Figure 2‑1 illustrates how the SSL protocol works in the CORBA security environment.With SSL version 3.0, principals can also authenticate to the IIOP Listener/Handler. This type of authentication is referred to as mutual authentication. In mutual authentication, principals present their digital certificates to the IIOP Listener/Handler. When using mutual authentication, both the IIOP Listener/Handler and the principal need private keys and digital certificates that represent their identity. This type of authentication is useful when you must restrict access to trusted principals only.Figure 2‑2 shows the PKI process flow.Figure 2‑2 PKI Process FlowThe Oracle Tuxedo product does not provide the tools necessary to be a certificate authority. Oracle Systems, Inc. recommends using a third-party certificate authority such as VeriSign or Entrust. By offering a Public Key SPI, Oracle Systems, Inc. extends the opportunity to all Oracle Tuxedo customers to use a PKI security solution with the PKI software from their vendor of choice. See “PKI Plug-ins” on page 3‑22 for more information.Public key (or asymmetric key) algorithms are implemented through a pair of different but mathematically related keys:A block cipher is a type of symmetric key algorithm that transforms a fixed-length block of plaintext (unencrypted text) data into a block of ciphertext (encrypted text) data of the same length. This transformation takes place in accordance with the value of a randomly generated session key. The fixed length is called the block size.A cipher suite is a SSL encryption method that includes the key exchange algorithm, the symmetric encryption algorithm, and the secure hash algorithm used to protect the integrity of the communication. For example, the cipher suite RSA_WITH_RC4_128_MD5 uses RSA for key exchange, RC4 with a 128-bit key for bulk encryption, and MD5 for message digest.