24-8 Oracle Fusion Middleware Performance and Tuning Guide 25 Oracle Fusion Middleware Security Performance Tuning 25-1 25 Oracle Fusion Middleware Security Performance Tuning Oracle Fusion Middleware security services enable you to secure critical applications and sensitive data. This chapter describes how you can configure security services for optimal performance. This chapter contains the following topics: ■ Section 25.1, About Security Services ■ Section 25.2, Detecting General Performance Issues ■ Section 25.3, Oracle Platform Security Services Tuning ■ Section 25.4, Oracle Web Services Security Tuning

25.1 About Security Services

Oracle Fusion Middleware provides security services through Oracle Platform Security Services OPSS and Oracle Web Services. ■ Oracle Platform Security Services Oracle Platform Services is a key component of Oracle Fusion Middleware. It offers an integrated suite of security services and is easily integrated with Java SE and Java EE applications that use the Java security model. Security Services includes features that implement user authentication, authorization, and delegation services that developers can integrate into their application environments. Instead of devoting resources to developing these services, application developers can focus on the presentation and business logic of their applications. Using Oracle Platform Security for Java, applications can enforce fine-grained access control upon resource users. The three key steps are: – Configure and invoke a login module, as appropriate. You can use provided login modules, or you can use custom login modules. – Authenticate the user attempting to log in, which is the role of the identity store service. – Authorize the user by checking permissions for any roles the user belongs to for whatever the user is attempting to accomplish, which is the role of the policy store service. ■ Oracle Web Services Security 25-2 Oracle Fusion Middleware Performance and Tuning Guide Oracle Web Services Security provides a framework of authorization and authentication for interacting with a web service using XML-based messages.

25.2 Detecting General Performance Issues

This section offers some general guidelines on how to identify a performance bottleneck and how to approach addressing such problems. If you discover a performance bottleneck, you should first verify that you have addressed the expected traffic load throughout your Web services deployment. If there is a system in the critical path that is at 100 CPU usage, you may simply need to add one or more computers to the cluster. If there is a bottleneck in your deployment, it is likely to be within one of the following: ■ Traffic through a slow connection with an agent ■ Latency in connections to third-party queuing systems like JMS For any of these problems, check the following potential sources: ■ Problems with policy assertions that include connections to outside resources, especially the following types: – Database Repositories – LDAP Repositories – Secured Resources – Proprietary Security Systems ■ Problems with database performance If you identify one of these as the cause of a bottleneck, you may need to change how you manage your database or LDAP connections or how you secure resources.

25.3 Oracle Platform Security Services Tuning

This section provides the following basic tuning configurations for Oracle Platform Security Services OPSS: ■ JVM Tuning Parameters ■ LDAP Tuning Parameters ■ Authentication Tuning Parameters ■ Authorization Tuning Properties ■ OPSS PDP Service Tuning Parameters Note: The information in this chapter assumes that you have reviewed and understand the concepts and administration information for Oracle Fusion Middleware Security Services. For more information, see the Oracle Fusion Middleware Security and Administrators Guide for Web Services before tuning any security parameters.