About the Authors

This book was written by a team of IBM security researchers and architects who have had a major impact in the definition of the Java security architecture and its related technologies. The leader of this project was Marco Pistoia.

Marco Pistoia is a Research Staff Member in the Java and Web Services Security department, a part of the Networking Security, Privacy and Cryptography department at the IBM Thomas J. Watson Research Center in Yorktown Heights, New York. He has written ten books and several papers and journal articles on all areas of Java and e-business security. His latest book, Java 2 Network Security , Second Edition , was published by Prentice Hall in 1999. He has presented at several conferences worldwide: Sun Microsystems' JavaOne, the Association for Computing Machinery (ACM) conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), the O'Reilly Conference on Java, IBM Solutions, and Colorado Software Summit. He has been invited to teach graduate courses on Java security and has presented at the New York State Center for Advanced Technology in Telecommunications (CATT), Brooklyn, New York. Marco received his M.S. in Mathematics summa cum laude from the University of Rome, Italy, in 1995 and is working toward a Ph.D. in Mathematics from Polytechnic University, Brooklyn, New York. His technical interests are in mobile-code security, component software, and static analysis of object-oriented languages.

Nataraj Nagaratnam is a Senior Technical Staff Member and the lead security architect for IBM's WebSphere software family in Raleigh, North Carolina. He leads the security architecture for IBM WebSphere and the IBM Grid infrastructure. He is also a core member of the IBM Web Services security architecture team. He has coauthored the Web Services security specifications and Open Grid Services Architecture (OGSA) documents. He actively participates in the Java Community Process on the topics related to J2EE security by either leading or participating in the Java Specification Requests related to J2EE security. Nataraj received his Ph.D. in Computer Engineering from Syracuse University, Syracuse, New York. His thesis deals with the aspects of secure delegation in distributed object environments. He has widely presented on Java and security topics at various conferences and symposiums and has published extensively in numerous journals, conferences, and magazines. Nataraj was the lead author of one of the first books on Java networking, Java Networking and AWT API SuperBible , published by Waite Group Press in 1996.

Larry Koved is a Research Staff Member and the manager of the Java and Web Services Security department, a part of the Networking Security, Privacy, and Cryptography department at the IBM Thomas J. Watson Research Center in Yorktown Heights, New York. With Anthony Nadalin, he has served as IBM's Java security architect, including being a liaison to Sun Microsystems for Java security design and development collaboration. He was actively involved in the design of the Java Authentication and Authorization Services (JAAS) and then Enterpise JavaBeans (EJB) V1.1 security architecture. Larry has published more than 25 articles and technical reports on user interface technologies, virtual reality, hypertext and mobile computing, static analysis of Java code, and security. He has presented at several conferences, including ACM OOPSLA, the Institute of Electrical and Electronics Engineers (IEEE) Symposium on Security and Privacy, the O'Reilly Conference on Java, IBM's developerWorks Live!, and Sun Microsystems' JavaOne. His current interests include security of mobile code, component software, and static analysis of OO languages.

Anthony Nadalin is IBM's lead security architect for Java and Web Services in Austin, Texas. As Senior Technical Staff Member, he is responsible for security infrastructure design and development across IBM, Tivoli, and Lotus. He serves as the primary security liaison to Sun Microsystems for Java security design and development collaboration and to Microsoft for Web Services security design and development collaboration. In his 20-year career with IBM, Anthony has held the following positions : lead security architect for VM/SP, security architect for AS/400, and security architect for OS/2. He has authored and coauthored more than 30 technical journal and conference articles, and the book Java and Internet Security , which was published by iUniverse.com in 2000. He has been on the technical committee of three major scientific journals and one conference and has extensively reviewed work published by peers in the field. He has given several presentations and invited speeches at numerous technical security conferences.

Thanks to the following people for their invaluable contributions to this project:

• Rosario Gennaro, Kenneth Goldman, Bob Johnson, Jeff Kravitz, Michael McIntosh, Charles Palmer, Darrell Reimer, Kavitha Srinivas, Ray Valdez, Paula Austel, Michael Steiner

  IBM Thomas J. Watson Research Center, Yorktown Heights, New York

• Steve Mills

  IBM Software Group, Somers, New York

• Peter Birk, Joyce Leung, Kent Soper, Audrey Timkovich, Krishna Yellepeddy

  IBM Enterprise Security, Austin, Texas

• Matt Hogstrom, Bert Laonipon

  IBM WebSphere Performance and Security, Raleigh, North Carolina

• Keys Botzum

  IBM WebSphere Services, Bethesda, Maryland

• Tom Alcott

  IBM WebSphere Sales and Technology Support, Costa Mesa, California

• Tony Cowan

  IBM Customer Solutions Center, Seattle, Washington

• Charlie Lai

  Sun Microsystems, Cupertino, California

• Chris Kaler

  Microsoft Web Services Security, Redmond, Washington

• Paolina Centonze

  Polytechnic University, Brooklyn, New York

• Ann Sellers

  Addison-Wesley Professional, San Francisco, California

• Julie B. Nahil

  Addison-Wesley Professional, Boston, Massachusetts

• Mike Hendrickson

  Formerly of Addison-Wesley Professional, Boston, Massachusetts

• Thanks also to our able copy editor, Evelyn Pyle