B Syndication Services Security

This appendix describes the architecture and configuration of security for Syndication Services. This appendix covers the following topics:

• About Syndication Services Security

• Configuring Syndication Services Security

B.1 About Syndication Services Security

Syndication Services user support is achieved through the use of the LDAP-based provider and the OC4J Java Authentication and Authorization Service. This section covers the following topics:

• Protecting Syndication Services Resources

• Managing and Enforcing Protected Syndication Services Resources

• Using Oracle Application Server Security Services

See Section 2.3 for more information about user management.

B.1.1 Protecting Syndication Services Resources

Syndication Services security protects the following resources:

• Data -- protected write access to the data stored in the Syndication Services repository; this is typically metadata of Syndication Services.

• Functions -- administrative operations to the Syndication Services repository.

• Passwords -- passwords and other security-related data including:

  • Content provider property values

  • User’s authentication information for push URLs

  • Password of the Portal syndication user

  See Section 2.3 for more information about Syndication Services user management. See Oracle Application Server Portal Configuration Guide for more information about the Portal syndication user and syndicating content into Oracle Application Server Portal.

B.1.2 Managing and Enforcing Protected Syndication Services Resources

JAZN (the Oracle implementation of Java Authentication and Authorization Service (JAAS)) and the Syndication Services application manage and enforce write access to the data stored in the Syndication Services repository. JAZN determines the identity and the security role of a user. Only the owner has rights to update data. See Section 2.3 for more information about Syndication Services user management.

For administrative operations, Syndication Services administration is managed by Oracle Enterprise Manager; Oracle Enterprise Manager protects the servlets that provide administrative operations.

Passwords and other security-sensitive information, persistently stored in the database, are further protected by the database DBMS_OBFUSCATION PL/SQL package.

B.1.3 Using Oracle Application Server Security Services

Syndication Services optimizes the JAZN user-level security features, and uses secure socket layer (SSL) encryption both on the server side and on the client side, for accessing Oracle Application Server infrastructure database options.

B.2 Configuring Syndication Services Security

Section B.2.1 and Section B.2.2 describe configuring Syndication Services security.

B.2.1 Syndication Services Repository

To ensure the confidentiality of the communication between Syndication Services and the clients:

1. Configure Oracle HTTP Server (OHS)/SSL listener to provide HTTPS access.

2. Configure OC4J to prohibit HTTP access.

The configuration should be done to all security-sensitive Syndication Services end points.

B.2.2 Syndication Services Client

If you use the provided Syndication Services client library to develop applications to communicate with the Syndication Services repository, you can set connection properties, such as credentials to be used in case of an HTTPS connection and the HTTP proxy to be used (see Section 3.1). You can also use the Oracle Enterprise Manager security features to configure various HTTP transport security properties. See Oracle Enterprise Manager Basic Installation and Configuration and Oracle Enterprise Manager Advanced Configuration for more information.