Corporate Info  |  News  |  Solutions  |  Products  |  Partners  |  Services  |  Events  |  Download  |  How To Buy
	http://www.oracle.com/technology/documentation/index.html   |   Site Map   |   Search   |   PDF Files   |   Contact   |   Glossary
Tuxedo Doc Home   |   Security   |   Topic List   |   Previous   |   Next   |   Contents

   Using BEA Tuxedo Security

The underlying plug-in interface for public key security consists of six component interfaces, each of which requires one or more plug-ins. By instantiating these interfaces with your preferred plug-ins, you can bring custom message-based digital signature and message-based encryption to your applications.

The six component interfaces are:

• Public key initialization

• Key management

• Certificate lookup

• Certificate parsing

• Certificate validation

• Proof material mapping

Public Key Initialization

The public key initialization interface allows public key software to open public and private keys. For example, gateway processes may need to have access to a specific private key in order to decrypt messages before routing them. This interface is implemented as a fanout.

The key management interface allows public key software to manage and use public and private keys. Note that message digests and session keys are encrypted and decrypted using this interface, but no bulk data encryption is performed using public key cryptography. Bulk data encryption is performed using symmetric key cryptography.

The certificate lookup interface allows public key software to retrieve X.509v3 certificates for a given principal. Principals are authenticated users. The certificate database may be stored using any appropriate tool, such as Lightweight Directory Access Protocol (LDAP), Microsoft Active Directory, Netware Directory Service (NDS), or local files.

The certificate parsing interface allows public key software to associate a simple principal name with an X.509v3 certificate. The parser analyzes a certificate to generate a principal name to be associated with the certificate.

The certificate validation interface allows public key software to validate an X.509v3 certificate in accordance with specific business logic. This interface is implemented as a fanout, which allows BEA Tuxedo customers to use their own business rules to determine the validity of a certificate.

The proof material mapping interface allows public key software to access the proof materials needed to open keys, provide authorization tokens, and provide auditing tokens.

You can provide public key security for your application by using a custom plug-in. You choose a plug-in by configuring the BEA Tuxedo registry, a tool that controls all security plug-ins.

If you use a custom public key plug-in, you must configure the registry for your public key plug-in before you can install it. For more detail about the registry, see Setting the BEA Tuxedo Registry.

The default public key implementation supports the following algorithms:

• Public key algorithms: RSA

• Digital signature algorithms: RSA and DSA

• Symmetric key algorithms:

  • DES-CBC

  • Two-key triple-DES

  • RC2

• Message digest algorithms:

  • MD5

  • SHA-1

See Also

• Public Key Security

• Security Administration Tasks

• Administering Public Key Security

• Programming an Application with Security

• Writing Security Code to Protect Data Integrity and Privacy