies application development by serving as a building block for developers. By abstracting away the complex underlying authentication and authorization methanisms, JAAS minimizes the risk of creating dangerous but subtle security vulnerabilities in application code.

Q: Is the JAAS implementation a reference implementation of the specification or a commercial product?
A: The JAAS implementation is a reference implementation. It is intended to familiarize developers with the API and the technology.

Q: What will JAAS 1.0 cost?
A: The final release version of the JAAS 1.0 reference implementation binary code will be free for commercial use and redistribution. See the license and legal documents for details when you download the code.

Q: Is JAAS under US export control restrictions?
A: No, JAAS does not have any export control restrictions.

Q: What versions of the JDK^TM does JAAS support ?
A: The JAAS API is implementable only on the Java^TM 2 SDK, v1.3.

Q: What standard(s) does JAAS 1.0 follow?
A: JAAS 1.0 implements a Java version of the standard Pluggable Authentication Module (PAM) framework.

Q: Is the reference implementation of JAAS written in the Java programming language?
A: Yes, the reference implementation is written in the Java programming language.

Q: Is there any sample source code available?
A: Sample source code, including directions for running the sample code, is provided with the JAAS download. Sun plans to make additional code samples available in the future.

Q: Is there a JAAS architecture design FAQ for more technical questions and answers?
A: Yes, the JAAS technical FAQ is available online at: http://java.sun.com/security/jaas/faq.html