Authorization is generally concerned with operations on which to grant permissions. Sometimes these permissions are determined by work groups or other concerns. Use of tickets, such as
tibrv.tkt, is an example of authorization. A ticket is used for authentication and authorization in lieu of other credentials. In other cases, the issue is whether a certain operation can be performed on a specified system, or by a specified user.
Data privacy and integrity use encryption techniques to make sure unauthorized entities can’t see or modify sensitive data. These techniques are also used when a principal needs to prove it originated a message. Encryption can either use the same key to encrypt and decrypt a message, or use a public-private key pair, where encrypted data using the public key can only be decrypted using the private key, and vice versa.
Data integrity is maintained by using one-way hash functions. These functions generate fixed-length output from input. When sending a message, the sender runs the one-way hash function on the message, encrypts the resulting hash value, and sends the resulting message identification code (MIC) along with the message. The recipient runs the same function on the message, decrypts the MIC, and sees if the results match. A match indicates that the message has not been tampered with.
The security provisions of the TIBCO Hawk monitoring system are consistent with its scalable distributed architecture. While a user is not required to trade off scalability for security, the flexibility of the security framework allows choosing a loss of scalability in return for high degrees of security. It also provides a modular mechanism for addressing security, in which the TIBCO Hawk agent can delegate responsibility to the security module, through the interfaces of the security framework. Because every user has unique security needs, security is presented as an open framework. You can develop methods that grant or deny permissions to meet your requirements.
