Fusion Applications的安全组件
Component |
Does what? |
---|---|
Oracle HTTP Server (OHS) |
Takes all incoming HTTP requests |
Oracle Access Manager (OAM) |
Performs single sign on (SSO) |
Web Gate (OAM component) |
Intercepts requests and checks for user credentials |
Web Pass (OAM Web server plug-in) |
Passes information between the web server and OAM's Identity Server |
OAM Policy Manager |
Supports managing SSO, and URL-based authentication and authorization policies |
Oracle Identity Management (OIM) |
Handles user provisioning |
Oracle Web Services Manager (OWSM) |
Provides infrastructure for Service Oriented Architecture (SOA) and web services security |
OWSM Agent |
Enforces SOA and web services security |
OWSM Policy Manager |
Supports setting up policy configuration for SOA and web services security |
Oracle Platform Security Services (OPSS) |
Provides framework to manage policies, identity, and audit services across the enterprise |
Oracle Virtual Directory (OVD) |
Virtualizes data sources in LDAP |
Identity Governance Framework (IGF) |
Manipulates users, groups, and policies in LDAP |
Authorization Policy Management (APM) |
Supports managing authorization policies |
Enterprise Manager (EM) |
Supports managing deployed components, services, and applications |
Oracle Virtual Private Database (VPD) |
Protects personally identifiable (PII) attributes in the database from unauthorized access by privileged users such as DBAs |
Oracle Fusion Applications安全逻辑视图
Orcle Fusion Applications的安全和身份管理是基于Service-Oriented Security(SOS)框架。见图1。
[Figure1]Service-Oriented Security
SOS提供了一系列的安全服务供所有Oracle Fusion Middleware组件和Oracle Fusion Applications使用。SOS是采用SOA技术,且built upon Oracle Platform Security Services(OPSS)。见图2。
[Figure2]Oracle Platform Security Services(OPSS)in Context
OPSS是Oracle JDeveloper中的一套安全开发框架,提供了一套标准的,统一的,身份管理,审计服务的API将开发者从复杂的安全设计解放出来。 它可以部署在Weblogic Server上,包含Oracle WebLogic Server的内部安全服务,Oracle Fusion Middleware's security framework(或者称为Java Platform Security即JPS或 JAZN),Oracle Security Developer Tools(OSDT)等。OPSS 使用OSDT进行SSL配置和Oracle Wallet(OIM,Oracle Enterprise Manager, Oracle Database会使用)。OPSS也可以和其他安全组件整合,如LDAP。
OPSS的功能层包括:见图3。
1)认证Authentication
2)Identity Assertion
3)Single Sign-on(SS0):有两种实现方式,一种是基于OAM实现的企业级SSO解决方案,另外一种是基于SAML的解决方案(使用Weblogic server的SAML Credential Mapping Provider)。
4)User and role
5)Role mapping
6)Security stores:包含Identity Store(users and groups)和Credential Store。Security store通过Oracle Virtual Directory (OVD)来进行管理。
7)Audit
8)Application life cycle support
APM(Authorization Policy Manager)/OES(Oracle Entitlement Server)[Figure3]Oracle Platform Security Services Architecture