Oracle Application Server 10g Security Guide -- Index

accelerating SSL, 2-6

AJP

use with SSL encryption, 2-8

Apache HTTP server, 1-8

application deployers

references, i-xvi

architecture

Oracle Application Server security, 2-1 to 2-9

authentication

definition, Glossary-1

in OracleAS JAAS Provider, 2-7

using OracleAS Single Sign-On, 3-5

authorization

in OracleAS JAAS Provider, 2-7

auto login

and Oracle Wallet Manager, A-19

availability

definition, Glossary-1

BC4J

security, 1-18

BHAPI, 2-6

browser security implications, 1-2

certificate authority

definition, Glossary-2

certificates

definition, Glossary-1

trusted, A-25

X.509, A-4

cipher suite

definition, Glossary-2

ciphertext

definition, Glossary-2

configuring

DMZ architectures, 4-6

cryptography

definition, Glossary-2

decryption

definition, Glossary-2

Delegated Administration Service (DAS), 1-14

delegation

how it works, 5-2

privilege, 5-1 to 5-7

Departmental Topology, 1-12

deployment topologies, 4-1 to 4-16

DES

definition, Glossary-2

Development Life Cycle Support Topology, 1-13

Diffie-Hellman key negotiation

definition, Glossary-3

directory information tree

definition, Glossary-3

Directory Integration and Provisioning, 3-8

distinguished name

definition, Glossary-3

DIT

definition, Glossary-3

DMZ, 4-3

configuring architectures, 4-6

definition, 4-3, Glossary-2

infrastructure zone, 4-5

J2EE Business Logic zone, 4-5

requirements, 4-5 to 4-6

Enterprise Data Center Topology, 4-9 to 4-10

J2EE Applications, 1-13

Portal, Wireless, and Business Intelligence Applications, 1-13

failover

definition, Glossary-4

fault tolerance

definition, Glossary-4

firewalls, 4-2

and mod_plsql, 4-6

security implications, 1-3

Forms, Reports, and Discoverer Developer Topology, 1-12

hot standby

definition, Glossary-4

HTTP, 1-9

HTTPS, 1-9

HTTPS-to-HTTP appliances, 4-7

identity management

integrating third-party solutions, 3-2

third-party solutions, 3-8

infrastructure DMZ zone, 4-5

installation topologies, 1-11

instance passwords

changing, 3-4

Integration Architect and Process Modeler Topology, 1-12

J2EE applications

and security architecture, 4-9

J2EE Business Logic DMZ zone, 4-5

JAAS, 1-10

Java Developer Topology, 1-11

key

definition, Glossary-4

key pair

definition, Glossary-4

LDAP, A-7

definition, Glossary-5

LDIF

definition, Glossary-4

load balancers, 4-2

hardware, 4-7

security implications, 1-4

localhost

definition, Glossary-5

LoginModule API

in OracleAS JAAS Provider, 2-7

man-in-the-middle

definition, Glossary-5

MD5

definition, Glossary-5

message digest

definition, Glossary-5

message flow

OracleAS Single Sign-On, 2-5

mod_plsql

and firewalls, 4-6

and security architecture, 4-9

mods, defined, 1-9

OC4J, 1-10

OID. See Oracle Internet Directory.

OIM. See Oracle Identity Management.

one-way hash function

definition, Glossary-5

Oracle Advanced Security, 2-2

Oracle Application Server Certificate Authority Topology, 1-13

Oracle Application Server Integration

security, 1-17

Oracle Application Server Java Authentication and Authorization Service.See OracleAS JAAS Provider.

Oracle Applications wallet location, A-18

Oracle Business Components for Java

security, 1-18

Oracle Certificate Authority, 1-14, A-27

Oracle Delegated Administration Services, 3-6

Oracle Directory Integration Service, 1-14

Oracle HTTP Server, 1-8, 1-9, 1-16

overview of security, 2-4

security, 1-8

security enhancements, 1-16

security services, 1-9

Oracle Identity Management, 1-11, 3-1 to 3-9

infrastructure, 1-11

new security features, 1-14

password policies, 3-3

Oracle Internet Directory

changing instance passwords, 3-4

new features, 1-14

Oracle Internet Directory (OID), 1-14

Oracle Net

definition, Glossary-6

Oracle Wallet Manager, A-1 to A-28

auto login, A-19

compatibility, A-3

LDAP directory support, A-7

managing certificates, A-20

managing user certificates, A-20

microsoft windows registry wallet storage, A-3

multiple certificate support, A-4

options, A-3

Oracle Certificate Authority Certificates, A-27

passwords, A-2

strong wallet encryption, A-2

Oracle wallets

password protection, A-2

Oracle Workflow, 1-18

security, 1-18

OracleAS

introduction, 1-2

middle-tier components, 1-8 to 1-10

security architecture, 2-2

security overview, 1-1 to 1-18

OracleAS Business Components for Java . See BC4J

OracleAS Certificate Authority

new features, 1-16

OracleAS Discoverer

security architecture, 4-12

OracleAS Forms Services

security architecture, 4-12

OracleAS Integration, 1-17

OracleAS JAAS Provider

LoginModule API, 2-7

security implications, 2-7

OracleAS Metadata Repository, 1-11, 2-2

OracleAS Portal, 1-10, 3-1

dependency on Oracle Identity Management, 3-1

security implications, 2-8

security requirements, 4-10

OracleAS Reports Services

security architecture, 4-12

OracleAS Single Sign-On, 1-14

message flow, 2-5

new features, 1-15

security architecture, 4-15

use in authentication, 3-5

OracleAS Web Cache, 1-8

security architecture, 4-16

security implications, 2-8

OracleAS Wireless

security requirements, 4-10

OracleHOME_NAMEWebCache service, A-11

OracleHOME_NAMEWebCacheAdmin service, A-11

password policies, 3-3

PEM

definition, Glossary-6

PGP

definition, Glossary-6

PKCS, A-4

PKCS 12

definition, Glossary-6

PKI, A-2

and OracleAS Certificate Authority, 3-8

cryptography standards (PKCS) support, A-4

definition, Glossary-6

managing with Oracle Wallet Manager, A-1 to A-28

plaintext

definition, Glossary-6

Portal and Wireless Developer Topology, 1-12

private key

definition, Glossary-6

privilege delegation, 5-1 to 5-7

and RBAC, 3-6

component runtime, 5-7

diagram, 5-3

security goals, 5-6

privilege model

security goals, 1-17, 5-6

user roles, 5-6

Provisioning Integration, 3-7

Provisioning Integration Service, 1-14

public key

definition, Glossary-7

public key infrastructure. See PKI

public-key cryptography

definition, Glossary-7

public/private key pair

definition, Glossary-7

RBAC, 3-6

privilege delegation, 3-6

RDN

definition, Glossary-7

redundant

definition, Glossary-7

reliability

definition, Glossary-7

role-based access control. See RBAC

RSA

definition, Glossary-7

scalability

definition, Glossary-8

Secure Hash Algorithm

definition, Glossary-8

security

overview in OracleAS, 1-1 to 1-18

security architecture, 2-1 to 2-9

J2EE applications, 4-9

mod_plsql, 4-9

OracleAS Discoverer, 4-12

OracleAS Forms Services, 4-12

OracleAS Reports Services, 4-12

OracleAS Single Sign-On, 4-15

OracleAS Web Cache, 4-16

security requirements

OracleAS Portal, 4-10

OracleAS Wireless, 4-10

security services

basic, 1-5

single key-pair wallet, Glossary-9

single sign-on

definition, Glossary-9

SSH

definition, Glossary-8

SSL

and AJP, 2-8

SSL acceleration, 2-6

SSL wallet location, A-10, A-18

SSO wallets, A-19

symmetric-key cryptography, Glossary-9

topologies

deployment, 4-1 to 4-16

trusted certificates, A-25

definition, Glossary-9

user certificates

managing, A-20

virtual private network. See VPN

VPNs

security implications, 1-4

wallet resource locator

definition, Glossary-9

wallets

auto login, A-19

changing a password, A-19

closing, A-12

considerations for Windows, A-10

creating, A-9

definition, Glossary-9

deleting, A-18

downloading from LDAP directory, A-16

exporting, A-14

exporting to tools that do not support PKCS#12, A-14

importing, A-13

managing, A-8

managing certificates, A-20

managing trusted certificates, A-25

opening, A-12

Oracle Applications wallet location, A-18

password guidelines, A-9

saving, A-17

saving changes, A-17

saving in system default, A-18

saving to a new location, A-17

single key-pair, Glossary-9

SSL wallet location, A-10, A-18

SSO wallets, A-19

uploading to LDAP directory, A-15

X.509

definition, Glossary-9

X.509 Version 3 certificates

with Oracle HTTP Server, 1-9

Index

A

B

C

D

E

F

H

I

J

K

L

M

O

P

R

S

T

U

V

W

X