Hi Nick,
My answers are below.
Among those existing security measurements, like SSL, JAAS, ACL, digital siguature, etc, in what extend you think a J2EE system should adopt, that can regard as a robust system?
ANSWER: Well, I think it all depends on the requirements of the system. J2EE fits well with many security technologies and standards. So, for example, if there is the need for authentication, JAAS should be used. If authentication and confidentiality is an issue, then JSSE should be used.
In addtion, what is the focus of the book? In management view (what measurements to be adopted), in technology view (what algorithms should be used, like ECC, AES, etc) and in business view (what degree of security level should be archived)?
ANSWER: We worked very hard to meet the requirements of different categories of readers. The book starts in a light way (to introduce the topics, mainly for managers, business people, or people who are not familiar with J2EE security). Then the book explains the architecture of J2EE and J2SE security, which is something that developers and researchers should all know if they are going to work on
Java security. The last chapters cover advanced topics. This last part is good for people who are intereted in enhancing Java security.
Thank you for your interest,
Marco