Product and customer technical support of the JSSE and JCE API
 Technote (FAQ)
 
Problem
IBM® WebSphere® Application Server product and customer technical support of the Java™ Secure Sockets Extension (JSSE) and Java Cryptography Extension (JCE) Application Program Interfaces (API).
 
Solution

Product and customer technical support of the Java Secure Sockets Extension Application Programming Interface

IBM WebSphere Application Server, being a product rich in features and functions, includes components that aid in the implementation of this rich functionality. Normally, these components are exclusively available in IBM WebSphere Application Server and might not be available for separate licensing. However, some of these components, because of the rich functionality that they provide might be useful and desirable by customers to use in support of their own applications.

The Java Security Sockets Extension (JSSE) application program interface (API) might provide direct and independent utility to WebSphere Application Server customers. While IBM cannot provide the JSSE API as an independently supported component, IBM agrees to provide the following levels of support.

The level of support provided by IBM is affected by how the JSSE API is used relative to the following modes of use:
  • WebSphere Application Server runtime usage mode
    In this mode, all functional calls to a JSSE API are done through a request from WebSphere Application Server and are required to enable it to deliver a function or feature in accordance with specifications. For example, the IIOP communication done between the following WebSphere Application Server components:
    • Administrative server and application server
    • Administrative client (for example, administrative console, wireless service control point (WSCP), Extensible Markup Language (XML) Config) and administrative server
    • Java client and application server

    Note: The level of support provided by IBM when the JSSE API is used in this mode will be consistent with the support that a customer is entitled to by the WebSphere Application Server license and any support offering purchased by the customer. This is the normal product support provided by IBM which is already well documented.

  • Customer’s application usage mode
    The primary characteristic of this mode is that a customer’s application makes a direct call to a JSSE API independently of a WebSphere Application Server request, but within a WebSphere Application Server environment. The fact that WebSphere Application Server might use the JSSE API to deliver a specific function is not significant. An example of this mode might be the direct use of the JSSE API by a user’s application running in a WebSphere Application Server environment. It might be used to connect to a server or application external to WebSphere Application Server that uses the Secure Sockets Layer (SSL) secured HTTPS or IIOPS protocols.


Scope of support

When the JSSE API is used in a customer’s application usage mode, IBM intends to use commercially reasonable efforts to provide the following level of support within the included terms and limitations:
  • Activities included
    • Program Services (defect support) will be provided, as entitled, under the product’s license
    • Defect support will be provided only to the extent required to deliver JSSE API functionality as defined in its reference or user’s guide (see JSSE-related documentation). It will be bounded by any limitations documented here or in other JSSE documentation.
    • If you are entitled to WebSphere Application Server support by a valid support offering such as IBM Passport Advantage®, the following might be available from WebSphere support and development teams:
      • Problem determination and resolution assistance
      • Emergency (Severity 1) support during off-shift hours
      • Access to support using voice, electronic (where available), or both means
      • Access to registered web site for enhanced on-line support
      • Ongoing customer communications about problem submissions
      • Assistance with the interpretation of publications
      • Assistance with gathering and analysis of traces and dumps
      • Usage and basic product configuration assistance (for example, product compatibility and interoperability)

  • Activities not included
    • Network design assistance
    • Support beyond the product End of Service (EOS) date
    • Program review of user code (for example, exits and applications)
    • Data and database design and recovery
    • Diagnosis and analysis of other IBM or non-IBM products
    • Product integration (for example, installation and configuration)
    • Performance and tuning assistance
    • Customized services
    • On-site support services
    • Enhancements


