How to implement Security Domains with Delegated Management

Similar Messages

• Webinar: How to implement secure scenarios with SAP NW PI 7.1

  SAP Intelligence Platform & NetWeaver RIG APJ Expert Call
  Dear valued SAP Experts,
  Next SAP Intelligence Platform & NetWeaver RIG Expert Call Session will take place on Tuesday, August 18.
  The SAP Intelligence Platform & NetWeaver RIG Expert Call Sessions are designed to support consultants, partners and customers  during their implementation projects. The sessions cover all different aspects of SAP NetWeaver and are aimed at
  thus provide knowledge which is not available via standard training courses. The session duration is typically 60min and includes questions and answers.
  Tuesday, August 18, 2009:
  How to implement secure scenarios with SAP NetWeaver Process Integration 7.1
  Time: 2.00 - 3.00 p.m. Singapore Time (UTC +8)
  This event will feature Makoto Sugishita with the SAP Intelligence Platform & NetWeaver Regional Implementation Group.
  Makoto provides the following abstract:
  In this session you will learn more about the core security concepts that are provided with the service-oriented architecture (SOA)
  management capabilities in SAP NetWeaver Process Integration (SAP NetWeaver PI). This session will cover main use cases and
  supported scenarios of secure SAP NetWeaver PI deployments. 
  SAP Connect Link: https://sap.emea.pgiconnect.com/I016095
  (no passcode needed)
  Dial in:
  For dial in details please register here http://www.surveymonkey.com/s.aspx?sm=EFeuZl9PxrwKOW5i5W556g_3d_3d
  Kind regards,
  Sarma Sishta
  SAP Intelligence Platform & NetWeaver RIG APJ

  hi,
  I'm making this a sticky thread till August 18 so it will have better visibility
  Regards,
  Michal Krawczyk

• In RSA Authentication Manager 7.1, how create multiple security domains

  Hi,
  RSA Authentication Manager 7.1 in configured with LDAP(Sun java system directory server); how create multiple security domains 7.1, is this security domains is releted to LDAP?
  thanks

  I think what you need to do is create an identity sequence with RSA as the selection in
  Authentication and Attribute Retrieval Search List and AD in Additional Attribute Retrieval Search List. Then select this sequence as the result in the identity policy for the service

• Security domain with mandated dap privilege

  Can I delete a security domain having mandated dap privilege as per global platform .

  Hi,
  I have the same problem. I created a SSD with mandated DAP, now I can not delete it. I have a JCOP card and the following so far:
  Card Manager AID   :  A0000001510000
  Card Manager state :  OP_READY
      Sec. Domain:PERSONALIZED (SVE----M) A000000004000001
      Sec. Domain:PERSONALIZED  (SV-----M) A000000004000002
      Load File  :                    LOADED (--------) A0000000035350   (Security Domain)
       Module    :                                             A0000001510000
       Module    :                                             A000000003535041
       Module    :                                             A0000000030000
  As you can see both A000000004000001 and A000000004000002 have mandated DAP privilege. Now I can not delete them.
  cm>  delete A000000004000001
  => 80 E4 00 00 0A 4F 08 A0 00 00 00 04 00 00 01 00    .....O..........
  (195345 usec)
  <= 69 85                                              i.
  Status: Conditions of use not satisfied
  jcshell: Error code: 6985 (Conditions of use not satisfied)
  Sadly I can not Load to them either. First I created the SSD with A000000004000001. Then I tried to LOAD a CAP with the appropriate load token and DAP(A000000004000001). It failed with 6985.
  After that I instantiated a second SSD (because I realized that I can not delete the first one). I Tried to LOAD a CAP with the necessary DAP(A000000004000002) but it failed with 6985 as well. Now I'm stuck.
  Please tell me if there is any way to get rid of these SSDs. And besides what am I missing with the LOAD? Mandated DAP only means that if I try to load a CAP into a Security Domain with mDAP the CAP file has to have an appropriate DAP block, right? DAP meant if it exsits it will be checked but if there is no DAP provided it will pass.
  Many Thanks!
  -András

• How to implement a domain?

  Hi,
  1 virtual network(192.168.0.x/24). 1 subnet: 192.168.0.4 to 192.168.0.254. 2 DNS Servers: 192.168.0.4 and 100.75.116.100 (DNS address when a new VM is created).
  I have 10 VMs. 1 DC. By powershell the VMs has been set static IP addresses (the DC is 192.168.0.4)
  The VMs were domain joined.
  The problems are:
  very slow or null internet speed (when the VM is new, the internet speed is fast).
  domain joining using netbios name is impossible (need to use FQDN name for domain joining OK)
  when domain joining a VM, occurs the following error(first welcome message, the error message):
  The questions are:
  How to implement a domain and mantain fast internet?
  Is normal behavior the above error at domain joining?
  Thanks in advance!

  Hi
  Joining a domain should not affect your internet connection.
  Try removing the second DNS address and see if your machine joins the domain.
  Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• How to implement secure help in SharePoint 2010?

  Hi,
  We are having a sharepoint site running over HTTPS. When I click on help link given on top right side, I get a security warning saying that only secure content content can be displayed. This is probably due to the non secure content(http) used by microsoft
  help.
  Can anyone please suggest how to implement microsoft help having secure content?
  Please see screenshot below:

  Yes office.microsoft.com URL works when I use https:// instead of http:// .
  Can you please let me know in which file this help function is used?
  Please provide me with an example if possible.

• Does anyone know how to win a fight with layout manager?

  I am using the form designer in netBeans to design my page, which has a jPanel on the left and a number of controls on the right.
  My problem is that when I eventually get it to look half right at design time, it looks different at run time. The fonts are different, the combo boxes are a different height and some of my text boxes are 4 times as wide. http://RPSeaman.googlepages.com/layout.GIF shows both the design-time view and the run-time view. How can I win my fight with layout manager?

  I'd like to do an experiment where you take say 20 pairs of students of java, with each pair matched in terms of prior programming and java experience, general knowledge, etc... and set one of each pair to learn Swing using netbeans and its layout generator with the other pair learning to code Swing by hand. Then 6 months later compare their abilities. I'll bet that the code by hand group will blow the other group out of the water in terms of understanding and ability.
  Just my 2 Sheckel's worth.

• How to implement fact tables with finest level of detail (fine-grained)?

  Hi,
  Maybe this is basic knowledge what I'm asking here... I don't know, well, here it goes:
  I need to know the way carry my transactional data to a fact table, but keeping the finest level of detail possible (namely, the transactions). I implemented my cubes with MOLAP option for storage (those were the specs that I had to follow) so I can't add a unique constraint to those structures.
  I only seem to be able to load aggregated, precomputed data. If I wanted to load the transactions (after the data has been transformed and clenased) where should I do it?
  I tried to implement a version of the fact tables as ROLAP but got nowhere (I couldn't add a unique constraint or index on that column either).
  I would really, really appreciate your help.
  Best Regards,
  osvaldo.
  [osantos]

  Hi Veeravalli,
  Thanks for your reply :)
  Let me explain the problem in more detail. I have one Date dimension(Date_Code,Month_Code,Quarter_Code,Half_Year_Code,Year_Code). Here Date_Code is the PK.
  In F1---->Date (Using Month_Code key)
  F2-------->Date (Using Date_Code Key)
  Level based hierarchy is there starting from Year to Date.Each level has PK defined and chronological key selected.
  F1 has level set to Month and F2 has level set to Day.
  Now if i am using ago() function on measure of F2 (having day level data) then it's working fine but if i am using ago() function on measure of F1...I am getting an error at Presentation service: Date_code must be projected for time-series functions.
  So the whole issue is with time-series functions. As per my research...I think for time series the tables in the physical model containing the time dimension cannot join to other data sources, except at the most detailed level but here i am joining with F1(using Month_Code which is not the most detailed level).
  So kindly let me know how to achieve this in rpd?

• How to relate solution composer with solution manager ?

  Hi Friends ,
  Is there a way to link Solution composer with Solution Manager ? If yes how do we do it ?
  Which are the scenarios in which the two will be used in conjuction with one another ?
  Thanks in advance for your replies !
  Regards,
  Ranjini.

  Hi,
  You can use Solution Compose with Solution Manager.
  [http://www.sap.com/solutions/businessmaps/composer/index.epx|http://www.sap.com/solutions/businessmaps/composer/index.epx]
  [http://www50.sap.com/solutionmaps/composer/|http://www50.sap.com/solutionmaps/composer/]
  Thx,
  Waseem

• How to implement secure timestamp

  after search google about the example code for java.security.timestamp,almost found nothing.
  therefore i attempt to code myself bases on java document.since i still new in java,hence require your help from time to time.
  there have 2 part on timestamp implementation,that is
  1)+creating a signed timestamp from trusted timestamp server or TSA.+
  According to veriSign website https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR185,
  https://timestamp.geotrust.com/tsa would provide TSA service
  2)+verify the timestamp+
  the concept on implementation secure timestamp quite similar during sign digital signature on document.
  creating a signed timestamp from trusted timestamp server or TSA
  during creating a signed timestamp,document sender require provide thumbprint extract from certificate of document sender to TSA.
  on the TSA,it would add up timestamp + thumbprint ,then hashing/signing by using private key of TSA.then TSA would return the hash value and timestamp
  verify the timestamp
  document receiver would receive sender's thumbprint ,timestamp and the hash value,receiver would send the thumbprint +timestamp to TSA to hash it again.TSA would return the hash value.
  then receiver compare pair of hash result ,if both are same,then timestamp has been verify.
  i tougth require following class and method to do above task
  *java.security.Timestamp
  -getSignerCertPath()
  -getTimestamp()
  *java.security.cert.CertPath
  -getEncoded()
  -equals()
  *java.security.cert.TrustAnchor
  =TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints)
  *java.security.cert.X509Certificate
  ....and what else?
  Sincerely

