|
We have all used passwords as means of authentication
to the ATM, to access voice mail or to log into our favorite
application. While effective password management policies
provide for the possibility of secure passwords, there
is a need for stronger authentication in today's business
environment. The real question is, how do you prove that the
user entering the username and password is really who she
claims to be? Oracle Advanced Security provides strong authentication
using industry standards including Kerberos, RADIUS,
two-factor authentication using smart cards/ token cards,
DCE, Entrust Profiles and the ubiquitos X.509v3 compliant
digital certificates over Secure Socket Layer (SSL).
Oracle Advanced Security strong authentication mechanisms
such as Kerberos, DCE and X.509v3 certificates can also provide
Single Sign On capabilities to applications that rely on these
authentication services.
Kerberos
Oracle9i
Advanced Security supports the Kerberos network authentication
protocol that was designed to provide secure access in a distributed
environment. It relies on a trusted third party authentication
server that relies on shared secrets to grant "tickets" to
the clients requesting access to a resource, which in
our context is the database. Due to the nature of the credentials,
it could also be considered for providing single sign-on capabilities.
The database client can authenticate using the kerberos tickets
granted by MIT Kerberos server, Cybersafe Trust Broker or
Microsoft KDC.
RADIUS (Remote Dial-in
User Service)
RADIUS has been established as an industry
standard for remote authentication and controlled access to
networks. Oracle Advanced Security 9iallows
database external users who are also defined as RADIUS
users to be authenticated by the thrid party RADIUS server.
The authentication can occur either in synchronous or asynchronous
authentication modes. Smart card ( such as RSA's SecurID)
, token card (such as ActivCard) and biometric authentication
are supported using the RADIUS protocol. Oracle Advanced Security
integrates with a RADIUS server that is compliant with the
IETF RFC#2138 and RFC#2139 including the RSA Ace Server and
Funk RADIUS.
DCE
The Distributed Computing Environment ( DCE)
is a set of integrated network services that works across
multiple systems to provide a distributed environment. Oracle
DCE Integration has two components : DCE Communication/Security
and the DCE Cell Directory Services Native Naming. Oracle
DCE integration provides applications the flexibility to have
different levels of integration with the DCE services. That
is, depending on the need, applications can choose to integrate
very tightly with the DCE services or choose to plug in different
security authentication services provided by Oracle Advanced
Security.
Digital Certificates
Secure Sockets Layer(SSL) is an industry standard
protocol that is based on public key cryptography principles
to provide authentication, encryption and data integrity.
SSL supports two authentication modes : Server alone authenticates
to the client OR both client and server authenticate to each
other. Public Key Cryptography relies on the existence of
a disinterested yet trusted third party to issue the digital
identities to the clients and the server. This digital identitiy
is the X.509v3 compliant digital certificate. Oracle Advanced
Security allows users and database servers to authenticate
to the database and achieve single sign on to applications
using X.509v3 compliant digital certificates. Oracle Advanced
Security authenticates using industry standard X.509v3 certificates
issued by Certificate Authorities including Verisign, Baltimore.
Oracle Advanced Security has also been certified
as an Entrust Ready product. It can authenticate using Entrust
Profiles issued by the Entrust Authority to the database.
More
Info
Oracle9i
Daily Features
|
Bookmark
