Ramesh Nagappan

Security has been one of my favorite subjects ever since I started working at Sun Microsystems. Although I worked mostly on Java distributed computing, I had plenty of opportunities to experiment with security technologies. With my passion for writing, a book on security has always been one of my goals, and now it has become a reality with the completion of this mammoth project.

It is always fun to have a look back and recall the genesis of this book: It was Sun's JavaSmart DayDeveloper's conference in Boston (September 16, 2002), and after presenting to a huge audience on Web services security, Chris and I came out, tired and hungry. We sat down at The Cheesecake Factory, and while we refreshed ourselves, we came up with the idea of writing an applied security book for Java developers that would allow us to share our best kept secrets, tips, and techniques we'd been hiding up our sleeves. Over the course of the next few days, we created the proposal for this book. Greg Doench at Prentice Hall readily accepted our proposal, but Chris and I had a tough time keeping pace with the schedule. At one point, Greg asked me "Will the manuscript be ready before the Red Sox win the World Seriesagain?" Because Chris and I wanted to cover additional relevant topics in the book, it soon became an effort of much greater scope than initially planned. After a few months of increasing the scope of the book, Chris and I decided to invite Ray Lai to contribute to this book. That's how our writing journey began. During the course of writing, it's been great fun having a midnight conference call to discuss and share our thoughts and resolve issues. After more than two years of work on this book, I'm actually a bit surprised that it's done. It's a great feeling to see it turn out much beyond our thoughts as we envisioned back at The Cheesecake Factory.

First, I would like to thank and recognize the people who have directly or indirectly influenced me by providing me with opportunities to learn and to gain experience in working with security technologies. I would not have been able to gain the expertise necessary for the writing of this book without those opportunities. Thus, my thanks are extended to:

• Gary Lippert, Dave DiMillo, Li Gong, and Chris Steel, for giving me the opportunity to work with Java security technologies and J2EE application security projects.

• Sunil Mathew and William Olsen, for introducing me to real-world Web services projects and providing me with opportunities to test-drive my Web services security prototypes.

• Doug Bunting, for having introduced me to participation in Web services standards initiatives, particularly the OASIS WS-CAF and WS-Security working groups.

• Wayne Ashworth and Dan Fisher for giving me access to the world of Smart Cards and opportunities to work on Smart Card application prototypes.

• Art Sands, Chris Sands, Tuomo Lampinen, Jeff Groves, and Travis Hatmaker for allowing me to play with Biometric technologies and for providing opportunities to work on biometrics integration with Sun Identity Management products.

• Luc Wijns, Charles Andres, Sujeet Vasudevan for all the trust and confidence on my expertise and giving me a opportunity to prototype the Java Card-based Identity Management solution for a prestigious national ID project.

Second, I was fortunate enough to have an excellent team of reviewers whose insightful comments and suggestions considerably increased the quality of my work.

My sincere thanks go to Glenn Brunette, Shaheen Nasirudeen, Tommy Szeto, Sang Shin, Robert Skoczylas, Tejash Shah, Eve Maler, Rafat Alvi, Sameer Tyagi, Bruce Chapman, Tom Duell, Annie Kuo, and Reid Williams for all the excellent review comments that I incorporated into the chapters.

My special thanks go to Patric Chang and Matthew MacLeod for all their encouragement and recognition during my work on this book.

Finally, the largest share of credit goes to my loving wife Joyce, my son Roger, my little girl Kaitlyn 'Minmini,' and my parents for all their love, inspiration, and endless support. Only through their love and support was I able to accomplish this goal.