Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
A credential store is a library of security data. A credential can hold public key certificates, username and password combinations, or tickets.
Credentials are utilized at the time of authentication, when subjects are populated with principals, and also during authorization, when identifying the actions the subjects are able to perform.
Oracle Platform Security Services (OPSS) consists of the Credential Store Framework (CSF). The CSF is a collection of APIs that applications can utilize for creating, reading, updating, and managing credentials securely. A standard application of the credential store is the storage of credentials (user names and passwords) to gain access to some external systems, such as an LDAP-based repository or a database.
In the credential store framework (CSF), a credential is determined by a key name and a map name.
Usually, the map name corresponds to an application's name, and all credentials having the same map name outline a logical set of credentials, like the credentials utilized by the application. The combination of key name and map name should be unique for every entry in the credential store.
The default credential store is Oracle Wallet. For a production environment, an LDAP-based Oracle Internet Directory is ideal to be used as a credential store. Also, it is recommended to use Oracle Wallet for storing X.509 certificates.
The storage of end-user digital certificates are not supported by the credential stores. Furthermore, the credentials can be provisioned, recovered, customized, or erased, but only by a user with relevant administration rights.
In order to access the credential store and carry out the operations, the CSF API is used. The CSF includes the following features: