4.1 Overview of the Security Service

The CORBA environment in the Oracle Tuxedo product offers a security model based on the CORBA Services Security Service. The Oracle Tuxedo CORBA security model implements the authentication portion of the CORBA Services Security Service.

In the CORBA environment security information is defined on a domain basis. The security level for the domain is defined in the configuration file. Client applications use the SecurityCurrent object to provide the necessary authentication information to log on to the Oracle Tuxedo domain.

The following levels of authentication are provided:

• TOBJ_NOAUTH

  No authentication is needed; however, the client application may still authenticate itself, and may specify a username and a client application name, but no password.

• TOBJ_SYSAUTH

  The client application must authenticate itself to the Oracle Tuxedo domain and must specify a username, client application name, and application password.

• TOBJ_APPAUTH

  In addition to the TOBJ_SYSAUTH information, the client application must provide application-specific information. If the default Oracle Tuxedo CORBA authentication service is used in the application configuration, the client application must provide a user password; otherwise, the client application provides authentication data that is interpreted by the custom authentication service in the application.

Note:

If a client application is not authenticated and the security level is TOBJ_NOAUTH, the IIOP Listener/Handler of the Oracle Tuxedo domain registers the client application with the username and client application name sent to the IIOP Listener/Handler.

In the Oracle Tuxedo CORBA security environment, only the PrincipalAuthenticator and Credentials properties on the SecurityCurrent object are supported. For a description of the SecurityLevel1::Current and SecurityLevel2::Current interfaces, see the CORBA Programming Reference in the Oracle Tuxedo online documentation.