The Oracle9i Application Server PKI implementation provides
a variety of security services, in compliance with industry-standard specifications.
It incorporates a whole suite of products and features, including the following:
| Secure Sockets Layer |
The Secure Sockets Layer (SSL) is an application
layer protocol that can be employed for certificate-based authentication.
All of the major components of Oracle9iAS support SSL. |
| Oracle Wallets |
An Oracle wallet is a container in which certificates
and trusted certificates are stored and managed. These data structures securely
store a user private key, a user certificate, and a set of trusted certificates
(the list of root certificates which the user trusts). |
| Oracle Wallet Manager |
This is a Java-based application that security administrators
use to manage public-key security credentials on both Oracle clients and
servers. It creates an Oracle wallet. Oracle Wallet Manager creates a
public-private key pair and manages credentials for a user. It issues
PKCS#10 certificate requests to the certificate authority, and installs
the certificate in the wallet. It ships with trusted certificates from
VeriSign, RSA, and Baltimore CyberTrust, and can use a site's own in-house
certificate authority.
|
| Oracle Internet Directory |
Oracle Internet Directory, an LDAP V3-compliant
directory built on the Oracle9i database, helps to enable PKI-based
single sign-on. It enables you to securely manage the user and system configuration
environment, including security attributes and privileges, for users authenticated
using X.509 certificates. Oracle Internet Directory enforces attribute-level
access control, enabling the directory to restrict read, write, or update
privileges on specific attributes to specific named users (for example,
a security administrator). It also supports protection and authentication
of directory queries and responses through SSL encryption. |
Bookmark
