Application to Application authentication models....

From: r s (richard.scottat_private)
Date: Tue Jan 28 2003 - 12:46:09 PST

  • Next message: NESTING, DAVID M (SBCSI): "RE: Application to Application authentication models...."

    
     ('binary' encoding is not supported, stored as-is)
    Greetings all,
    
    I am posting this here in teh hope to get some direction as to where next 
    to look.  This ismore of an architecture question and not specific to 
    programming.
    
    Given an enterprise Java, LDAP and Small PKI infrastructure what would be 
    a recommended solution to securing connection credentials to database 
    systems, queues etc.
    
    Given that applications can be built in Java and the logical storage of 
    credentials to be stored in LDAP.  What authentication mechanism, model, 
    architecture best allows applications legitimate access to LDAP schema to 
    obtain sensitive data such as connection credentials to database systems?
    
    The idea is to have developed applications use a framework to securely 
    obtain correct credentials for the applications based in environments in 
    DEV, QA and PROD.
    
    Thus given some environment, the application executred within the 
    framework and requests to connect to the HR database, for example.  The 
    application then must be authenticated and if successful, the framework 
    obtains the connection credentials to build a connection to the database.
    By running the same code in QA, the credentials for the QA database is 
    given, not the production one.  A call for the production database from a 
    QA server is prohibited.
    
    Any ideas of how this can be enforced?
    
    cheers
    r./
    



    This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 13:32:58 PST