|
Problem |
IBM® WebSphere® Application Server product and customer
technical support of the Java™ Secure Sockets Extension (JSSE) and Java
Cryptography Extension (JCE) Application Program Interfaces (API). |
|
Solution |
Product and customer technical support of the Java Secure Sockets
Extension Application Programming Interface
IBM WebSphere Application Server, being a product rich in features and
functions, includes components that aid in the implementation of this rich
functionality. Normally, these components are exclusively available in IBM
WebSphere Application Server and might not be available for separate
licensing. However, some of these components, because of the rich
functionality that they provide might be useful and desirable by customers
to use in support of their own applications.
The Java Security Sockets Extension (JSSE) application program interface
(API) might provide direct and independent utility to WebSphere
Application Server customers. While IBM cannot provide the JSSE API as an
independently supported component, IBM agrees to provide the following
levels of support.
The level of support provided by IBM is affected by how the JSSE API is
used relative to the following modes of use:
- WebSphere Application Server runtime usage mode
In this mode, all functional calls to a JSSE API are done through a
request from WebSphere Application Server and are required to enable it to
deliver a function or feature in accordance with specifications. For
example, the IIOP communication done between the following WebSphere
Application Server components:
- Administrative server and application server
- Administrative client (for example, administrative
console, wireless service control point (WSCP), Extensible Markup Language
(XML) Config) and administrative server
- Java client and application server
Note: The level of support provided by IBM when the JSSE API
is used in this mode will be consistent with the support that a customer
is entitled to by the WebSphere Application Server license and any support
offering purchased by the customer. This is the normal product support
provided by IBM which is already well documented.
- Customer’s application usage mode
The primary characteristic of this mode is that a customer’s
application makes a direct call to a JSSE API independently of a WebSphere
Application Server request, but within a WebSphere Application Server
environment. The fact that WebSphere Application Server might use the JSSE
API to deliver a specific function is not significant. An example of this
mode might be the direct use of the JSSE API by a user’s application
running in a WebSphere Application Server environment. It might be used to
connect to a server or application external to WebSphere Application
Server that uses the Secure Sockets Layer (SSL) secured HTTPS or IIOPS
protocols.
Scope of support
When the JSSE API is used in a customer’s application usage mode, IBM
intends to use commercially reasonable efforts to provide the following
level of support within the included terms and limitations:
- Activities included
- Program Services (defect support) will be provided, as
entitled, under the product’s license
- Defect support will be provided only to the extent
required to deliver JSSE API functionality as defined in its reference or
user’s guide (see JSSE-related documentation). It will be bounded by any
limitations documented here or in other JSSE documentation.
- If you are entitled to WebSphere Application Server
support by a valid support offering such as IBM Passport Advantage®, the
following might be available from WebSphere support and development teams:
- Problem determination and resolution assistance
- Emergency (Severity 1) support during off-shift hours
- Access to support using voice, electronic (where
available), or both means
- Access to registered web site for enhanced on-line
support
- Ongoing customer communications about problem
submissions
- Assistance with the interpretation of publications
- Assistance with gathering and analysis of traces and
dumps
- Usage and basic product configuration assistance (for
example, product compatibility and interoperability)
- Activities not included
- Network design assistance
- Support beyond the product End of Service (EOS)
date
- Program review of user code (for example, exits and
applications)
- Data and database design and recovery
- Diagnosis and analysis of other IBM or non-IBM
products
- Product integration (for example, installation and
configuration)
- Performance and tuning assistance
- Customized services
- On-site support services
- Enhancements
Known operating limitations and terms
IBM does not imply that a user might implement all security-related
function to the extent that they have been implemented within IBM
WebSphere Application Server. It is the user’s responsibility to determine
if the functions available meet their specific needs. The following are
some specific functional limitations, operating conditions, or other terms
that will be considered when providing support for the JSSE API being used
in a customer’s application usage mode within the WebSphere Application
Server environment:
- Access to JSSE API support will be granted only through
the support entitlement of a properly licensed WebSphere Application
Server.
- Support for the JSSE API will terminate at the same time
as the support for the copy of WebSphere Application Server under which it
was acquired.
- Support will be provided only for defects in functionality
that occur within a WebSphere Application Server environment.
- Although, in some cases, a single fix might be available
to correct a code defect in the JSSE API, it is not the intent of IBM to
have an independent corrective service deliverable for the JSSE API.
