Thursday, March 20, 2003

Security: A Security Shorthand from SUN

The Future of Web Services Security from sun gave dictionary of security aspects. Here is simplified form of the same:

TermProtective GoalsMatching Security Technologies
ConfidentialityCan prying eyes see it?Key-based digital encryption and decryption.
AuthenticationAre you who you say you are?Username/password, key-based digital signing and signature verification, challenge-response, biometrics, smart cards, etc.
TrustHave I agreed to work with you?Key-based digital signing and signature verification.
Non-repudiationCan you claim that you didn't send or receive it even if you did? Key-based digital signing and signature verification, message reliability.
IntegrityWas it altered before I got it?Message Digest, itself authenticated with a digital signature.
AuthorizationAre you allowed to have it?Application of policy, access control, digital rights management.
AuditingCan I prove what happened?Various forms of logging, themselves secured to avoid tampering.




Tuesday, March 18, 2003

Weblogic:8.1 Supports getting vendor JDBC connection

Never understood why BEA wouldn't support this feature. This is a critical feature for many applications like the one's that use Oracle Spatial Extensions. Here is the docs for the same.

Weblogic: 6.1SP4 Supports Console Extensions

Never seen any docs related to this but weblogic6.1sp4 supports console extensions. Follow the instructions as per 7.0 docs. But here is the trick though, your java class that extends weblogic.management.console.extensibility.Extension should not implement weblogic.management.console.extensibility.NavTreeExtension. Note that NavTreeExtension exists in 7.0 but not in 6.1sp4.