Showing posts with label web application development tools. Show all posts

Wednesday, 19 December 2012

All about Oracle Security Developer Tools

Sophina Dillard 06:06 , , , , , , 1 comment :

If I talk about, Oracle Security Developer Tools i.e. OSDT the foremost thing which come into my mind is set of java libraries (JARs) used by developers to secure the enterprise applications. It is one of the SDKs (Software Development Kits) for building up Oracle Platform Security Services (OPSS) and to manage and identify the services, etc. It is delivered as a set of Java libraries that ship with Oracle Application Server and JDeveloper.

Security tools are always treated as critical components for the application development project. The commercial necessities and government regulations convey that sensitive data that need to be kept confidential and protected from being altered. It comes with the cryptographic building blocks which are necessary for basic responsibilities e.g. secure messaging to more complicated projects such as securely implementing a service-oriented architecture.

OSDT architecture



 Image reference:  “http://www.oracle.com/technetwork/testcontent/osdt-133323.pdf

So what are the business benefits using it?


  • Standards-compliant (i.e. Conformance and Validation) – It enables greater control over document display. In this, Java, XML are available.
  • It is certified with Oracle’s Crypto Engine FIPS 140-2 Level 1 certification. 
  • It is extensible – i.e. Modular architecture, portable, scalable, easily integrated with enterprise applications.
  • It is used by several other Oracle products
  • It is installed at hundreds of customer sites worldwide since 1996
  • Interoperable – Interoperability is the key toward preceding the use of IM in the workplace. OASIS / W3C / LAP events are included in it.
  • It is readily available i.e. The OSDT JARs are installed with the Oracle Application Server in ORACLE_HOME (OC4J and WebLogic Server)

OSDT is part of Oracle Platform Security Services (OPSS), which provides an abstraction layer in the form of standards-based APIs that separate the developers from security and identity management of implementation details. OSDT APIs are –

  1. Oracle Crypto – It is a pure Java library that offers fundamental cryptography algorithms, including those directed by the National Institute of Standards and Technology (NIST) in their FIPS publications.
  2. Oracle Security Engine – It extends Oracle Crypto by offering X.509 based certificate management functions. This component is a superset of Oracle Crypto.
  3. Oracle CMS – It implements the IETF Cryptographic Message Syntax (CMS) protocol. CMS defines data protection schemes that allow for secure message envelopes.
  4. Oracle XML – In this, security implements the W3C specifications for XML Encryption and XML Signature.
  5. Oracle S/MIME – It implements the IETF S/MIME (Secure/Multipurpose Mail Extensions) specifications for secure email.
  6. Oracle PKI SDK – It implements the security protocols that are necessary within Public Key Infrastructure implementations (LDAP, OCSP, TSP, and CMP).
  7. Oracle Web Services – It provides security to a framework for authentication and authorization using existing security technologies as outlined in the OASIS specification for Web Services Security.
  8. Oracle Liberty SDK – It implements the Liberty Alliance Project specifications enabling federated single sign-on between third-party Liberty-compliant applications.
  9. Oracle SAML – It provides a framework for the exchange of security credentials amongst disparate systems and applications in an XML based format as outlined in the OASIS specification for the Security Assertions Mark-up Language.
  10. Oracle XKMS – It implements the W3C XKMS 2.0 specification providing PKI integration capabilities with Web Services.

You can find more information about this on the oracle website -  http://docs.oracle.com/cd/B14099_19/idmanage.1012/b15975/intro.htm. They have their dedicated documents and articles on specific products and services. If you have any query or if you want add furthermore in it, please put your suggestions and comments in the comment box below. I request you to put your name or initial so that I can address you for the same.

Friday, 14 December 2012

.Net: Are you planning to go for it for the enterprise development?

Sophina Dillard 04:12 , , , , , , No comments :

If I talk about the internet era, it was highly evolved, when W3C (World Wide Web Consortium) took a role of standards transmission. Because of this, all major software vendors agreed with this new Web Services technology, proposed by W3C committee. Here, Microsoft did as a pioneer in web services technology when they released their .NET architecture. It is reliable, scalable and trustworthy. And it represents a big step towards software interoperability, which makes spot-on software integration finally possible for the developers.

Well in this, it integrates the control of web-based solutions with the distributed application model of traditional multi-tier client-server design. While client-server design has traditionally relied on proprietary technologies to control information flow between the tiers, the current solutions take advantages of this industry-standard communications protocols to connect the power of the Internet. By creating solutions based on a combination of supplied and created services, more powerful and flexible applications can be built in a fraction of the time required using previous development methodologies.

.NET also serves a base for new programming languages that have already been functioned out, e.g. asp.NET, VB.NET, C#, J#. Microsoft .NET architecture spans from Microsoft Enterprise Servers to Smart Mobile Devices, and Web Services technology, powered by SOAP, WSDL and UDDI.

What are the current challenges?


In the past, the companies that have tried to offer solutions for enabling a website to expose application integration in a scalable, modular and Internet-friendly way but still they have met with significant challenges. Topmost among these challenges are the following:

• Time to market: The span of development time for getting an application or website to market may reduce the offering no longer feasible.
• Scaling to the Web: Existing object models and component designs simply do not work over internet protocols. Banished application development that can be redirected and served by any other server is a new concept for many developers.
• Lack of end-to-end development tools: Tool sets available today don't empower organizations with the flexibility necessary to stay ahead of their competitors. In the rapidly changing world of the internet, organizations must exhibit the agility to integrate with new partners, using development tools that solve the challenges of today's heterogeneous computing environments.

Why we need it?


The answer is simple i.e. to improve the operational efficiency or to manage the business risk and for that all we need is migration of the applications or databases in enterprises that arises from changes in business demands or technology challenges. Many enterprises are present on both the flip-sides of system to ensure that the investments they are putting in these legacy systems do not get gridlocked in proprietary and other outdated technologies while moving towards the newer systems. The necessity is to preserve standard of the business rules and practices in the old one and at the same time manage the valuable human resources in sustaining these legacy systems.

Why to migrate legacy applications to .NET?


Distributed system
Ease of development
Xml web services
Ease of deployment
Richness of the .NET framework
Smart client with win form as well as thin client with web form

The .NET Framework is an essential component of the Windows Server platform, with the end-to-end Internet platform built on the Windows operating system gives rapid development and deploying of the customized enterprise applications. These applications include web services and web applications that integrate customers, businesses, and applications. The .NET Framework allows developers for rapid development of web services and web applications with the use of competent features, such as multiple-language support, adherence to public Internet standards, and the use of a loosely coupled, scalable architecture.
Subscribe to: Posts ( Atom )