Corrective service for the JSSE API will be delivered as part of the
corrective service deliverable for WebSphere Application Server.
- Customer code using the JSSE APIs must reside within a
WebSphere Application Server environment. This includes applications
deployed in WebSphere Application Server and client applications in the
J2EE application client environment.
- Support for connectivity between the IBM JSSE
implementation and SSL implementations from other vendors is limited to
tested implementations. These include Microsoft® Internet Information
Server (IIS), BEA WebLogic Server, IBM z/OS®, IBM AIX® and IBM
AS/400®.
- No support for any exit points or extensions
- Support will be provided only for those plug-ins (for
example, providers) delivered by IBM. Support for providers from another
vendor must be provided by that vendor.
- When another vendor’s provider is used, support for the
IBM JSSE framework will be provided only when the problem is reproducible
using an IBM JSSE provider.
JSSE-related documentation
The following documents define the primary functions provided by the JSSE
API. The documentation will be distributed and enhanced as needed by the
WebSphere Application Server team.
WebSphere Application Server
Version |
Document Name |
Document Location |
Comments |
4 |
API Javadoc |
{was_install_root}/java/docs/jsse/jssedocs.jar |
When this file is unpacked, it includes the developer’s
guide |
 |
API user’s guide |
{was_install_root}/java/docs/jsse/API_users_guide.html |
 |
 |
Version 4.0 InfoCenter |
 |
Look for the SSL and JSSE API topics |
5 |
JSSE reference guide |
{was_install_root}/web/docs/jsse/API_users_guide.html |
 |
 |
API Javadoc |
{was_install_root}/web/docs/jsse/jssedocs.jar |
 |
 |
Sample JSSE applications |
{was_install_root}/web/docs/jsse/samplejsse.jar |
When this file is expanded, it contains sample
applications that show examples of some of the available functions |
 |
Version 5.0 InfoCenter |
 |
Look for the SSL and JSSE API topics |
Direct questions about other uses of the JSSE API to the source or
sources as indicated in the license, readme, or other JSSE API-related
documentation.
Product and customer technical support of the Java Cryptography
Extension Application Program Interface
IBM WebSphere Application Server, being a product rich in features and
functions, includes components that aid in the implementation of this rich
functionality. Normally, these components are exclusively available in IBM
WebSphere Application Server and might not be available for separate
licensing. However, some of these components, because of the rich
functionality that they provide might be useful and desirable by customers
to use in support of their own applications.
Java™ Cryptography Extension (JCE) Application Program Interface (API)
falls into the category of providing direct and independent utility to
WebSphere Application Server as an independently supported component.
While IBM cannot provide the JCE API, IBM agrees to provide the following
levels of support.
The level of support provided by IBM is affected by how the JCE API is
used relative to the following modes of use:
- WebSphere Application Server run-time usage mode
In this mode, all functional calls to a JCE API are done through a
request from WebSphere Application Server and are required to enable it to
deliver a function or feature in accordance with specifications. For
example, the Internet Inter-ORB Protocol (IIOP) communication is done
between the following WebSphere components:
- Administrative server and application server
- Administrative client (for example, administrative
console, wireless service control point (WSCP), eXtensible Markup Language
(XML) Config) and administrative server
- Java client and application server
Note: The level of support provided by IBM when the JCE API is
used in this mode will be consistent with the support that a customer is
entitled to by the WebSphere Application Server license and any support
offering purchased by the customer. This is the normal product support
provided by IBM which is already well documented.
- Customer’s application usage mode
The primary characteristic of this mode is that a customer’s
application makes a direct call to a JCE API independently of a WebSphere
Application Server request, but within a WebSphere Application Server
environment. The fact that WebSphere Application Server might use the JCE
API to deliver a specific function is not significant. An example of this
mode might be the direct use of the JCE API by a user’s application
running in a WebSphere Application Server environment. It might be used to
connect to a server or application external to WebSphere Application
Server that uses the Secure Sockets Layer (SSL) secured HTTPS or IIOPS
protocols.
Scope of support
When the JCE API is used in a customer’s application usage mode, IBM
intends to use commercially reasonable efforts to provide the following
level of support within the included terms and limitations:
- Activities included
- Program Services (defect support) will be provided, as
entitled, under the product’s license
- Defect support will be provided only to the extent
required to deliver JCE API functionality as defined in its reference or
user’s guide (see JCE-related documentation). It will be bounded by any
limitations documented here or in other JCE documentation.
