Security Capabilities


	Corporate Info \| News \| Solutions \| Products \| Partners \| Services \| Events \| Download \| How To Buy
	http://www.oracle.com/technology/documentation/index.html \| Site Map \| Search \| PDF Files \| Contact \| Glossary

Tuxedo Doc Home \| Security \| Topic List \| Previous \| Next \| Contents

Using BEA Tuxedo Security

The BEA Tuxedo system can enforce security in a number of ways, which includes using the security features of the host operating system to control access to files, directories, and system resources. The following table describes the security capabilities available with the BEA Tuxedo system.

BEA Tuxedo Security Capabilities

Security Capability
Description
Plug-in Interface
Default Implementation

Operating system security

Controls access to files, directories, and system resources.

N/A

N/A

Authentication

Proves the stated identity of users or system processes; safely remembers and transports identity information; and makes identity information available when needed.

Implemented as a single interface

The default authentication plug-in provides security at three levels: no authentication, application password, and user-level authentication. This plug-in works the same way the BEA Tuxedo implementation of authentication has worked since it was first made available with the BEA Tuxedo system.

Authorization

Controls access to resources based on identity or other information.

Implemented as a single interface

The default authorization plug-in provides security at two levels: optional access control lists and mandatory access control lists. This plug-in works the same way the BEA Tuxedo implementation of authorization has worked since it was first made available with the BEA Tuxedo system.

Auditing

Safely collects, stores, and distributes information about operating requests and their outcomes.

Implemented as a single interface

Default auditing security is implemented by the BEA Tuxedo EventBroker and userlog (ULOG) features.

Link-level encryption

Uses symmetric key encryption to establish data privacy for messages moving over the network links that connect the machines in a BEA Tuxedo application.

N/A

RC4 symmetric key encryption.

Public key security

Uses public key (or asymmetric key) encryption to establish end-to-end digital signing and data privacy between BEA Tuxedo application clients and servers. Complies with the PKCS-7 standard.

Implemented as six interfaces

Default public key security supports the following algorithms:

RSA public key algorithm
RSA and DSA digital signature algorithms
DES-CBC, two-key triple-DES, and RC2 symmetric key algorithms
MD5 and SHA-1 message digest algorithms

Security Capability	Description	Plug-in Interface	Default Implementation
Operating system security	Controls access to files, directories, and system resources.	N/A	N/A
Authentication	Proves the stated identity of users or system processes; safely remembers and transports identity information; and makes identity information available when needed.	Implemented as a single interface	The default authentication plug-in provides security at three levels: no authentication, application password, and user-level authentication. This plug-in works the same way the BEA Tuxedo implementation of authentication has worked since it was first made available with the BEA Tuxedo system.
Authorization	Controls access to resources based on identity or other information.	Implemented as a single interface	The default authorization plug-in provides security at two levels: optional access control lists and mandatory access control lists. This plug-in works the same way the BEA Tuxedo implementation of authorization has worked since it was first made available with the BEA Tuxedo system.
Auditing	Safely collects, stores, and distributes information about operating requests and their outcomes.	Implemented as a single interface	Default auditing security is implemented by the BEA Tuxedo EventBroker and userlog (ULOG) features.
Link-level encryption	Uses symmetric key encryption to establish data privacy for messages moving over the network links that connect the machines in a BEA Tuxedo application.	N/A	RC4 symmetric key encryption.
Public key security	Uses public key (or asymmetric key) encryption to establish end-to-end digital signing and data privacy between BEA Tuxedo application clients and servers. Complies with the PKCS-7 standard.	Implemented as six interfaces	Default public key security supports the following algorithms: RSA public key algorithm RSA and DSA digital signature algorithms DES-CBC, two-key triple-DES, and RC2 symmetric key algorithms MD5 and SHA-1 message digest algorithms