Wednesday, July 15, 2009

Whats in your wallet?

Ok, behind the clever title (which has been used before in Oracle internal wiki & no relation to Capital One) here is the situation. Often applications access some protected service (WebService, Database, LDAP etc). Many applications store user name/password(Credentials) required to authenticate to these services in some configuration file. Often these credentials are stored in a clear text where they are susceptible to prying eyes, and raise a few eyebrows at the corporate security groups.

Business developers need a place to store these credentials securely and a guarantee that only authorized applications/users can access these.
Enter OPSS's Credential Store Framework(CSF). CSF allows only authorized applications to access credentials that are stored outside of the application, securely in Oracle Wallet (hence What's in your wallet, title). Nice, so developers don't need to worry about secure credentials storage themselves.

But wait, here is the icing on the cake, since the credentials are stored outside the application, administrators can change/update the credentials without changing any application code using the Management tool Oracle Fusion Middleware provides (Enterprise Manager & WLST command).

But wait, there is more, OPSS allows provides build in auditing so if your admin want they can enable audit policy on Credential Store access without any application code changes but again few clicks with the aforementioned management tools.

But wait, there is more, OPSS allows these credentials to be stored in an LDAP (and protected by an LDAP), which is what we recommend in a production situation instead of Oracle wallet.


Check out CSF documentation,

Happy coding.

1 comment:

vadim said...

Great one. Small typo - you have "thenselves" which should be "themselves" ;-)