This is the main index site for all security-related features of the JDK. In particular, this page has links to security white papers, API and tool documentation, security specifications, and more. This site also has links to many of the other sites we’ve listed here.

This is the Frequently Asked Questions page for Java security. This page primarily addresses what applets can and cannot do.

This document is the specification for the 1.2 Java security architecture; it provided invaluable background for this book. When you download the JDK 1.2 documentation, this document can be found at $JAVAHOME/docs/guide/security/spec/security-spec.html.

This document gives an interesting perspective on the topic of authentication, and in particular whether Java’s techniques for authentication are secure.

The Department of Commerce of the U.S. government. The Commerce Department governs and publishes the export restrictions of encryption and can grant exceptions for exporting encryption technology.

The Export Policy Resource page contains a number of links and other references to sites concerned with the U.S. government encryption policies.