Known operating limitations and terms

IBM does not imply that a user might implement all security-related function to the extent that they have been implemented within IBM WebSphere Application Server. It is the user’s responsibility to determine if the functions available meet their specific needs. The following are some specific functional limitations, operating conditions, or other terms that will be considered when providing support for the JSSE API being used in a customer’s application usage mode within the WebSphere Application Server environment:
  • Access to JSSE API support will be granted only through the support entitlement of a properly licensed WebSphere Application Server.
  • Support for the JSSE API will terminate at the same time as the support for the copy of WebSphere Application Server under which it was acquired.
  • Support will be provided only for defects in functionality that occur within a WebSphere Application Server environment.
  • Although, in some cases, a single fix might be available to correct a code defect in the JSSE API, it is not the intent of IBM to have an independent corrective service deliverable for the JSSE API. Corrective service for the JSSE API will be delivered as part of the corrective service deliverable for WebSphere Application Server.
  • Customer code using the JSSE APIs must reside within a WebSphere Application Server environment. This includes applications deployed in WebSphere Application Server and client applications in the J2EE application client environment.
  • Support for connectivity between the IBM JSSE implementation and SSL implementations from other vendors is limited to tested implementations. These include Microsoft® Internet Information Server (IIS), BEA WebLogic Server, IBM z/OS®, IBM AIX® and IBM AS/400®.
  • No support for any exit points or extensions
  • Support will be provided only for those plug-ins (for example, providers) delivered by IBM. Support for providers from another vendor must be provided by that vendor.
  • When another vendor’s provider is used, support for the IBM JSSE framework will be provided only when the problem is reproducible using an IBM JSSE provider.


JSSE-related documentation

The following documents define the primary functions provided by the JSSE API. The documentation will be distributed and enhanced as needed by the WebSphere Application Server team.

WebSphere Application Server Version Document Name Document Location Comments
4 API Javadoc {was_install_root}/java/docs/jsse/jssedocs.jar When this file is unpacked, it includes the developer’s guide
API user’s guide {was_install_root}/java/docs/jsse/API_users_guide.html
Version 4.0 InfoCenter Look for the SSL and JSSE API topics
5 JSSE reference guide {was_install_root}/web/docs/jsse/API_users_guide.html
API Javadoc {was_install_root}/web/docs/jsse/jssedocs.jar
Sample JSSE applications {was_install_root}/web/docs/jsse/samplejsse.jar When this file is expanded, it contains sample applications that show examples of some of the available functions
Version 5.0 InfoCenter Look for the SSL and JSSE API topics

Direct questions about other uses of the JSSE API to the source or sources as indicated in the license, readme, or other JSSE API-related documentation.


Product and customer technical support of the Java Cryptography Extension Application Program Interface

IBM WebSphere Application Server, being a product rich in features and functions, includes components that aid in the implementation of this rich functionality. Normally, these components are exclusively available in IBM WebSphere Application Server and might not be available for separate licensing. However, some of these components, because of the rich functionality that they provide might be useful and desirable by customers to use in support of their own applications.

Java™ Cryptography Extension (JCE) Application Program Interface (API) falls into the category of providing direct and independent utility to WebSphere Application Server as an independently supported component. While IBM cannot provide the JCE API, IBM agrees to provide the following levels of support.

The level of support provided by IBM is affected by how the JCE API is used relative to the following modes of use:
  • WebSphere Application Server run-time usage mode
    In this mode, all functional calls to a JCE API are done through a request from WebSphere Application Server and are required to enable it to deliver a function or feature in accordance with specifications. For example, the Internet Inter-ORB Protocol (IIOP) communication is done between the following WebSphere components:
    • Administrative server and application server
    • Administrative client (for example, administrative console, wireless service control point (WSCP), eXtensible Markup Language (XML) Config) and administrative server
    • Java client and application server

    Note: The level of support provided by IBM when the JCE API is used in this mode will be consistent with the support that a customer is entitled to by the WebSphere Application Server license and any support offering purchased by the customer. This is the normal product support provided by IBM which is already well documented.

  • Customer’s application usage mode
    The primary characteristic of this mode is that a customer’s application makes a direct call to a JCE API independently of a WebSphere Application Server request, but within a WebSphere Application Server environment. The fact that WebSphere Application Server might use the JCE API to deliver a specific function is not significant. An example of this mode might be the direct use of the JCE API by a user’s application running in a WebSphere Application Server environment. It might be used to connect to a server or application external to WebSphere Application Server that uses the Secure Sockets Layer (SSL) secured HTTPS or IIOPS protocols.


