Table of Contents Overview of the CORBA Security Features The CORBA Security Features The CORBA Security Environment Oracle Tuxedo Security SPIs Introduction to the SSL Technology The SSL Protocol Digital Certificates Certificate Authority Certificate Repositories A Public Key Infrastructure PKCS-5 and PKCS-8 Compliance Supported Public Key Algorithms Supported Symmetric Key Algorithms Supported Message Digest Algorithms Supported Cipher Suites Standards for Digital Certificates Fundamentals of CORBA Security Link-Level Encryption How LLE Works Encryption Key Size Negotiation Determining min-max Values Finding a Common Key Size WSL/WSH Connection Timeout During Initialization Development Process Password Authentication How Password Authentication Works Development Process for Password Authentication The SSL Protocol How the SSL Protocol Works Requirements for Using the SSL Protocol Development Process for the SSL Protocol Certificate Authentication How Certificate Authentication Works Development Process for Certificate Authentication Using an Authentication Plug-in Authorization Auditing PKI Plug-ins Commonly Asked Questions About the CORBA Security Features Do I Have to Change the Security in an Existing CORBA Application? Can I Use the SSL Protocol in an Existing CORBA Application? When Should I Use Certificate Authentication? Managing Public Key Security Requirements for Using Public Key Security Who Needs Digital Certificates and Private/Private Key Pairs? Requesting a Digital Certificate Publishing Certificates in the LDAP Directory Service Editing the LDAP Search Filter File Storing the Private Keys in a Common Location Defining the Trusted Certificate Authorities Creating a Peer Rules File Configuring Link-Level Encryption Understanding min and max Values Verifying the Installed Version of LLE Configuring LLE on CORBA Application Links Configuring the SSL Protocol Setting Parameters for the SSL Protocol Defining a Port for SSL Network Connections Enabling Host Matching Setting the Encryption Strength Setting the Interval for Session Renegotiation Defining Security Parameters for the IIOP Listener/Handler Example of Setting Parameters on the ISL System Process Example of Setting Command-line Options on the CORBA C++ ORB Configuring Authentication Configuring the Authentication Server Defining Authorized Users Defining a Security Level Configuring Application Password Security Configuring Password Authentication Sample UBBCONFIG File for Password Authentication Configuring Certificate Authentication Sample UBBCONFIG File for Certificate Authentication Configuring Access Control Configuring Optional ACL Security Configuring Mandatory ACL Security Setting ACL Policy Between CORBA Applications Impersonating the Remote Domain Gateway Example DMCONFIG Entries for ACL Policy Configuring Security to Interoperate with Older WebLogic Enterprise Client Applications Configuring Security Plug-ins Registering the Security Plug-ins (SPIs) Building and Running the CORBA Sample Applications Building and Running the Security Sample Application Building and Running the Secure Simpapp Sample Application Step 1: Copy the Files for the Secure Simpapp Sample Application into a Work Directory Step 2: Change the Protection Attribute on the Files for the Secure Simpapp Sample Application Step 3: Verify the Settings of the Environment Variables Step 4: Execute the runme Command Using the Secure Simpapp Sample Application Writing a CORBA Application That Implements Security Using the Bootstrapping Mechanism Using the Host and Port Address Format Using the corbaloc URL Address Format Using the corbalocs URL Address Format Using Password Authentication The Security Sample Application Writing the Client Application C++ Code Example That Uses the SecurityLevel2::PrincipalAuthenticator::authenticate() Method C++ Code Example That Uses the Tobj::PrincipalAuthenticator::logon() Method Using Certificate Authentication The Secure Simpapp Sample Application Writing the CORBA Client Application C++ Code Example of Certificate Authentication Using the Interoperable Naming Service Mechanism Protecting the Client Credentials Using the Invocations_Options_Required() Method Troubleshooting Using ULOGS and ORB Tracing CORBA::ORB_init Problems Password Authentication Problems Certificate Authentication Problems Tobj::Bootstrap::resolve_initial_references Problems IIOP Listener/Handler Startup Problems Configuration Problems Problems with Using Callbacks Objects with the SSL Protocol Troubleshooting Tips for Digital Certificates CORBA Security APIs The CORBA Security Model Authentication of Principals Controlling Access to Objects Administrative Control Functional Components of the CORBA Security Environment The Principal Authenticator Object Using the Principal Authenticator Object with Certificate Authentication Oracle Tuxedo Extensions to the Principal Authenticator Object The Credentials Object The SecurityCurrent Object Security Modules CORBA Module TimeBase Module Security Module Security Level 1 Module Security Level 2 Module Tobj Module C++ Security Reference SecurityLevel2::Credentials SecurityLevel2::PrincipalAuthenticator Java Security Reference Automation Security Reference Method Descriptions DISecurityLevel2_Current DITobj_PrincipalAuthenticator DISecurityLevel2_Credentials
Copyright © 1994, 2017, Oracle and/or its affiliates. All rights reserved.
