This chapter introduces Oracle Enterprise Data Quality Security concepts, and guides you through the content of this manual. It includes the following sections:
Security within EDQ applies to access to the application (ensuring that only authorized users can access it, and that data within the application is secured), and to auditing of user actions to identify anomalies. Section 1.1.1, "Authentication" and Chapter 5, "Authorizing Users" relate to access control, Chapter 6, "Using Encryption" details encryption of data during transport, and Chapter 7, "Auditing" details auditing.
Details of users and groups in EDQ can be stored within its own internal directory or taken from an external directory service. EDQ can be integrated with an external Lightweight Directory Access Protocol (LDAP) server (including Microsoft Active Directory) or Oracle Access Manager (OAM). Using external authentication sources enables EDQ to share user credentials with other systems, reducing the number of passwords that users need to remember and maintain, while eliminating overhead in management of users and groups.
Authorization controls what users can do once they have authenticated successfully. Authorization of users is based on a model of users, permissions and subsystems (such as Core, Director, Server Console, and others) associated with groups. Users inherit permissions on subsystems from the groups to which they are associated.
Both the WebLogic and Tomcat servers support HTTPS and should be configured to require traffic between the client and EDQ is encrypted so that it cannot be read or modified in transit. For environments where HTTPS is not an option, EDQ encrypts passwords sent between the client and server.
Where databases support encryption of traffic, connections to the database should be configured to use this feature.
EDQ supports auditing of user actions using the Oracle Fusion Middleware Audit Framework. In addition, EDQ can be configured to produce audit information in disk files. See Chapter 7, "Auditing" for more information.
The following terms are used in this guide:
AD – Active Directory
Certificate – Generally refers to an X.509 certificate
Kerberos – Network authentication protocol
LDAP – Lightweight Directory Access Protocol
OID – Oracle Internet Directory
OPSS - Oracle Platform Security Services
SSL – Security Sockets Layer, a protocol for encrypted connections over which application traffic can be transported. Replaced by TLS, although SSL is still used as a generic term.
TLS – Transport Layer Security, a successor to SSL.
WLS – WebLogic Server
X.509 Certificate – A certificate issued by a trusted authority (certificate authority) to certify that a specified entity (individual, organization, server, or other entity) holds the matching private key for a public key.