  how about
  +javax.net.ssl.X509TrustManager ?Nothing to do with it.
  i thought i should use [Package org.bouncycastle.asn1.tsp |http://www.cs.berkeley.edu/~jonah/javadoc/org/bouncycastle/asn1/tsp/package-summary.html] since it is implements base on rfc3161.
  Now that sounds right.

• Trying to learn how to setup Linux Domain with Linux client

  Okay I know I might get some problems for this, but I am trying to setup a ubuntu based server (domain), with an arch based client.  I am having a hard time getting the two to cooperate and working with centralized passwords and roaming profiles.  I am a real newbie when it comes to linux, much less samba server.  This is where I chose to start off since I do have an interest in networking,

  Welcome to the forums.
  We can't help you with the Ubuntu side of things obviously, but I think you might get some usefull info from the Samba Wiki article.

• How to implement secure Licencing for Java Apps?

  Hi
  I'm already thinking some months about this topic. I serached the web, some books and magazines, i asked quite a lot of people - but in the end, there seems to be no really satisfying answer.
  My main question is: what can i do to protect the software i wrote? The problem is, where ever i start, i end with open questions.....
  I may start delivering a custom licence key with my software that contains information i.e. about who may run it and for how long. To check integrity i sign the licences key (with a digest) and ckeck the integrity in the application. Like this, i could make sure, that the software runs only with a valid licence.
  But two new problem araise - if the licence key is given to the web, everyone will be able to run the software. Second, i have to implement a methode to check the digest, so i have to deliver the key with the software and like this, the key could just be used to generate new licence files. Third, i hav to protect my code, since anyone could recompile it, he could check the algorithms i use to check the digest and even worse, he just could disable the codeblock that checks the licence.
  So i use an obfuscator to scramble my code, and to get the most out of this technique, i use a controlflow obfuscator. This adds some security, but still the code can be decompiled but wouldn't be too easy to understand. For making it even a little bit harder to read, i will "distribute" the licence digest check over some different classes.
  But still the first two problems remain. So i think about encrypting the licence file. To make that secure, i would use a public/private key encryption since if i use a secret key encryption i would have to deliver the key with the software and anyone could use it to generate new encrypted licene files. The problem with the public/private key is, that i should deliver a public key with the software that is only capable of decrypting, but not of encrypting. Like this, i can implement a decryption methode in the software that can decrypt the licence file and read all requiered licence data but the user is not able to generate a new licence file because he has the read-only key. Obvisouly there is no such private/public key technique that allows one key to be decrypt only and the other to be encrypt and decrypt (or at least encrypt only). Algorithms like PGP have a public key that allows encryption only and a private key that allows decryption only.
  I could go on presenting some more ideas i found to "protect" software/licence but the all come to the same point where they leave a lot of other open questions.
  I wonder what you all out there do to protect your software, what kind of technique you use for licencing implementation. I would be very glad to read what problem you face reagarding this topics and maybe how you solved it or what your conclusion was.
  Greetings
  josh

