Table of Contents Previous Next

Table of Contents

Part I Security Concepts
Overview of the CORBA Security Features
Introduction to the SSL Technology
Fundamentals of CORBA Security
Overview of the CORBA Security Features
The CORBA Security Features
The CORBA Security Environment
Oracle Tuxedo Security SPIs
Introduction to the SSL Technology
The SSL Protocol
Digital Certificates
Certificate Authority
Certificate Repositories
A Public Key Infrastructure
PKCS-5 and PKCS-8 Compliance
Supported Public Key Algorithms
Supported Symmetric Key Algorithms
Supported Message Digest Algorithms
Supported Cipher Suites
Standards for Digital Certificates
Fundamentals of CORBA Security
Link-Level Encryption
How LLE Works
Encryption Key Size Negotiation
Determining min-max Values
Finding a Common Key Size
WSL/WSH Connection Timeout During Initialization
Development Process
Password Authentication
How Password Authentication Works
Development Process for Password Authentication
The SSL Protocol
How the SSL Protocol Works
Requirements for Using the SSL Protocol
Development Process for the SSL Protocol
Certificate Authentication
How Certificate Authentication Works
Development Process for Certificate Authentication
Using an Authentication Plug-in
PKI Plug-ins
Commonly Asked Questions About the CORBA Security Features
Do I Have to Change the Security in an Existing CORBA Application?
Can I Use the SSL Protocol in an Existing CORBA Application?
When Should I Use Certificate Authentication?
Part II Security Adminstration
Managing Public Key Security
Configuring Link-Level Encryption
Configuring the SSL Protocol
Configuring Authentication
Configuring Security Plug-ins
Managing Public Key Security
Requirements for Using Public Key Security
Who Needs Digital Certificates and Private/Private Key Pairs?
Requesting a Digital Certificate
Publishing Certificates in the LDAP Directory Service
Editing the LDAP Search Filter File
Storing the Private Keys in a Common Location
Defining the Trusted Certificate Authorities
Creating a Peer Rules File
Configuring Link-Level Encryption
Understanding min and max Values
Verifying the Installed Version of LLE
Configuring LLE on CORBA Application Links
Configuring the SSL Protocol
Setting Parameters for the SSL Protocol
Defining a Port for SSL Network Connections
Enabling Host Matching
Setting the Encryption Strength
Setting the Interval for Session Renegotiation
Defining Security Parameters for the IIOP Listener/Handler
Example of Setting Parameters on the ISL System Process
Example of Setting Command-line Options on the CORBA C++ ORB
Configuring Authentication
Configuring the Authentication Server
Defining Authorized Users
Defining a Security Level
Configuring Application Password Security
Configuring Password Authentication
Sample UBBCONFIG File for Password Authentication
Configuring Certificate Authentication
Sample UBBCONFIG File for Certificate Authentication
Configuring Access Control
Configuring Optional ACL Security
Configuring Mandatory ACL Security
Setting ACL Policy Between CORBA Applications
Impersonating the Remote Domain Gateway
Example DMCONFIG Entries for ACL Policy
Configuring Security to Interoperate with Older WebLogic Enterprise Client Applications
Configuring Security Plug-ins
Registering the Security Plug-ins (SPIs)
Writing a CORBA Application That Implements Security
Using the Bootstrapping Mechanism
Using the Host and Port Address Format
Using the corbaloc URL Address Format
Using the corbalocs URL Address Format
Using Password Authentication
The Security Sample Application
Writing the Client Application
C++ Code Example That Uses the SecurityLevel2::PrincipalAuthenticator::authenticate() Method
C++ Code Example That Uses the Tobj::PrincipalAuthenticator::logon() Method
Using Certificate Authentication
The Secure Simpapp Sample Application
Writing the CORBA Client Application
C++ Code Example of Certificate Authentication
Using the Interoperable Naming Service Mechanism
Protecting the Client Credentials
Using the Invocations_Options_Required() Method
Building and Running the CORBA Sample Applications
Building and Running the Security Sample Application
Building and Running the Secure Simpapp Sample Application
Step 1: Copy the Files for the Secure Simpapp Sample Application into a Work Directory
Step 2: Change the Protection Attribute on the Files for the Secure Simpapp Sample Application
Step 3: Verify the Settings of the Environment Variables
Step 4: Execute the runme Command
Using the Secure Simpapp Sample Application
Using ULOGS and ORB Tracing
CORBA::ORB_init Problems
Password Authentication Problems
Certificate Authentication Problems
Tobj::Bootstrap::resolve_initial_references Problems
IIOP Listener/Handler Startup Problems
Configuration Problems
Problems with Using Callbacks Objects with the SSL Protocol
Troubleshooting Tips for Digital Certificates
CORBA Security APIs
The CORBA Security Model
Authentication of Principals
Controlling Access to Objects
Administrative Control
Functional Components of the CORBA Security Environment
The Principal Authenticator Object
Using the Principal Authenticator Object with Certificate Authentication
Oracle Tuxedo Extensions to the Principal Authenticator Object
The Credentials Object
The SecurityCurrent Object
Security Modules
CORBA Module
TimeBase Module
Security Module
Security Level 1 Module
Security Level 2 Module
Tobj Module
C++ Security Reference
Java Security Reference
Automation Security Reference
Method Descriptions

Copyright © 1994, 2017, Oracle and/or its affiliates. All rights reserved.