Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 7 Security Framework : TIBCO Hawk Security Concepts

TIBCO Hawk Security Concepts
A secure environment addresses concerns of data authentication, authorization, privacy, and integrity.
Authentication
Data authentication is the practice of determining that an entity (such a person or system process) is who it claims to be. This verification can be performed through use of a shared secret system, such as requiring a password, or through certificates and digital signatures.
Authentication involves the following interactions.
1.
2.
3.
The verification can involve different levels of authentication.
Identity Only
In identity-only authentication, the system does not verify that the entity is who it claims it is, but does pass the entity’s identifier to other parts of the system. This is the lowest level of authentication, and is useful where costs of a more secure authentication system preclude higher degrees of security, but identity is still important. This sort of authentication is useful where non-sensitive data is involved.
Shared Secret
Shared secret authentication is where each entity has a secret, such as a password, that is shared with the authentication system. Proof that the entity holds the secret can take one of the following forms.
Certificates
Digital certificates are a means whereby an entity has a public-private key pair, and registers the public key with a Certificate Authority. The infrastructure required for a public key system is referred to as a Public Key Infrastructure (PKI), of which the third-party Certificate Authority is a part. The Certificate Authority issues a certificate, containing information about the entity and the entity’s public key, and signs it.
To provide authentication of identity, the authentication system challenges the entity in a similar manner to the challenge-response protocol. The entity signs the challenge using its private key, and the system verifies this signature by using the entity’s public key.
Further information concerning security certificates can be found in TIBCO Hawk Installation, Configuration, and Administration Guide.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved