Hi, I've been tasked to find some formal documentation regarding the security aspects of OpenWebStart and was hoping someone could point me in the right direction. There is some boiler plate notes on Java Web Start (https://www.uni-muenster.de/IT.BennoSue ... q.html#301) which if there was even something like this, that would be appreciate.
Thanks.
Seeking security documentation
-
- Posts: 81
- Joined: 25 Mar 2020, 12:21
Re: Seeking security documentation
I'm afraid there is no such a FAQ specific for security for OWS as far as I know. But how about start one by giving us your top 5 security-related questions you want to be answered and I can put this in one of our next dev team meetings agenda. We then can collect the answers and extend the existing FAQ by a security section. So lets start collecting good questions here...
Re: Seeking security documentation
My client has changed the scope a little and would be more interested in a comparison between JWS and OWS. They are also interested in what versions of oracle JDK work with OWS.
Some security questions to get started:
1. How secure is Java Web Start?
2. What is a secure sandbox?
3. Explain how signing jar files is a secure approach
Thanks.
Some security questions to get started:
1. How secure is Java Web Start?
2. What is a secure sandbox?
3. Explain how signing jar files is a secure approach
Thanks.
-
- Posts: 759
- Joined: 24 Mar 2020, 13:37
Re: Seeking security documentation
Hi,
OpenWebStart is based on IcedTeaWeb which is an implementation of JSR56
OWS derives its security features from ITW.
Following are links to documentation:
IcedteaWeb :
https://github.com/AdoptOpenJDK/IcedTea-Web
https://icedtea.classpath.org/wiki/IcedTea-Web
Security in ITW : https://icedtea.classpath.org/wiki/Iced ... rity_Notes
JSR56 :
https://download.oracle.com/otndocs/jcp ... index.html
You can find answers to your questions from:
https://docs.oracle.com/javase/8/docs/t ... index.html
I hope this helps
OpenWebStart is based on IcedTeaWeb which is an implementation of JSR56
OWS derives its security features from ITW.
Following are links to documentation:
IcedteaWeb :
https://github.com/AdoptOpenJDK/IcedTea-Web
https://icedtea.classpath.org/wiki/IcedTea-Web
Security in ITW : https://icedtea.classpath.org/wiki/Iced ... rity_Notes
JSR56 :
https://download.oracle.com/otndocs/jcp ... index.html
You can find answers to your questions from:
https://docs.oracle.com/javase/8/docs/t ... index.html
I hope this helps