Java - Group home

Java 11 on z/OS Security Extensions Under Consideration for Service Stream Updates

  

Java on z/OS is pleased to share our list of providers, services, and security extensions that are under consideration for future delivery in the IBM Semeru Runtime Certified Edition for z/OS, Version 11 service stream. (UPDATE: Key security extensions are now available, see this blog)

 

Providers:

 

  •  Java™ Cryptography Extension Common Cryptographic Architecture (IBMJCECCA) - A security provider that exploits hardware cryptography, and is used to supplement the Java Cryptography Extension (JCE)

 

  •  Java™ Cryptography Extension Hybrid Provider (IBMJCEHYBRID) - Routes application requests for cryptography to different JCE providers, depending on their availability

 

  •  zERT-enabled Java Secure Socket Extension (ZERTJSSE) provider - A security provider that enables secure internet communications and gathers security information about those communications for reporting to z/OS® Encryption Readiness Technology (zERT)

 

  • PKCS11 Implementation - Uses the Java™ Cryptography Extension (JCE) and Java Cryptography Architecture (JCA) frameworks to seamlessly add the capability to use hardware cryptography using the PKCS#11 Cryptographic Token Interface standard

 

Services and Extensions:

 

  • JCERACFKS Keystore Implementation - Can take advantage of RACF® with keyring-based keystores

 

  •  IBM® JAAS z/OS Extensions, Java Authentication and Authorization Service (JAAS) - IBM's version of JAAS for z/OS differs from the Oracle version this provides a default login module that supports basic authentication with the System Authorization Facility (SAF), authorization checking for resources that are protected by SAF, and the ThreadSubject.doAs class provides a default implementation of ThreadSubject.

 

  

Statements by IBM regarding its plans, directions, and intent are subject to change or withdrawal without notice at the sole discretion of IBM. Information regarding potential future products is intended to outline general product direction and should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for IBM products remain at the sole discretion of IBM.