Microservices Security Concepts

Learn about these MA security features:

Connection Filtering

This is responsible for qualifying and filtering a candidate connection based on connection policy specifications.

Certificate Filtering

Similar to connection filtering, this feature enables qualifying certificates as part of accepting or denying a connection request.

Fall-back Constraints

Network security configuration within MA servers enables you to configure and constrain the protocol version negotiation fall-back behavior allowing them to control if and how the protocol versions are negotiated.

Session Management

MA Service Interfaces requests are REST and stateless, which implies that no client application context it stored on the server between requests. The application session state is entirely held by the client. Session management includes:

Logical state-tracking of the clients authorization status

The Authorization Cookie used by WebApps and available to other clients is an opaque token that allows secured client authorization information sent to the server with each REST request. The client state encoded in the Authorization Cookie is transferred automatically by the browser with each request, The client's effective authorization is not maintained by the server.

Secured TLS session caching and reuse

The secured communication sub-system supports TLS session caching and reuse. This reduces the computational load on the server by allowing cryptographic session established in a prior require to be reused and skip the high-cost handshake and cipher negotiation processing. TLS-session caching and reuse does not reuse any MA service request information.

User Credential Storage

User credentials are stored in a cryptographically secure persistent and fault-tolerant store. When you add credentials from the Admin Client, they are stored locally to the executable. This allows the Admin Client to run scripts securely from the local site.

Single Page Applications (SPAs) and WebApp Security

All popular web browsers support both HTTP and HTTPS protocol. MA supports running WebApps including SPAs and JavaScript-based applications in either HTTPS (secured) or HTTP (unsecured) mode.

Cipher-Suites

The MA configuration allows you to select the set of allowed cipher-suites if necessary. Generally, the MA default cipher-suite set is appropriate.

Encryption Profile

The encryption profile allows you to use Oracle Key Vault, which is a full-stack, security-hardened software appliance built to centralize the management of MA security objects.