tailieunhanh - Applied Oracle Security: Developing Secure Database and Middleware Environments- P46

Applied Oracle Security: Developing Secure Database and Middleware Environments- P46:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 424 Part III Identity Management Joining Information in OVD A join view is conceptually similar to a database view where information from other adapters is joined together using some condition or joiner. A join view typically has a primary source for the user data that is then unified with a joined source to create the extended user profile. Consider this example An LDAP profile for a user contains the standard LDAP attributes name location contact and so on . However you are required to augment the basic user profile with a new attribute called clearanceCode for applications that need that piece of user data that lives in an external relational database. This is a great use case for using an OVD join view adapter you can augment the basic LDAP profile with the additional attribute whose value is stored in the database. Figure 10-15 illustrates use of the join view concept in this scenario. In OVD the join view is implemented using a join view adapter that essentially integrates a view on top of the existing adapter integrations to the backend sources of data. In our example the join view is created over the LDAP adapter integration to Active Directory and the database adapter integration to the Oracle Database. The LDAP adapter will be the primary source for the join view since the majority of the data lives in that repository. The additional attributes from the database table will be used to augment the user profile information coming from Active Directory. Figure 10-16 illustrates the relationship between the join view adapter and the other adapters to create that unified view of a user. It s worth restating that the join view technology is analogous to database views because the data is maintained in its original location and the view merely provides a single entry point that optionally translates the original data and then merges it together. To achieve a proper unified view you need to carefully consider certain aspects of the design. Design Considerations .