Break New Ground

Security Guidelines Within MCS

Today, almost
every successful business had already enhanced mobility. If you have any
doubts, take a quick glimpse at your Smartphone.

loyalty, increasing sell-through, reinforcing your brand and increasing the
visibility and accessibility are just a few of the most important benefits that
your business can have by going mobile.

Let’s not
forget that your customers or users will have their benefits as well. Having
the information at their finger tips and one-touch access, offline availability
and being fast and the list can go on according to your business domain.

But, besides
the user experience with your application, what does it matter most of all?
Security. You need your application, your data, implicit your business secured.

Computing is simplifying most of the steps in the process of building complex
and secure applications. But for mobile needs, we have to have some specific
characteristics. Mobile Cloud Service (MCS) is a cloud offering that simplifies
the development, deployment, integration, security and monitoring of your
mobile applications.

MCS is
designed with build it enterprise-grade security.
Mobile applications
automatically have access to MCS security features through the mobile backend
, a secure container of APIs and other
resources for a defined set of mobile apps, and we have two main processes:

  • Authentication is
    the process of identifying an individual, usually based on a username and
    password, often in combination with
    other credentials such as an
    application key. Authentication ensures that the user is who he or she claims
    to be.
  • Authorization is the process of determining what an individual has permission
    to do. After the user gains access through authentication, the system grants
    access according to the settings configured for the user. The MCS Mobile User
    Management system lets you configure an intelligent authorization policy based
    on user roles.

Security can be configured individually for each custom API
or connector. For details see these links:

· Security in
Custom APIs

· Security Policy Types for REST Connector

· Security Policy Types for SOAP Connector


Oracle Mobile Cloud Service's implementation of
authentication supports both HTTP Basic Authentication and OAuth.

How HTTP Basic
Authentication Works in MCS

When you have HTTP Basic enabled as an authentication
mechanism for a mobile backend, an app can authenticate itself by sending the
mobile backend’s backend ID, a user name, and a password. You pass the username
and password as a Base64–encoded string. If the API that is being called is set
to allow anonymous access, then you need to pass an anonymous access key
instead of a user name and password.

How OAuth Works in

OAuth 2.0 is explicitly designed to support a variety of
different client types that access REST APIs, including mobile apps. Secured
APIs are made available only after a mobile app presents a valid OAuth access token.

For every custom API in Mobile Cloud Service, the mobile
developer decides whether or not authentication is required. This determines
which OAuth flow is used.

· Resource Owner Password Credentials Grant - Authenticated

· Client
Credentials Grant - Unauthenticated Access


Authorization is mainly represented by the building blocks of
Oracle CMS Security:

Users (two

- Team Members: use Mobile Cloud
Service UI to develop mobile backends

- Mobile Users: use Mobile applications
consuming mobile backends services


- Facilitate implementation of business

- Authorization: permissions assigned to
roles, not users

- Team member roles are distinct from
mobile user roles

- Managed separately as well

- Mobile users can have multiple roles


- Container for managing a set of users

- User schema and actual user accounts

- You can define custom schema properties

- MCS provides a default realm for each

- One and only one realm per mobile

- Realm can be assigned to multiple


Oracle Mobile Cloud Service MCS is a cloud-based service that provides a unified hub for developing, deploying, maintaining, monitoring, and analyzing your mobile apps and the resources that they rely on.

If your company had deployed mobile applications, or is progress
of creating the mobile strategy, you should check out how to do that with
Mobile Cloud Service and save money and time for the entire process.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.

Recent Content