After completing this Security Configuration module, you
should be able to: Understand the basics of security in CC&B. Understand how to implement security configuration.
6-2
Copyright 2008, Oracle. All rights reserved.
Security Components
Security Repository (e.g. LDAP) Verify
Synchronize
6-3
Authentication
Who Are You?
Authorization
What Can You Do?
Copyright 2008, Oracle. All rights reserved.
Security Overview Browser: Logon prompt Session cookie - cookie expires on inactivity timeout or browser closure.
Web Application Server:
Provides authentication mechanism Integration to external security repository Authorization services NOT used Business Application Server: Provides authorization model
Database Server: Common database userid shared within connection pool.
6-4
Copyright 2008, Oracle. All rights reserved.
Authentication Support
Provided by the Web Application Server software
(WebLogic/WebSphere/Tomcat/Oracle AS) Can integrate with external security realms (LDAP, DBMS, Unix, etc) Can use Digital Certificates (1-way or 2-way) Password rules are basic in Web Application Server heavily set rules rely on external security realms. XAI includes an LDAP Import to synchronize authentication/authorization information.
6-5
Copyright 2008, Oracle. All rights reserved.
Process for application security definition
1. 2. 3. 4. 5. 6. 7.
6-6
Create User Groups within CC&B.
Connect User Groups to transactions within CC&B Create User definitions within CC&B Attach Users to User Groups within CC&B Create User definitions in Web Application Server Attach Users to Groups in Web Application Server (Optional) Create Users in Security Realm
Copyright 2008, Oracle. All rights reserved.
Authorization Model Functional Security
Data Security Service
Account
Security Type
Authorization Level
User Group/Service
User Group
Access Group
Data Access Tender Source
Access Mode
6-7
User User Group (edate)
User
To Do Role
Favourite Link
Portal Preference
Menu Item
Zone
Language
Copyright 2008, Oracle. All rights reserved.
Display Profile
User Preferences
User Administration
6-8
Copyright 2008, Oracle. All rights reserved.
Implementation Tip: Security
6-9
Use Internal LDAP Realm in non-production.
Consider LDAP or other realm for Production. Remember Oracle Utilities Customer Care & Billing userids are up to 8 chars in length and UPPER case. Consider mapping security credentials for non-compatible security systems. Supports one-way and two-way digital certificate base authentication but requires setup. Don't forget that Authorization is also included in security.
Copyright 2008, Oracle. All rights reserved.
Summary
In this Security Configuration module, you should have
learned how to: Understand the basics of security in CC&B. Understand how to implement security configuration
