Introduction to Oracle Security Developer Tools 1-17 ■ Compatibility with a wide range of JAXP 1.1 compliant XML parsers and XSLT engines

1.6.9 Oracle SAML

The Oracle SAML API provides tools and documentation to assist developers of SAML -compliant Java security services. You can integrate Oracle SAML into existing Java solutions, including applets, applications, EJBs, servlets, and JSPs. Oracle SAML provides the following features: ■ Support for the SAML 1.01.1 and 2.0 specifications ■ Support for SAML-based single sign-on SSO , Attribute, Metadata, Enhanced Client Proxy, and federated identity profiles

1.6.10 Oracle Web Services Security

Oracle Web Services Security provides an authentication and authorization framework based on Organization for the Advancement of Structured Information Standards OASIS specifications. Oracle Web Services Security provides the following features: ■ Support for the SOAP Message Security standard SOAP 1.1, 1.2 ■ Support for the Username Token Profile standard UsernameToken Profile 1.1 ■ Support for the X.509 Certificate Token Profile standard ■ Support for the WSS SAML Token Profile version 1.0

1.6.11 Oracle Liberty SDK

Oracle Liberty SDK allows Java developers to design and develop single sign-on SSO and federated identity solutions based on the Liberty Alliance specifications. Oracle Liberty SDK, available in versions 1.1 and 1.2, aims to unify, simplify, and extend all aspects of development and integration of systems conforming to the Liberty Alliance 1.1 and 1.2 specifications. Oracle Liberty SDK provides the following features: ■ Support for the Liberty Alliance Project version 1.1 and 1.2 specifications ■ Support for Liberty-based Single Sign-on and Federated Identity

1.6.12 Oracle XKMS

Oracle XKMS XML Key Management Specification provides a convenient way to handle public key infrastructures by allowing developers to write XML transactions for digital signature processing. Oracle XKMS implements the W3C XKMS standard and avoids some of the cost and complexity involved with public key infrastructures. Note: The WSS SAML Token Profile version is different from the SAML version. Note: For additional information about the standards and specifications mentioned in this chapter, see Appendix A, References . 1-18 Oracle Fusion Middleware Reference for Oracle Security Developer Tools 2 Migrating to the JCE Framework 2-1 2 Migrating to the JCE Framework The Oracle Security Developer Tools framework in OracleAS 11gR1 introduces changes to low-level libraries to comply with the Java Cryptography Extension JCE framework. The changes affect both client programs and higher-level libraries of the Oracle Security Developer Tools. This chapter describes how the changes affect the toolkit architecture , and explain how you can migrate your programs to leverage the new functions. It contains these topics: ■ The JCE Framework ■ JCE Keys ■ JCE Certificates ■ JCE Certificate Revocation Lists CRLs ■ JCE Keystores Additional Reading The primary focus of this chapter is on the changes to the Oracle Security Developer Tools for the JCE framework, and how to migrate your existing security artifacts to JCE objects. For more information about how to utilize the capabilities of the JCE framework and security-related APIs, including such topics as generating different types of keys and key pairs, certificates, and so on, refer to the JDK 6 Security documentation at http:java.sun.comjavase6docstechnotesguidessecurityinde x.html .

2.1 The JCE Framework

Prior to Oracle Fusion Middleware 11g, Oracle Security Developer Tools used a cryptographic engine that was developed prior to the adoption of JCE in the market. To enable applications including Oracle Application Server to continue their move to adopt JCE, the Oracle Security Developer Tools have standardized on low-level libraries that are compliant with the Java Cryptography Extension JCE framework with Oracle Fusion Middleware 11g. Benefits of the new toolkit include: ■ standards-based implementations of cryptographic and certificate management engines ■ a pluggable JCE provider architecture that enables you to leverage third-party JCE provider implementations