Security refers to techniques for ensuring that data stored in a computer or passed between computers is not compromised. Most security measures involve proof material and data encryption, where the proof material is a secret word or phrase that gives a user access to a particular program or system, and data encryption is the translation of data into a form that cannot be interpreted.To access the full security features of the CORBA environment, you need to install a license that enable the use of the SSL protocol, LLE, and PKI. For information about installing the license for the security features, see the Installing the Oracle Tuxedo System.
Note: Using Security in CORBA Applications describes the security features of the CORBA environment in the Oracle Tuxedo product. For a complete description of using the security features in the ATMI environment in the Oracle Tuxedo product, see Using Security in ATMI Applications.Table 1‑1 summarizes the features in the CORBA security features in the Oracle Tuxedo product.
Table 1‑1 CORBA Security Features Direct end-to-end mutual authentication in a distributed enterprise middleware environment such as the Oracle Tuxedo CORBA environment can be prohibitively expensive, especially when accomplished through security mechanisms optimized for long duration connections. It is not efficient for principals to establish direct network connections with each server application, nor is it practical to exchange and verify multiple authentication messages as part of processing each service request. Instead, CORBA applications in an Oracle Tuxedo product implements a delegated trust authentication model as shown in Figure 1‑1.Figure 1‑1 Delegated Trust ModelAs shown in Figure 1‑2, the authentication, authorization, auditing, and public key security features available with the Oracle Tuxedo product are implemented through a plug-in interface, which allows security plug-ins to be integrated into the CORBA environment. A security plug-in is a code module that implements a particular security feature.The Oracle Tuxedo product provides interfaces for the types of security plug-ins listed in Table 1‑2.
Table 1‑2 The Oracle Tuxedo Security Plug-Ins The specifications for the SPIs are currently only available to third-party security vendors who have entered into a special agreement with Oracle Systems, Inc. Customers who want to customize a security feature must contact one of these vendors or Oracle Professional Services. For example, an Oracle customer who wants a custom implementation of public key security must contact a third-party vendor who can provide the appropriate security plug-in or Oracle Professional Services.