Browse Prior Art Database

Provide Java APIs into the IUCV protocol

IP.com Disclosure Number: IPCOM000244583D
Publication Date: 2015-Dec-23
Document File: 3 page(s) / 151K

Publishing Venue

The IP.com Prior Art Database

Abstract

IUCV is a communication protocol between virtual machines provided by the z/VM operating system. This article provides a method for providing Java APIs into the IUCV protocol, and integrating the protocol's pre-authentication feature with an existing security paradigm in an existing product.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 45% of the total text.

Page 01 of 3

Provide Java APIs into the IUCV protocol

z/VM provides an integrated communication protocol between virtual guests, named IUCV (Inter-user Communication Vehicle). This protocol is implemented by z/VM's control program (CP) and enables virtual machines to send and receive data. Data sent using the protocol includes a prefix (or header) specifying the sender virtual machines. The protocol includes a pre-authentication mechanism, implemented by CP, such that the receiver end of the connection can trust that the data has indeed been sent by the virtual machine specified in the header . Currently, APIs for interfacing with the IUCV protocol exist for various platforms and programming languages (CMS, Linux, C, REXX, etc). these APIs provide means to write programs which would send and receive data using the IUCV protocol.

The article will outline a method for implementing Java* APIs into the IUCV protocol, and a method to integrate the protocol's pre-authentication mechanism with an existing security paradigm of an existing product. Furthermore, the methods described below assume that the client side of the IUCV communication is done from within z/VM (a virtual machine running CMS), and the server side is implemented by a Java process running on a Linux* virtual machine under z/VM. Both client and server are running in the same z/VM LPAR.

    Java* currently does not include support for a significant number of communication protocols, and only provides APIs to manipulate IP sockets. To keep the implementation simple, a pre-compiled c library will be used. The pre-compiled c library includes the APIs necessary for interacting with the IUCV protocol. To drive these functions, wrapper classes in Java* will be written which invoke the c routines using JNI. See Fig. 1 for a description of the flow.

Figure 1 - Communication flow between a CMS virtual machine and a Java* process running in a Linux* virtual machine.

1


Page 02 of 3

Once these components are readily available, communication can be done between the CMS virtual machine and the Java* process running on the Linux* virtual machine. The next phase is to consider the purpose of the communication. For the sake of this article, consider the purpose of the communication is to be able to invoke server functions, and receive output from these functions. As stated, the client invoking the functions is running in a a CMS virtual machine, and the server which provides the functions is written in Java* and runs on a Linux* virtual machine.

Under client-server interaction, there are two security-related phases that normally happen before a function is invoked:

Authentication - The client authenticates into the server (there are many ways to establish this,


1.

including user/password combinations, key-based authentication, certificates, etc). The purpose of this phase is for the server to ensure the identity of the client, or in other words, that the server can trust that the client invoking the func...