Corporate Info | News | Solutions | Products | Partners | Services | Events | Download | How To Buy
http://www.oracle.com/technology/documentation/index.html | Site Map | Search | PDF Files | Contact | Glossary
Tuxedo Doc Home | Getting Started | Topic List | Previous | Next | Contents
Introducing the BEA Tuxedo System
Selecting Security Options
The following are the security options provided by the BEA Tuxedo system:
No authentication-Clients do not have to be verified before joining an application. Application Password-A single password is defined for an entire application and clients must provide the password to join the application. User-level Authentication-In addition to an application password, each client must provide a valid user name and application-specific data such as a password to join the application. Optional Access Control List (ACL)-Clients must provide an application password, a user name, and a user password. If there is no ACL associated with a user name, permission is granted. This practice enables an administrator to configure access for only those resources that need more security; ACLs need not be configured for services, queues, or events that are open to everyone. Mandatory Access Control List (ACL)-Clients must provide an application password, a user name, and a user password. This level is similar to optional ACL, but an access control list must be configured for every entity (such as a service, queue, or event) that users can access. If mandatory ACLs are being used and there is no ACL for a particular entity, permission for that entity is denied. Link-Level Encryption-Users of BEA Tuxedo System Security can establish data privacy for messages moving over the network links that connect the machines in a BEA Tuxedo application. The BEA Tuxedo system encrypts data before sending it over a network link and decrypts it as it comes off the link. Three levels of security are offered: 0-bit (no encryption), 56-bit (international), or 128-bit (US and Canada). Public key encryption-Consists of message-based encryption and message-based digital signature. Message-based encryption reveals user data only to designated recipients. With message-based digital signature, a sending process must prove its identity, and bind that proof to a specific message buffer. Any third party can verify the signature's authenticity. Undetected tampering is impossible because a digital signature contains a cryptographically secure checksum computed on the entire contents of a buffer. A digital signature also contains a tamper-proof stamp based on the originating machine's local clock. Auditing-Collects, stores, and distributes information about operating requests and their outcomes.
Application Password-A single password is defined for an entire application and clients must provide the password to join the application. User-level Authentication-In addition to an application password, each client must provide a valid user name and application-specific data such as a password to join the application. Optional Access Control List (ACL)-Clients must provide an application password, a user name, and a user password. If there is no ACL associated with a user name, permission is granted. This practice enables an administrator to configure access for only those resources that need more security; ACLs need not be configured for services, queues, or events that are open to everyone. Mandatory Access Control List (ACL)-Clients must provide an application password, a user name, and a user password. This level is similar to optional ACL, but an access control list must be configured for every entity (such as a service, queue, or event) that users can access. If mandatory ACLs are being used and there is no ACL for a particular entity, permission for that entity is denied. Link-Level Encryption-Users of BEA Tuxedo System Security can establish data privacy for messages moving over the network links that connect the machines in a BEA Tuxedo application. The BEA Tuxedo system encrypts data before sending it over a network link and decrypts it as it comes off the link. Three levels of security are offered: 0-bit (no encryption), 56-bit (international), or 128-bit (US and Canada). Public key encryption-Consists of message-based encryption and message-based digital signature. Message-based encryption reveals user data only to designated recipients. With message-based digital signature, a sending process must prove its identity, and bind that proof to a specific message buffer. Any third party can verify the signature's authenticity. Undetected tampering is impossible because a digital signature contains a cryptographically secure checksum computed on the entire contents of a buffer. A digital signature also contains a tamper-proof stamp based on the originating machine's local clock. Auditing-Collects, stores, and distributes information about operating requests and their outcomes.
User-level Authentication-In addition to an application password, each client must provide a valid user name and application-specific data such as a password to join the application. Optional Access Control List (ACL)-Clients must provide an application password, a user name, and a user password. If there is no ACL associated with a user name, permission is granted. This practice enables an administrator to configure access for only those resources that need more security; ACLs need not be configured for services, queues, or events that are open to everyone. Mandatory Access Control List (ACL)-Clients must provide an application password, a user name, and a user password. This level is similar to optional ACL, but an access control list must be configured for every entity (such as a service, queue, or event) that users can access. If mandatory ACLs are being used and there is no ACL for a particular entity, permission for that entity is denied. Link-Level Encryption-Users of BEA Tuxedo System Security can establish data privacy for messages moving over the network links that connect the machines in a BEA Tuxedo application. The BEA Tuxedo system encrypts data before sending it over a network link and decrypts it as it comes off the link. Three levels of security are offered: 0-bit (no encryption), 56-bit (international), or 128-bit (US and Canada). Public key encryption-Consists of message-based encryption and message-based digital signature. Message-based encryption reveals user data only to designated recipients. With message-based digital signature, a sending process must prove its identity, and bind that proof to a specific message buffer. Any third party can verify the signature's authenticity. Undetected tampering is impossible because a digital signature contains a cryptographically secure checksum computed on the entire contents of a buffer. A digital signature also contains a tamper-proof stamp based on the originating machine's local clock. Auditing-Collects, stores, and distributes information about operating requests and their outcomes.
