Corporate Info  |  News  |  Solutions  |  Products  |  Partners  |  Services  |  Events  |  Download  |  How To Buy
	http://www.oracle.com/technology/documentation/index.html   |   Site Map   |   Search   |   PDF Files   |   Contact   |   Glossary
Tuxedo Doc Home   |   TOP END Domain Gateway   |   Topic List   |   Previous   |   Next   |   Contents

   Using the BEA Tuxedo TOP END Domain Gateway

A BEA Tuxedo domain may be configured with several levels of security. For details about the various levels of security available for BEA Tuxedo applications, see UBBCONFIG(5) in BEA Tuxedo File Formats and Data Descriptions Reference.

You can authenticate a client in either of two ways. You can:

• Define an application-wide password (APP_PW)

• Specify individual client authentication (USER_AUTH)

The BEA Tuxedo system provides proprietary authentication and authorization services. Authentication is based on a user ID and password for each user. Authorization is based on Access Control Lists (ACLs), which specify the users entitled to access particular resources (services, queues, and events).When a user requests use of a resource, the system searches for an ACL for that resource. If an ACL is found, the system checks it to determine whether the user is authorized to use the resource. The strongest level of security requires explicit authorization (MANDATORY_ACL) for access to any service, queue, or event.

Optional encryption can be configured to protect data between nodes. Unlike BEA TOP END encryption, BEA Tuxedo encryption can be enabled without user authentication and authorization.

There are two types of public key encryption used in BEA Tuxedo applications: message-based encryption and message-based digital signature. Both build on the technology and key management of public/private key encryption algorithms.

Both message-based encryption and message-based digital signatures for application messages are supported between the BEA Tuxedo application and the TEDG but do not apply to messages between the TEDG and BEA TOP END systems.

The BEA Tuxedo system allows domains to inter-operate through domain gateways. Because domains are configured independently, any two domains do not need to have the same security configurations. Gateways provide configuration options that allow administrators to control the level of interoperability between any two domains.

Four levels of security are provided by a domain gateway, as specified in the DMCONFIG file:

• Gateways can be configured to limit the set of local services made available to remote domains

• Access to specific services can be limited to select remote domains

• Gateways can be configured to require authentication when attempts are made to connect to remote domains

• Links between domains may be encrypted

See Also

• Introducing Security in Using BEA Tuxedo Security