Seeking security documentation

The public knowledge pool and discussion forum of the OWS community. Do not post confidential information here!
azheaz
Posts: 2
Joined: 22 Sep 2020, 07:17

Seeking security documentation

Post by azheaz »

Hi, I've been tasked to find some formal documentation regarding the security aspects of OpenWebStart and was hoping someone could point me in the right direction. There is some boiler plate notes on Java Web Start (https://www.uni-muenster.de/IT.BennoSue ... q.html#301) which if there was even something like this, that would be appreciate.

Thanks.

Andreas Ehret
Posts: 81
Joined: 25 Mar 2020, 12:21

Re: Seeking security documentation

Post by Andreas Ehret »

I'm afraid there is no such a FAQ specific for security for OWS as far as I know. But how about start one by giving us your top 5 security-related questions you want to be answered and I can put this in one of our next dev team meetings agenda. We then can collect the answers and extend the existing FAQ by a security section. So lets start collecting good questions here...

azheaz
Posts: 2
Joined: 22 Sep 2020, 07:17

Re: Seeking security documentation

Post by azheaz »

My client has changed the scope a little and would be more interested in a comparison between JWS and OWS. They are also interested in what versions of oracle JDK work with OWS.
Some security questions to get started:
1. How secure is Java Web Start?
2. What is a secure sandbox?
3. Explain how signing jar files is a secure approach

Thanks.

Janak Mulani
Posts: 726
Joined: 24 Mar 2020, 13:37

Re: Seeking security documentation

Post by Janak Mulani »

Hi,

OpenWebStart is based on IcedTeaWeb which is an implementation of JSR56

OWS derives its security features from ITW.

Following are links to documentation:

IcedteaWeb :

https://github.com/AdoptOpenJDK/IcedTea-Web
https://icedtea.classpath.org/wiki/IcedTea-Web

Security in ITW : https://icedtea.classpath.org/wiki/Iced ... rity_Notes

JSR56 :
https://download.oracle.com/otndocs/jcp ... index.html

You can find answers to your questions from:

https://docs.oracle.com/javase/8/docs/t ... index.html

I hope this helps

Post Reply