News

RSA eases security process for Java developers

• By Rich Seeley
• July 20, 2004

Complicating things further, if a developer doesn't have a core competency in security, they very well may leave holes that a hacker could drive a truck through.

"Security isn't an easy area to do right," Kriese told JDT. "People not familiar with it find it very hard to do."

The result is the constant news of yet another security hole being discovered and possibly exploited in another Web services application.

That's where a new product from RSA, Bsafe SWS-J, may spell relief for Java coders working on Web services applications, Kriese said. The new product provides security mechanisms based on the Oasis WS-Security standard that developers can simply add to their application, she explained.

While it is recommended that developers at least be familiar with the basics of the security standard, Kriese said, "They don't have to implement low-level security themselves."

The new RSA Java-based security product is designed to help developers quickly and cost-effectively implement standards-based, interoperable security to enable Web services, she noted. It includes implementations of XML Encryption and XML Digital Signing that comply with WS-Security, added Kriese. It also uses the Sun Java Cryptographic Extensions (JCE) architecture and will work with any JCE provider.

If Java developers are working on an application that must comply with the U.S. government FIPS 140 standard, they can use the FIPS-validated RSA Bsafe Crypto-J 3.5 JCE provider with the RSA Bsafe SWS-J software, Kriese said.

RSA Bsafe SWS-J software is currently available in pre-release version, with the final version scheduled to ship in this quarter.