Page 1 of 1

Seeking security documentation

Posted: 22 Sep 2020, 07:27
by azheaz
Hi, I've been tasked to find some formal documentation regarding the security aspects of OpenWebStart and was hoping someone could point me in the right direction. There is some boiler plate notes on Java Web Start (https://www.uni-muenster.de/IT.BennoSue ... q.html#301) which if there was even something like this, that would be appreciate.

Thanks.

Re: Seeking security documentation

Posted: 22 Sep 2020, 08:11
by Andreas Ehret
I'm afraid there is no such a FAQ specific for security for OWS as far as I know. But how about start one by giving us your top 5 security-related questions you want to be answered and I can put this in one of our next dev team meetings agenda. We then can collect the answers and extend the existing FAQ by a security section. So lets start collecting good questions here...

Re: Seeking security documentation

Posted: 30 Sep 2020, 04:09
by azheaz
My client has changed the scope a little and would be more interested in a comparison between JWS and OWS. They are also interested in what versions of oracle JDK work with OWS.
Some security questions to get started:
1. How secure is Java Web Start?
2. What is a secure sandbox?
3. Explain how signing jar files is a secure approach

Thanks.

Re: Seeking security documentation

Posted: 30 Sep 2020, 09:55
by Janak Mulani
Hi,

OpenWebStart is based on IcedTeaWeb which is an implementation of JSR56

OWS derives its security features from ITW.

Following are links to documentation:

IcedteaWeb :

https://github.com/AdoptOpenJDK/IcedTea-Web
https://icedtea.classpath.org/wiki/IcedTea-Web

Security in ITW : https://icedtea.classpath.org/wiki/Iced ... rity_Notes

JSR56 :
https://download.oracle.com/otndocs/jcp ... index.html

You can find answers to your questions from:

https://docs.oracle.com/javase/8/docs/t ... index.html

I hope this helps