- If you are entitled to WebSphere Application Server
support by a valid support offering such as IBM Passport Advantage®, the
following might be available from WebSphere support and development teams:
- Problem determination and resolution assistance
- Emergency (Severity 1) support during off-shift hours
- Access to support using voice, electronic (where
available), or both means
- Access to registered web site for enhanced on-line
support
- Ongoing customer communications about problem
submissions
- Assistance with the interpretation of publications
- Assistance with gathering and analysis of traces and
dumps
- Usage and basic product configuration assistance (for
example, product compatibility and interoperability)
- Activities not included
- Network design assistance
- Support beyond the product End of Service (EOS)
date
- Program review of user code (for example, exits and
applications)
- Data and database design and recovery
- Diagnosis and analysis of other IBM or non-IBM
products
- Product integration (for example, installation and
configuration)
- Performance and tuning assistance
- Customized services
- On-site support services
- Enhancements or provision of additional algorithms not
already offered
Known operating limitations and terms
IBM does not imply that a user might implement all security-related
function to the extent that they have been implemented within IBM
WebSphere Application Server. It is the user’s responsibility to determine
if the functions available meet their specific needs. The following are
some specific functional limitations, operating conditions, or other terms
that will be considered when providing support for the JCE API being used
in a customer’s application usage mode within the WebSphere Application
Server environment:
- Access to JCE API support will be granted only through the
support entitlement of a properly licensed WebSphere Application
Server.
- Support for the JCE API will terminate at the same time as
the support for the copy of WebSphere Application Server under which it
was acquired.
- Support will be provided only for defects in functionality
that occur within a WebSphere Application Server environment.
- Although, in some cases, a single fix might be available
to correct a code defect in the JCE API, it is not the intent of IBM to
have an independent corrective service deliverable for the JCE API.
Corrective service for the JCE API will be delivered as part of the
corrective service deliverable for WebSphere Application Server.
- Customer code using the JCE APIs must reside within a
WebSphere Application Server environment.
- No support for any exit points, extensions, or additional
algorithms.
- Support will be provided only for the JCE framework and
JCE providers delivered by IBM. Support for framework or provider code
from another vendor must be provided by that other vendor.
- When another vendor’s provider is used, support for the
IBM JCE framework will be provided only when the problem is reproducible
using an IBM JCE provider.
- Support will not be available for another vendor’s JCE
framework with an IBM JCE provider.
- Support will not be available for the direct usage of
hardware tokens (for example, PKCS11). Usage of hardware tokens is through
the key store.
- Hardware token support is limited to tested devices using
the PKCS11 key store interface. These devices include:
- IBM Security Kit Smartcard
- GemPlus Smartcards
- Rainbow iKey 1000/2000 (USB "Smartcard" device)
- IBM 4758-23
- nCipher nForce/nFast
- Rainbow Cryptoswift
- Support is not available for serialized key store objects
between IBM and another vendor’s JCE provider.
- Support is not available for performance
improvements.
JCE-related documentation
The following documents define the primary functions provided by the JCE
API. The documents will be distributed and enhanced as needed by the
WebSphere Application Server team.
WebSphere Application Server
version |
Document name |
Document location |
Comments |
4 |
API Javadoc |
{was_install_root}/java/docs/JCE/JCEdocs.jar |
When the file is unpacked, it includes the developer’s
guide |
 |
API user’s guide |
{was_install_root}/java/docs/JCE/API_users_guide.html |
 |
 |
Version 4 InfoCenter |
 |
Look for the JCE API topics |
5 |
JCE reference guide |
{was_install_root}/web/docs/JCE/api_users_guide.html |
 |
 |
API Javadoc |
{was_install_root}/web/docs/JCE/JCEdocs.jar |
 |
 |
Sample JCE Applications |
{was_install_root}/web/docs/JCE/sampleJCE.jar |
When this file is expanded, it contains sample
applications that show examples of some of the available functions |
 |
Version 5 InfoCenter |
 |
Look for the JCE API topics |
Direct questions about other uses of the JCE to the source or sources as
indicated in the license, read me, or, other JCE API-related
documentation. |
|
|
|
|
|
|