2
Oracle Security Server Architecture and Operation

This chapter provides a description of the architecture and operation of the Oracle Security Server. The sections and subsections within this chapter include:

• Oracle Security Server Architecture
• Oracle Security Server Operation

Oracle Security Server Architecture

The Oracle Security Server consists of the following major components:

• Oracle Security Server Manager
• Oracle Security Server Repository
• Oracle Security Server Authentication Adapter

The combination of the Oracle Security Server Manager, the security administrator (SA) who uses that tool, and the Oracle Security Server Repository forms the Oracle Security Server's implementation of a certification authority (CA).

Oracle Security Server Manager

A person uses the Oracle Security Server Manager, an application that runs in the Oracle Enterprise Manager framework, to administer the Oracle Security Server Repository. This application provides a graphical user interface (GUI) that an administrator can use to define and maintain information about identities and the authorizations granted to those identities on the databases within the enterprise.

The Oracle Security Server Manager runs under Windows NT 4.0 or Windows 95 on "low-end" machines, such as 486s, as well as on large-scale distributed PC networks.

Oracle Security Server Repository

The Oracle Security Server Repository is an Oracle7 Server (release 7.3.2 or higher) or Oracle8 Server that contains the data that an administrator enters using the Oracle Security Server Manager, as well as other data such as encrypted private keys. This repository also acts as the primary force behind the certification authority (CA) for the Oracle Security Server: it generates and stores certificates in response to administrator requests. responds to requests for information about certificate expirations and revocations, and stores requests for certificates posted from Oracle WebServers.

Oracle Security Server Authentication Adapter

The Oracle Security Server Authentication Adapter provides an interface from a Net8 client or an Oracle7 or Oracle8 database server to the Oracle Security Server Repository. This adapter allows Oracle products to request, obtain, and use certificates created by the Oracle Security Server CA. The adapter also queries the Oracle Security Server Repository for certificate status and authorization data.

Oracle Security Server Operation

Figure 2-1 illustrates the relationships among the components of the Oracle Security Server and the relationships among outside entities and these components.

Figure 2-1 Oracle Security Server Operations

If an Oracle WebServer is present in an enterprise, it may request the creation of identities and certificates within the Oracle Security Server. The administrator fulfills these requests using the Oracle Security Server Manager.

The Oracle Security Server Manager accesses the Oracle Security Server Repository using the version of SQL*Net or Net8 distributed with the Oracle Enterprise Manager. The Oracle Security Server Authentication Adapters and the Oracle Security Server Repository also communicate using SQL*Net/Net8.

Figure 2-1 indicates that authentication occurs between subjects by way of their Oracle Security Server Authentication Adapters. The steps involved in this mutual authentication process, in which one subject is acting as the client and the other is acting as the server, include the following:

1. The client sends a copy of its certificate to the server. The server responds by sending its certificate to the client.
2. Each subject uses the CA's public key to verify that the CA indeed signed the given certificate, and then extracts the identity and public key of the other subject.
3. Each subject checks with the CA to make sure that the certificate of the other subject has not expired or been revoked.
4. Each subject generates a random nonce, a binary value that is used only once, then uses the other subject's public key to encrypt that nonce and sends the encrypted nonce to the other subject.
5. Each subject uses its private key to decrypt the nonce that it received from the other party.
6. Each subject combines the nonce it received with the one it generated to create a hash key.
7. Each subject uses that key with the MD5 algorithm (see the section "Digital Signatures" within Chapter 1) to generate a hash of the combination of the two nonces and the client's and server's identities, and then sends that hash to the other subject.
8. If each subject discovers that the hash it received matches the hash it sent, then both client and server are assured that the other subject is authentic. The server then retrieves, from the Oracle Security Server Repository, the roles that the client is authorized to perform.

---