7-42 Oracle Fusion Middleware Developers Guide for Oracle Portal key is compromised in some way, the provider administrator has to create a new key and distribute it to all of the Oracle Portal clients, who then must update their provider definitions. The way around this problem is to deploy different provider services, specifying a unique shared key for each service. Each provider service has its own deployment properties file so that each service is configured independently of the others. The overhead of deploying multiple provider services within the same provider adapter is relatively small. In a provider without Oracle Web Cache in front of it, this use of the same signature cookie over the lifetime of a provider session implies a trade-off between performance and the security provided by authenticating the requests. The signature cookie value is only calculated once after the initial SOAP request establishes the session with the provider. The shorter the provider session timeout, the more often a signature will be calculated providing greater security against a show request being resent illegally. However, the SOAP request required to establish a session incurs a time penalty. In a provider using Oracle Web Cache to cache show request responses, you have a similar trade-off. Cached content is secured in the sense that incoming requests must include the signature cookie to retrieve it, but caching content for an extended period of time leaves the provider open to show requests being illegally trapped and resent to the provider. While the signature element provides protection against interception and resending of messages, it does nothing to prevent interception and reading of message contents. Messages are still transmitted in plain text. If you are concerned about the content of messages being read by unauthorized people, you should use message authentication in conjunction with SSL. The advantages of message authentication are as follows: ■ Ensures that the message received by a provider comes from a legitimate Oracle Portal instance. The disadvantages of message authentication are as follows: ■ Causes administration problems if a provider serves more than one portal. ■ Entails performance implications if made very secure by having a short session timeout. For more information on this topic, refer to the Oracle Fusion Middleware Administrators Guide for Oracle Portal. Credential Store Share Key The Producer’s shared key is stored in the credential store. To store a shared key into the credential store do the following: Create the Credential To create the credentials, run the following WLST command: createCredmap=PDK, key=pdk.omniPortlet.sharedKey, user=sharedKey, password=1234567890abc Grant PDK Java Code Access to the Credential Store To grant pdk java code access to the credential store permission : grantPermissionappStripe=None,principalClass=None,principalName=None,codeBaseURL= file:{domain.home}serversWLS_Portaltmp_WL_ user-,permClass=oracle.security.jps.service.credstore.CredentialAccessPermissio n,permTarget=context=SYSTEM,mapName=PDK,keyName=,permActions=read