Friday, July 17, 2009

Upgrade to Fusion Middleware 11gR1

So you are on OAS 10.1.x release and want to upgrade to 11gR1. It is a daunting topic, for starters here is the upgrade center. For upgrading custom JavaEE application upgrade see this whitepaper which incidentally I co-wrote.

Let me know if you run into any problems (specifically wrt to Security) during upgrade.

Thursday, July 16, 2009

In case you are wondering what I am upto in October

Come check out the Oracle Open World sessions on OPSS. I hope we get a chance to exchange some ideas after all that's what this Open World is all about.

Wednesday, July 15, 2009

Whats in your wallet?

Ok, behind the clever title (which has been used before in Oracle internal wiki & no relation to Capital One) here is the situation. Often applications access some protected service (WebService, Database, LDAP etc). Many applications store user name/password(Credentials) required to authenticate to these services in some configuration file. Often these credentials are stored in a clear text where they are susceptible to prying eyes, and raise a few eyebrows at the corporate security groups.

Business developers need a place to store these credentials securely and a guarantee that only authorized applications/users can access these.
Enter OPSS's Credential Store Framework(CSF). CSF allows only authorized applications to access credentials that are stored outside of the application, securely in Oracle Wallet (hence What's in your wallet, title). Nice, so developers don't need to worry about secure credentials storage themselves.

But wait, here is the icing on the cake, since the credentials are stored outside the application, administrators can change/update the credentials without changing any application code using the Management tool Oracle Fusion Middleware provides (Enterprise Manager & WLST command).

But wait, there is more, OPSS allows provides build in auditing so if your admin want they can enable audit policy on Credential Store access without any application code changes but again few clicks with the aforementioned management tools.

But wait, there is more, OPSS allows these credentials to be stored in an LDAP (and protected by an LDAP), which is what we recommend in a production situation instead of Oracle wallet.

Check out CSF documentation,

Happy coding.

Monday, July 6, 2009

The foundation for security in Oracle Fusion Middleware and Fusion Applications

Now that Oracle has released Fusion Middleware 11gR1, I can talk about security aspects of it. Starting this release Oracle has combined the security frameworks used in Oracle Application Server with the security framework used in WebLogic Server into "Oracle Platform Security Services" or OPSS.

OPSS is the foundation of security used across the entire Fusion Middleware Suite and Fusion Applications. See details.