Chapter 15. Using the Oracle Security Server
The Oracle Security Server (OSS) product was introduced with the basic Oracle8 software delivery. Although OSS is new with Oracle8, you can use it with Oracle7 as well. You do not need to purchase anything else from Oracle Corporation to be able to install, configure, and use this product. Why would you want to install and use the OSS? To see more clearly why you would want OSS and what you'd do with it, let's look first at some things you might do to prove your identity.
When you travel from one country to another, you may be required to carry a passport or some other form of identification to prove who you are and where you came from. To obtain the passport, you generally need to go to a government agency carrying a picture of yourself and a birth certificate to prove your identity. You fill out a form and provide your picture and identification, and the agency will issue a passport to you. You then carry the passport with you as you travel and show your passport to any agents who request it. In this way, you will be able to successfully prove who you are and will be permitted to travel anywhere within the area without having to display your passport again.
Basically, the concepts of single sign-on and certificates of authority , which we'll explore in this chapter, are very similar to using a passport to travel from one country to another. Once a user has logged on to a "trusted" system and been authenticated using the OSS, that user can carry the electronic certificate granted by the Oracle Security System and "travel" from one area of computing or database to another without having to explicitly produce a username and password again to access each separate system or area.
This chapter describes the basic use of the Oracle Security Server. We'll first look at the fundamentals of the cryptography concepts that underlie the OSS technology. Then we'll explore the OSS architecture, installation, and configuration. Finally, we'll look at the concepts and use of OSS identities, servers, and server authorization, as well as enterprise authorizations.