Optional Access Control List (ACL)-Clients must provide an application password, a user name, and a user password. If there is no ACL associated with a user name, permission is granted. This practice enables an administrator to configure access for only those resources that need more security; ACLs need not be configured for services, queues, or events that are open to everyone. Mandatory Access Control List (ACL)-Clients must provide an application password, a user name, and a user password. This level is similar to optional ACL, but an access control list must be configured for every entity (such as a service, queue, or event) that users can access. If mandatory ACLs are being used and there is no ACL for a particular entity, permission for that entity is denied. Link-Level Encryption-Users of BEA Tuxedo System Security can establish data privacy for messages moving over the network links that connect the machines in a BEA Tuxedo application. The BEA Tuxedo system encrypts data before sending it over a network link and decrypts it as it comes off the link. Three levels of security are offered: 0-bit (no encryption), 56-bit (international), or 128-bit (US and Canada). Public key encryption-Consists of message-based encryption and message-based digital signature. Message-based encryption reveals user data only to designated recipients. With message-based digital signature, a sending process must prove its identity, and bind that proof to a specific message buffer. Any third party can verify the signature's authenticity. Undetected tampering is impossible because a digital signature contains a cryptographically secure checksum computed on the entire contents of a buffer. A digital signature also contains a tamper-proof stamp based on the originating machine's local clock. Auditing-Collects, stores, and distributes information about operating requests and their outcomes.
Mandatory Access Control List (ACL)-Clients must provide an application password, a user name, and a user password. This level is similar to optional ACL, but an access control list must be configured for every entity (such as a service, queue, or event) that users can access. If mandatory ACLs are being used and there is no ACL for a particular entity, permission for that entity is denied. Link-Level Encryption-Users of BEA Tuxedo System Security can establish data privacy for messages moving over the network links that connect the machines in a BEA Tuxedo application. The BEA Tuxedo system encrypts data before sending it over a network link and decrypts it as it comes off the link. Three levels of security are offered: 0-bit (no encryption), 56-bit (international), or 128-bit (US and Canada). Public key encryption-Consists of message-based encryption and message-based digital signature. Message-based encryption reveals user data only to designated recipients. With message-based digital signature, a sending process must prove its identity, and bind that proof to a specific message buffer. Any third party can verify the signature's authenticity. Undetected tampering is impossible because a digital signature contains a cryptographically secure checksum computed on the entire contents of a buffer. A digital signature also contains a tamper-proof stamp based on the originating machine's local clock. Auditing-Collects, stores, and distributes information about operating requests and their outcomes.
Link-Level Encryption-Users of BEA Tuxedo System Security can establish data privacy for messages moving over the network links that connect the machines in a BEA Tuxedo application. The BEA Tuxedo system encrypts data before sending it over a network link and decrypts it as it comes off the link. Three levels of security are offered: 0-bit (no encryption), 56-bit (international), or 128-bit (US and Canada). Public key encryption-Consists of message-based encryption and message-based digital signature. Message-based encryption reveals user data only to designated recipients. With message-based digital signature, a sending process must prove its identity, and bind that proof to a specific message buffer. Any third party can verify the signature's authenticity. Undetected tampering is impossible because a digital signature contains a cryptographically secure checksum computed on the entire contents of a buffer. A digital signature also contains a tamper-proof stamp based on the originating machine's local clock. Auditing-Collects, stores, and distributes information about operating requests and their outcomes.
Public key encryption-Consists of message-based encryption and message-based digital signature. Message-based encryption reveals user data only to designated recipients. With message-based digital signature, a sending process must prove its identity, and bind that proof to a specific message buffer. Any third party can verify the signature's authenticity. Undetected tampering is impossible because a digital signature contains a cryptographically secure checksum computed on the entire contents of a buffer. A digital signature also contains a tamper-proof stamp based on the originating machine's local clock. Auditing-Collects, stores, and distributes information about operating requests and their outcomes.
Auditing-Collects, stores, and distributes information about operating requests and their outcomes.
Copyright © 2000 BEA Systems, Inc. All rights reserved. Required browser: Netscape 4.0 or higher, or Microsoft Internet Explorer 4.0 or higher.