Security Interoperability


	Corporate Info \| News \| Solutions \| Products \| Partners \| Services \| Events \| Download \| How To Buy
	http://www.oracle.com/technology/documentation/index.html \| Site Map \| Search \| PDF Files \| Contact \| Glossary

Tuxedo Doc Home \| Security \| Topic List \| Previous \| Next \| Contents

Using BEA Tuxedo Security

Application developers and administrators must be aware of certain security issues when configuring applications to interoperate with BEA Tuxedo pre-Release 7.1 (6.5 or earlier) software.

Interoperability, as defined in this discussion, is the ability of the current release of BEA Tuxedo software to communicate over a network with a previous release of BEA Tuxedo software. Specifically, inter-domain interoperability and intra-domain interoperability have the following meanings:

Inter-domain interoperability
Involves one BEA Tuxedo application running BEA Tuxedo Release 7.1 or later software, and another BEA Tuxedo application running BEA Tuxedo pre-Release 7.1 software. See the diagram Inter-Domain Interoperability for clarification.
Intra-domain interoperability
Involves one machine in a multiple-machine BEA Tuxedo application running BEA Tuxedo Release 7.1 or later software, and another machine in the same application running BEA Tuxedo pre-Release 7.1 software. See the diagram Intra-Domain Interoperability for clarification.

Inter-Domain Interoperability

Intra-Domain Interoperability

Interoperating with Pre-Release 7.1 Software

Interoperating with BEA Tuxedo pre-Release 7.1 software is allowed or disallowed at the authentication security level. Authentication, as implemented by BEA Tuxedo Release 7.1 or later software, allows communicating processes to mutually prove their identities.

By default, interoperability with a machine running BEA Tuxedo pre-Release 7.1 software is not allowed. To change the default, an application administrator can use the CLOPT -t option to allow Workstation Handlers (WSHs), domain gateways (GWTDOMAINs), and servers in the Release 7.1 or later application to interoperate with BEA Tuxedo pre-Release 7.1 software. Mandating Interoperability Policy provides instructions for using the CLOPT -t option as well as the security ramifications for authentication and authorization when using CLOPT -t.

Interoperability for Link-Level Encryption

Whenever a network link is established between machines running BEA Tuxedo software, link-level encryption may be used to encrypt data before sending it over the network link, and decrypt it as it comes off the link. Of course, link-level encryption is possible only if LLE is installed on both the sending and receiving machines.

LLE interoperability with BEA Tuxedo pre-Release 7.1 software is described in Backward Compatibility of LLE.

Interoperability for Public Key Security

The following interoperability rules for public key security apply to a machine running Release 7.1 or later BEA Tuxedo software that is configured to interoperate with a machine running BEA Tuxedo pre-Release 7.1 software. To clarify the rules, each rule has an accompanying example scenario involving a Workstation client running BEA Tuxedo pre-Release 7.1 software.

Interoperability Rules for Public Key Security

Interoperability Rule
Example
Comments

Encrypted outgoing message buffers destined for a machine running BEA Tuxedo pre-Release 7.1 software are not transmitted to the machine.

Encrypted outgoing message buffers destined for a pre-Release 7.1 Workstation client are not transmitted to the Workstation client.

"Encrypted" refers to public key message-based encryption, not link-level encryption.

Incoming message buffers from a machine running a BEA Tuxedo pre-Release 7.1 software are not accepted if routed to a process requiring encryption.

Incoming message buffers from a pre-Release 7.1 Workstation client do not have encryption envelopes attached, and are not accepted if routed to a process requiring encryption.

See Setting Encryption Policy for a description of the ENCRYPTION_REQUIRED configuration parameter.

For outgoing message buffers destined for the machine running BEA Tuxedo pre-Release 7.1 software, any digital signatures are verified and then removed before the message buffers are transmitted to the older machine.

Digital signatures are verified and then removed from outgoing message buffers destined for a pre-Release 7.1 Workstation client.

It is assumed that the outgoing message buffer is digitally signed but not encrypted. If the outgoing message buffer is digitally signed and encrypted, the message is not decrypted, the digital signatures are not verified, and the message is not transmitted to the older machine.

Incoming message buffers from a machine running BEA Tuxedo pre-Release 7.1 software are not accepted if routed to a process requiring digital signatures.

Incoming message buffers from a pre-Release 7.1 Workstation client do not have digital signatures attached, and are not accepted if routed to a process requiring digital signatures.

See Setting Digital Signature Policy for a description of the SIGNATURE_REQUIRED configuration parameter.

Interoperability Rule	Example	Comments
Encrypted outgoing message buffers destined for a machine running BEA Tuxedo pre-Release 7.1 software are not transmitted to the machine.	Encrypted outgoing message buffers destined for a pre-Release 7.1 Workstation client are not transmitted to the Workstation client.	"Encrypted" refers to public key message-based encryption, not link-level encryption.
Incoming message buffers from a machine running a BEA Tuxedo pre-Release 7.1 software are not accepted if routed to a process requiring encryption.	Incoming message buffers from a pre-Release 7.1 Workstation client do not have encryption envelopes attached, and are not accepted if routed to a process requiring encryption.	See Setting Encryption Policy for a description of the ENCRYPTION_REQUIRED configuration parameter.
For outgoing message buffers destined for the machine running BEA Tuxedo pre-Release 7.1 software, any digital signatures are verified and then removed before the message buffers are transmitted to the older machine.	Digital signatures are verified and then removed from outgoing message buffers destined for a pre-Release 7.1 Workstation client.	It is assumed that the outgoing message buffer is digitally signed but not encrypted. If the outgoing message buffer is digitally signed and encrypted, the message is not decrypted, the digital signatures are not verified, and the message is not transmitted to the older machine.
Incoming message buffers from a machine running BEA Tuxedo pre-Release 7.1 software are not accepted if routed to a process requiring digital signatures.	Incoming message buffers from a pre-Release 7.1 Workstation client do not have digital signatures attached, and are not accepted if routed to a process requiring digital signatures.	See Setting Digital Signature Policy for a description of the SIGNATURE_REQUIRED configuration parameter.

For inter-domain interoperability, Release 7.1 or later domain gateway (GWTDOMAIN) processes enforce the interoperability rules for public key security.

For intra-domain interoperability, Release 7.1 or later native clients, Workstation Handlers (WSHs), or server processes communicating with the local bridge process enforce the interoperability rules for public key security, as shown in the following diagram. A bridge process operates only as a conduit; it does not decrypt message buffer content or verify digital signatures.

Enforcing Intra-Domain Interoperability Rules for Public Key Security

Note: Typically, a Release 7.1 or later WSH does not verify digital signatures. But when routing a digitally signed message buffer to a process running BEA Tuxedo pre-Release 7.1 software, the WSH verifies any digital signatures before removing them.