Borland VisiBroker® 7.0 - Borland Technical Publications
Share Embed Flag
Download ePaper

Borland VisiBroker® 7.0 - Borland Technical Publications

Borland VisiBroker® 7.0 - Borland Technical Publications Borland VisiBroker® 7.0 - Borland Technical Publications

borland.com
11.07.2015 Views

Authentication and IdentificationSystem identificationAny system first needs to identify itself before being allowed access to resources.Client identification is always required for resource access. In a CORBA/J2EEenvironment, the need for identification also exists for servers as well. Servers needidentification in two cases:■One, when using SSL for transport layer security, the server typically needs toidentify itself to the client.■Two, when mid-tier servers make further invocations to other mid-tier or end-tierservers, they need to identify themselves before being allowed (potentially) to act onbehalf of the original caller.For more information, see “System Identification” on page 36.Authentication and pluggabilityAuthentication in VisiBroker is a JAAS implementation allowing pluggableauthentication. The JAAS logon service separates the configuration fromimplementation. A low-level system programming interface called the LoginModule,provides an anchor point for pluggable security modules.At the same time as system identification, the authentication mechanism concept isemployed to represent the “format” for communicating (or transporting) authenticationinformation between various components of the security subsystem. The securityservice provider for the authentication/identification process implements the specificformat (encoding and decoding process) that is to be used by the underlying coresystem.In a distributed environment, the authentication process is further complicated by thefact that the representation of the entity and the corresponding credential must betransported among peers in a generic fashion. Therefore, the VisiSecure Java SPIemploys the concept of the AuthenticationMechanism and defines a set of classes fordoing authentication/identification in a distributed environment.Server and/or client authenticationWith the VisiBroker implementation of JAAS, you can set different mechanisms ofauthentication. You can have server authentication, where servers are authenticatedby clients using public-key certificates. You can also have client authentication. Clientscan be authenticated using passwords or public-key certificates. That is, the server canbe configured to authenticate clients with a password or clients with public-keycertificates.Authenticating clients with usernames and passwordsIf server-side authentication is not required, authentication can be accomplished usinga standard username/password combination. To authenticate clients using usernamesand passwords, several things need to happen. The server should expose a set ofrealms to which it can authenticate a client. Each realm should correspond to a JAASLoginModule that actually does the authentication. Finally, the client should provide ausername and password, and a realm under which it wishes to authenticate itself. Formore information, see Chapter 3, “Authentication.”12 VisiBroker Security Guide

Authentication and IdentificationAuthentication property settingsThe authentication policy—whether it is server or client authentication and whether it isdone using public-key certificates or passwords—is determined by property settings.For more information, see Chapter 10, “Security Properties for C++” and Chapter 9,“Security Properties for Java.”Public-key encryptionIn addition to username/password-based authentication, VisiSecure also supportspublic-key encryption. In public-key encryption, each user holds two keys: a public keyand a private key. A user makes the public key widely available, but keeps the privatekey secret.Data that has not been encrypted is often referred to as clear-text, while data that hasbeen encrypted is called cipher-text. When a public key and a private key are used withthe public-key encryption algorithm, they perform inverse functions of one another, asshown in the following diagram.■■In the first case, the public key is used to encrypt a clear-text message into a ciphertextmessage; the private key is used to decrypt the resulting cipher-text message.In the second case, the private key is used to encrypt a message (typically in thecase of digital signatures—that is, “signed” messages), while the public key is usedto decrypt it.If someone wants to send you sensitive data, they acquire your public key and use it toencrypt that data. Once encrypted, the data can only be decrypted with the private key.Not even the sender of the data will be able to decrypt the data. Note that encryptioncan be asymmetric or symmetric.Asymmetric encryptionAsymmetric encryptions has both a public and a private key. Both keys are linkedtogether such that you can encrypt with the public key but can only decrypt with theprivate key, and vice-versa. This is the most secure form of encryption.Chapter 2: Getting Started with Security 13

Authentication and IdentificationAuthentication property settingsThe authentication policy—whether it is server or client authentication and whether it isdone using public-key certificates or passwords—is determined by property settings.For more information, see Chapter 10, “Security Properties for C++” and Chapter 9,“Security Properties for Java.”Public-key encryptionIn addition to username/password-based authentication, VisiSecure also supportspublic-key encryption. In public-key encryption, each user holds two keys: a public keyand a private key. A user makes the public key widely available, but keeps the privatekey secret.Data that has not been encrypted is often referred to as clear-text, while data that hasbeen encrypted is called cipher-text. When a public key and a private key are used withthe public-key encryption algorithm, they perform inverse functions of one another, asshown in the following diagram.■■In the first case, the public key is used to encrypt a clear-text message into a ciphertextmessage; the private key is used to decrypt the resulting cipher-text message.In the second case, the private key is used to encrypt a message (typically in thecase of digital signatures—that is, “signed” messages), while the public key is usedto decrypt it.If someone wants to send you sensitive data, they acquire your public key and use it toencrypt that data. Once encrypted, the data can only be decrypted with the private key.Not even the sender of the data will be able to decrypt the data. Note that encryptioncan be asymmetric or symmetric.Asymmetric encryptionAsymmetric encryptions has both a public and a private key. Both keys are linkedtogether such that you can encrypt with the public key but can only decrypt with theprivate key, and vice-versa. This is the most secure form of encryption.Chapter 2: Getting Started with Security 13

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!