Oracle® Application Server Syndication Services Developer’s and Administrator’s Guide
10g (9.0.4) Part No. B10667-01 |
|
This appendix describes the architecture and configuration of security for Syndication Services. This appendix covers the following topics:
Syndication Services user support is achieved through the use of the LDAP-based provider and the OC4J Java Authentication and Authorization Service. This section covers the following topics:
See Section 2.3 for more information about user management.
Syndication Services security protects the following resources:
Data -- protected write access to the data stored in the Syndication Services repository; this is typically metadata of Syndication Services.
Functions -- administrative operations to the Syndication Services repository.
Passwords -- passwords and other security-related data including:
Content provider property values
User’s authentication information for push URLs
Password of the Portal syndication user
See Section 2.3 for more information about Syndication Services user management. See Oracle Application Server Portal Configuration Guide for more information about the Portal syndication user and syndicating content into Oracle Application Server Portal.
JAZN (the Oracle implementation of Java Authentication and Authorization Service (JAAS)) and the Syndication Services application manage and enforce write access to the data stored in the Syndication Services repository. JAZN determines the identity and the security role of a user. Only the owner has rights to update data. See Section 2.3 for more information about Syndication Services user management.
For administrative operations, Syndication Services administration is managed by Oracle Enterprise Manager; Oracle Enterprise Manager protects the servlets that provide administrative operations.
Passwords and other security-sensitive information, persistently stored in the database, are further protected by the database DBMS_OBFUSCATION
PL/SQL package.
Section B.2.1 and Section B.2.2 describe configuring Syndication Services security.
To ensure the confidentiality of the communication between Syndication Services and the clients:
Configure Oracle HTTP Server (OHS)/SSL listener to provide HTTPS access.
Configure OC4J to prohibit HTTP access.
The configuration should be done to all security-sensitive Syndication Services end points.
If you use the provided Syndication Services client library to develop applications to communicate with the Syndication Services repository, you can set connection properties, such as credentials to be used in case of an HTTPS connection and the HTTP proxy to be used (see Section 3.1). You can also use the Oracle Enterprise Manager security features to configure various HTTP transport security properties. See Oracle Enterprise Manager Basic Installation and Configuration and Oracle Enterprise Manager Advanced Configuration for more information.