  >
  yes, absolutely. That's the point. Try to make it hard
  to get the software some other way. So it's easer to
  get the software by buying it.
  Nope.
  - There are those who steal it just to steal it. They don't use it.
  - There are those who steal it because the price is too extreme. If your income for the year is measured as only several thousand dollars you are not going to be able to buy a package that costs a thousand dollars or more.
  - There are those who steal it because the preceived benifit is less than the cost. For instance, at least in the past, MS software cost at least three times as much in some european companies compared to the exchange rate.
  - Finally there are those who steal simply because they don't want to pay for it.
  As far as I am concerned the last category is the only relevant one. And that is far smaller than any software theft estimates that the software industry regularly claims.
  >
  >>
  Here is an example of someone who thinks that their
  work is good enough and valuable enough to stand on
  its own...http://www.fileviewer.com/.
  And I liked it enough that at one company I hadthem
  purchase a site license. And I like it enough thatI
  still remember the company five years after thelast
  time I needed the product.that's fine and it would be very nice if everybody
  would be like you. But that's not the case and you
  even may not be sure if not someone in that company
  took a copy of the software and the licence and now is
  using it for free are even gave it in the "public
  domain". Woulnd't that be sad if the company would
  have to close down someday because just a few people
  are paying for it. Even if it is such a smart
  product?There was a clothing chain that closed down because they claimed that, even after installing anti-theft devices, they were still losing too much money from shop lifters.
  If that is the case why do all of the other companies still exist?
  If your product is good then people will buy it. The successes for that are abundant. The only success stories for copy protection schemes are for the copies that sell those schemes.
  >
  i wonder if you close your door when you leava your
  appartment. I mean, what's wrong with protecting a
  code? It's just the same as protecting the money you
  earn, the furnish in your appartment, ...
  Sorry, when I buy a product then I expect to be able to use it.
  With your analogy I would have to use a code that you provided everytime I wanted to get into and out of my apartment.
  So for any comments, ideas, ... on how to addsome
  more protection i'm very thankfull.You search for "obfuscator".yes, as i wrote in the first posting, i know about
  obfuscator, i'm using it, but it's just very poor
  protection. That's why I'm looking for a smart concept
  to gain a little bit more protection.And if you search for that term in these forums, and read the lengthy posts, you might find some ideas. Which is why I suggested it. (And you might understand why the alternatives are not used.)

• Can/How does Label Security integrate with Documentum Trusted Content Serv

  How easy wouldit be to use Oracle Label Security to manage all information in the Oracle dabase including Documentum metadata so that a single security policy cn be defined..at least for the information stored in the Oracle database.
  How does the documentum security tag get mapped to an OLS label?
  Customer needs only a high level understanding...
  Steve Flournoy

  I am not familiar with documentum but you can use OLS for:
  Row level security based on labels added to the tables you want to protect. Apply the labels to the documentum metadata tables and you have implemented OLS. The Documentum tags can be mapped to OLS labels in Oracle Policy Manager:
  Set up the OLS labels just like the documentum security tags in Oracle Policy Manager .
  For even more customization use Application Contexts and Virtual Private Database Policies.

• How to configure quality process with batch management.

  Dear Friends,
              we have a scenario,our client receive goods with 101movement type  into quality inspection stock.
  once stock is passed quality check stock,then we will take into unrestricted stock with 321 movement type.
  failed in quality test will  be rejected.please give me suggestion how to map the scenario.while i am testing
  the process in my sandbox,its asking batch number.its not allowing me to post unrestricted stock with 321
  movement type.how to make batch as optional in this scenario?if batch is mainted for the material,how to
  configure the process.we are not using QM module.
  please suggest me.
  Regards,
  Varun

  In Batch management config in Logistic general, Check for the movement type 101 & 321 whether batch creation has been activated to Manual, Automatic, or no creation. In your case it looks like for mvt 321 batch creation is set to manual & for 101 no creation.
  if batch creation is set to manual, enter a manual batch no & proceed.
  But to cross verify wheter 101 has generated batch or not please check the stocks in MMBE.
  Hope this helps.
  Regards
  Mithun

• How can i secure email with attachments using coldfusion

  Hi,
  I need to send emails with attachments containg word, excel or PDF documents using cfmail. However this email needs to be really secure. How is the best way to secure the entire email with its attachments.
  Any ideas appreciated
  Thanks
  Zubair

  Hi ,
  I hope the following will help you..., using the UTL_SMTP db package.
  DECLARE
  c UTL_SMTP.CONNECTION;
  PROCEDURE send_header(name IN VARCHAR2, header IN VARCHAR2) AS
  BEGIN
  UTL_SMTP.WRITE_DATA(c, name || ': ' || header || UTL_TCP.CRLF);
  END;
  BEGIN
  -- Open connection to SMTP gateway
  c := UTL_SMTP.OPEN_CONNECTION('smtp.server.acme.com');
  UTL_SMTP.HELO(c, 'acme.com');
  UTL_SMTP.MAIL(c, '[email protected]');
  UTL_SMTP.RCPT(c, '[email protected]');
  UTL_SMTP.OPEN_DATA(c);
  send_header('From', '"Oracle Admin" ');
  send_header('To', '"Bob Smith" ');
  send_header('Subject', 'Automated Database Email');
  UTL_SMTP.WRITE_DATA(c, utl_tcp.CRLF || 'This is an automated email from the Oracle database.');
  UTL_SMTP.WRITE_DATA(c, utl_tcp.CRLF || 'The database is working for you!');
  UTL_SMTP.CLOSE_DATA(c);
  UTL_SMTP.QUIT(c);
  END;
  Simon