Scope of support

When the JCE API is used in a customer’s application usage mode, IBM intends to use commercially reasonable efforts to provide the following level of support within the included terms and limitations:
  • Activities included
    • Program Services (defect support) will be provided, as entitled, under the product’s license
    • Defect support will be provided only to the extent required to deliver JCE API functionality as defined in its reference or user’s guide (see JCE-related documentation). It will be bounded by any limitations documented here or in other JCE documentation.
    • If you are entitled to WebSphere Application Server support by a valid support offering such as IBM Passport Advantage®, the following might be available from WebSphere support and development teams:
      • Problem determination and resolution assistance
      • Emergency (Severity 1) support during off-shift hours
      • Access to support using voice, electronic (where available), or both means
      • Access to registered web site for enhanced on-line support
      • Ongoing customer communications about problem submissions
      • Assistance with the interpretation of publications
      • Assistance with gathering and analysis of traces and dumps
      • Usage and basic product configuration assistance (for example, product compatibility and interoperability)
  • Activities not included
    • Network design assistance
    • Support beyond the product End of Service (EOS) date
    • Program review of user code (for example, exits and applications)
    • Data and database design and recovery
    • Diagnosis and analysis of other IBM or non-IBM products
    • Product integration (for example, installation and configuration)
    • Performance and tuning assistance
    • Customized services
    • On-site support services
    • Enhancements or provision of additional algorithms not already offered


Known operating limitations and terms

IBM does not imply that a user might implement all security-related function to the extent that they have been implemented within IBM WebSphere Application Server. It is the user’s responsibility to determine if the functions available meet their specific needs. The following are some specific functional limitations, operating conditions, or other terms that will be considered when providing support for the JCE API being used in a customer’s application usage mode within the WebSphere Application Server environment:
  • Access to JCE API support will be granted only through the support entitlement of a properly licensed WebSphere Application Server.
  • Support for the JCE API will terminate at the same time as the support for the copy of WebSphere Application Server under which it was acquired.
  • Support will be provided only for defects in functionality that occur within a WebSphere Application Server environment.
  • Although, in some cases, a single fix might be available to correct a code defect in the JCE API, it is not the intent of IBM to have an independent corrective service deliverable for the JCE API. Corrective service for the JCE API will be delivered as part of the corrective service deliverable for WebSphere Application Server.
  • Customer code using the JCE APIs must reside within a WebSphere Application Server environment.
  • No support for any exit points, extensions, or additional algorithms.
  • Support will be provided only for the JCE framework and JCE providers delivered by IBM. Support for framework or provider code from another vendor must be provided by that other vendor.
  • When another vendor’s provider is used, support for the IBM JCE framework will be provided only when the problem is reproducible using an IBM JCE provider.
  • Support will not be available for another vendor’s JCE framework with an IBM JCE provider.
  • Support will not be available for the direct usage of hardware tokens (for example, PKCS11). Usage of hardware tokens is through the key store.
  • Hardware token support is limited to tested devices using the PKCS11 key store interface. These devices include:
    • IBM Security Kit Smartcard
    • GemPlus Smartcards
    • Rainbow iKey 1000/2000 (USB "Smartcard" device)
    • IBM 4758-23
    • nCipher nForce/nFast
    • Rainbow Cryptoswift
  • Support is not available for serialized key store objects between IBM and another vendor’s JCE provider.
  • Support is not available for performance improvements.


JCE-related documentation

The following documents define the primary functions provided by the JCE API. The documents will be distributed and enhanced as needed by the WebSphere Application Server team.

WebSphere Application Server version Document name Document location Comments
4 API Javadoc {was_install_root}/java/docs/JCE/JCEdocs.jar When the file is unpacked, it includes the developer’s guide
API user’s guide {was_install_root}/java/docs/JCE/API_users_guide.html
Version 4 InfoCenter Look for the JCE API topics
5 JCE reference guide {was_install_root}/web/docs/JCE/api_users_guide.html
API Javadoc {was_install_root}/web/docs/JCE/JCEdocs.jar
Sample JCE Applications {was_install_root}/web/docs/JCE/sampleJCE.jar When this file is expanded, it contains sample applications that show examples of some of the available functions
Version 5 InfoCenter Look for the JCE API topics


Direct questions about other uses of the JCE to the source or sources as indicated in the license, read me, or, other JCE API-related documentation.
 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Java Security (JSSE/JCE)
Operating system(s): Windows
Software version: 5.0
Software edition:
Reference #: 1158408
IBM Group: Software Group
Modified date: Sep 10, 2004