Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

Abstract: The present disclosure relates generally to managing security artifacts for a software application executing on a software stack. Techniques are described for defining a security configuration such that each layer of the software stack may be associated with one or more datastores, each datastore including one or more security artifacts for a particular layer. The security configuration may specify, for example, an order in which the various datastores are to be accessed when a request is received for a security artifact that is available from multiple datastores. Using the security configuration, access to security artifacts can be handled in connection with requests generated through a particular layer in the stack. A system managing the security artifacts can provide a unified view of the datastores such that, from the end-user's perspective, there is only one logical datastore.

Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

Abstract: The present disclosure relates generally to managing security artifacts for a software application executing on a software stack. Techniques are described for defining a security configuration such that each layer of the software stack may be associated with one or more datastores, each datastore including one or more security artifacts for a particular layer. The security configuration may specify, for example, an order in which the various datastores are to be accessed when a request is received for a security artifact that is available from multiple datastores. Using the security configuration, access to security artifacts can be handled in connection with requests generated through a particular layer in the stack. A system managing the security artifacts can provide a unified view of the datastores such that, from the end-user's perspective, there is only one logical datastore.

Abstract: Application customization enables many different types of customers, from small companies to large multinational enterprises, to use various applications provided by a cloud service provider. To accommodate these customizations, previous systems generally require manual human intervention to identify custom, customized, and cloud service provider authorization policies (also referred to herein as “seed” authorization policies) and to decide how each type of authorization policy should be upgraded. When applications are customized, artifacts that represent those customizations can be created. In some embodiments, the customizations can include new resources or entitlements, and grants to new roles. In addition to new resources, entitlements, and grants, existing resources, entitlements, and grants can be modified and artifacts corresponding to those modifications can be generated.

Abstract: In accordance with an embodiment, described herein is a system and method for providing security in a multitenant application server environment. In accordance with an embodiment, per-partition security configuration includes: per-partition security realm (including configuration for authentication, authorization, credential mapping, auditing, password validation, certificate validation, and user lockout); SSL configuration, including keys, certificates, and other configuration attributes; and access control for partition and global resources. An administrator can designate one or more partition users as partition administrators, via grant of roles.

Abstract: In accordance with an embodiment, described herein is a system and method for providing security in a multitenant application server environment. In accordance with an embodiment, per-partition security configuration includes: per-partition security realm (including configuration for authentication, authorization, credential mapping, auditing, password validation, certificate validation, and user lockout); SSL configuration, including keys, certificates, and other configuration attributes; and access control for partition and global resources. An administrator can designate one or more partition users as partition administrators, via grant of roles.

Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

Abstract: Application customization enables many different types of customers, from small companies to large multinational enterprises, to use various applications provided by a cloud service provider. To accommodate these customizations, previous systems generally require manual human intervention to identify custom, customized, and cloud service provider authorization policies (also referred to herein as “seed” authorization policies) and to decide how each type of authorization policy should be upgraded. When applications are customized, artifacts that represent those customizations can be created. In some embodiments, the customizations can include new resources or entitlements, and grants to new roles. In addition to new resources, entitlements, and grants, existing resources, entitlements, and grants can be modified and artifacts corresponding to those modifications can be generated.

Abstract: A keystore management system is provided that manages a keystore. The keystore management system creates a mapping of a plurality of keystore identity parameters to a plurality of keystore repository parameters. The keystore identity parameters identify the keystore. The keystore repository parameters identify a repository that stores the keystore. The keystore is a storage entity stored on the repository. The keystore management system further stores the mapping within a configuration file. The keystore management system further translates the keystore identity parameters into the keystore repository parameters based on the mapping stored within the configuration file.

Abstract: A keystore access system is provided that controls access to a keystore. The keystore access control system receives a request to access content of the keystore from a software application component. The keystore access control system applies a stored authorization policy to the request to determine whether access to the content of the keystore is granted. The keystore access system further grants the software application component access to the content of the keystore when it is determined that access to the content of the keystore is granted. The keystore access system further denies the software application component access to the content of the keystore when it is determined that access to the content of the keystore is not granted.

Abstract: A keystore access system is provided that controls access to a keystore. The keystore access control system receives a request to access content of the keystore from a software application component. The keystore access control system applies a stored authorization policy to the request to determine whether access to the content of the keystore is granted. The keystore access system further grants the software application component access to the content of the keystore when it is determined that access to the content of the keystore is granted. The keystore access system further denies the software application component access to the content of the keystore when it is determined that access to the content of the keystore is not granted.

Abstract: A keystore management system is provided that manages a keystore. The keystore management system creates a mapping of a plurality of keystore identity parameters to a plurality of keystore repository parameters. The keystore identity parameters identify the keystore. The keystore repository parameters identify a repository that stores the keystore. The keystore is a storage entity stored on the repository. The keystore management system further stores the mapping within a configuration file. The keystore management system further translates the keystore identity parameters into the keystore repository parameters based on the mapping stored within the configuration file.