This presentation describes the Java Authentication and Authorization Services (JAAS) framework which was designed to augment the JDK with such support. The architecture in JDK 1.2 can be extended in a number of ways to process principal-related information. The purpose of introducing a Java Authentication and Authorization Service is to provide a standard framework so that:

• We establish the basic concept and the common operations related to a principal on the Java platform.
• Application developers have a unified way to handle principal information through a standard set of APIs, even though such principal information and its management can be platform/system/environment specific.

System or software vendors can produce provider modules that deal with the interaction and interchange of principal information between the Java platform and a non-Java platform, or between two (different or identical) non-Java platforms. With JAAS, Java-based developers can operate these provider modules through a standard set of Java APIs.

Attendees will learn:

• How to enable applications to use JAAS
• How successful e-business applications exploit various authentication technologies such as Kerberos.