From a security point of view, here are some general practices implemented in the Authentication Service.
SSL is strongly recommended to prevent the user credentials from being stolen through passive network snooping.
The signing and encryption of some user data is to prevent other software applications, sharing the same system resources, from subverting it.
The main user entry points of the Authentication Service (Distributed Authentication User Interface, Authentication XML Handler Interface for remote clients, the Authentication Service User Interface) are protected by entry level validation of the size of the requested data.
Creation and modification of authentication configuration information is only allowed by privileged OpenSSO Enterprise administrators.