|Oracle® Fusion Middleware Security and Administrator's Guide for Web Services
11g Release 1 (11.1.1)
Part Number B32511-06
11g Release 1 (11.1.1) includes a complete redesign of Oracle Web Services Manager 10g and Web services security management. For more details about what has changed in Release 11g, see Chapter 4, "Examining the Rearchitecture of Oracle WSM in Oracle Fusion Middleware."
11g Release 1 (188.8.131.52) includes the following new features:
Global Policy Attachments
Oracle Infrastructure Web services provide the ability to create and attach policy sets to subjects on a global scope (domain, server, application, or SOA composite). See:
For conceptual information about policy sets, see "Attaching Policies Globally Using Policy Sets".
For information on configuring and managing policy sets using Oracle Enterprise Manager Fusion Middleware Control, see "Creating and Managing Policy Sets".
For information on configuring and managing policy sets using WLST, see "Web Services Custom WLST Commands" in the WebLogic Scripting Tool Command Reference.
For information on importing and exporting policy sets using WLST, see "Importing and Exporting Documents in the Repository".
Oracle Web Services Manager and Oracle Infrastructure Web Services supported on IBM WebSphere
Differences in behavior, and any limitations, are described in "Managing Web Services on IBM WebSphere" in the Oracle Fusion Middleware Third-Party Application Server Guide.
SAML 2.0 Support
There is new configuration control for overriding policy attachments and new predefined SAML 2.0 policies.
A new SAML 2.0 Login Module has been added. See "Configuring the SAML and Kerberos Login Modules".
New predefined SAML 2.0 policies have been added. See "Predefined Assertion Templates".
Client-side WS-Trust Support
Support for WS-Trust 1.3 policies has been added. WS-Trust extensions provide methods for issuing, renewing, and validating security tokens. See "WS-Trust Policies and Configuration Steps".
A new Automatic Policy Configuration feature dynamically generates the information about an STS config policy by parsing the STS WSDL document. See "Setting Up Automatic Policy Configuration for STS".
New predefined WS-Trust assertions have been added. See "Predefined Assertion Templates".
Hardware Token Support
Oracle WSM provides the ability to use the LunaSA Hardware Security Manager (HSM) for key storage. See "Using Hardware Security Modules With Oracle WSM".
Oracle WebLogic Web Services Monitoring Enhancements
The Web Service Endpoint page in Oracle Enterprise Manager Fusion Middleware Control provides the ability to monitor policy violations for WebLogic JAX-WS Web services. In addition, the tab that displays Oracle WSM policy information has been renamed to OWSM Policies. For WebLogic JAX-RPC Web services, the endpoint tab is labeled WebLogic Policy Violations.
For more information on monitoring Web services, see "Monitoring the Performance of Web Services".
Usage Analysis Enhancements
The Usage Analysis page in Oracle Enterprise Manager Fusion Middleware Control provides:
The option to filter the Policy Subject List by subject type.
The option to view the available policy subjects in the entire enterprise or only in the local domain/cell.
The total number of policy subjects to which the policy is attached in the Attachment Count field.
For more information on policy usage analysis, see "Analyzing Policy Usage".
Test Web Service Enhancements
The Request/Response tabs on Test Web Services page in Oracle Enterprise Manager Fusion Middleware Control have enhanced usability, as follows:
The Request tab sections are now collapsed by default.
On the Response tab, the Test Status results has better readability and the composite test results are now highlighted.
For more information on testing Web services, see "Testing Web Services".
Install Oracle WSM on a Standalone WebLogic Server
If you have a standalone WebLogic Server environment with JAX-WS Web services and clients deployed, you can install Oracle WSM and use it to secure your Web services and clients. For more information, see "Installing Oracle WSM on WebLogic Server".
Enhanced Specification Support for WS-Policy 1.5 and WS-SecurityPolicy 1.2, 1.3
Supported versions, with links to the specifications, are provided in "Supported Standards" in Oracle Fusion Middleware Concepts Guide for Oracle Infrastructure Web Services.
For information about valid version combinations, see "Policy Advertisement".
New Extensibility Guide for Creating Custom Assertions
All information related to developing custom assertions has been moved from this guide and into the new Extensibility Guide for Oracle Web Services Manager.
11g Release 1 (184.108.40.206) includes the following new features:
Oracle WSM policy attachment to WebLogic Java EE endpoints using Oracle Enterprise Manager Fusion Middleware Control
Deployment descriptor migration for ADF Business Connect and WebCenter applications using the WebLogic Scripting Tool (WLST)
Cross-domain policy management of Oracle WSM Policies
Advertise policies for WebLogic JAX-WS Web services secured with Oracle WSM security policies
Web services atomic transaction support for SOA Web services and references and WebLogic JAX-WS Web services
Ability to configure a remote policy store at design time in JDeveloper. For more information, see "Using a Different Oracle WSM Policy Store" in "Developing with Web Services" in the JDeveloper Online Help.
Shared policy store for Oracle Infrastructure Web services and WebLogic Web services. For information about managing policies in the shared policy store, see "Using Custom Web Service Policies" in "Developing with Web Services" in the JDeveloper Online Help.
Ability to register Web service sources and to publish registered Web services to UDDI
Support for the DB2 database in the MDS repository
Ability to attach policies to Oracle Infrastructure Web Service providers
Ability to view assertion details for a policy when attaching to an endpoint
Ability to include a timestamp property for assertion templates that define Transport Security (SSL)
Ability to manually configure WebLogic Web service repository retrieval properties in Oracle Enterprise Manager Fusion Middleware Control
11g Release 1 (220.127.116.11) includes the following new features:
Enhanced administration and policy management for asynchronous Web services
Ability to define policy alternatives (OR groups)
Service-side policy configuration overrides
Oracle WSM policy attachment using the WebLogic Scripting Tool (WLST)
Ability to upgrade the Oracle WSM policies in the Oracle WSM Repository using WLST commands
Service identity certification extension for Web services that implement a message-protection policy. The Web service's public certificate is published in the WSDL, and it is no longer necessary for the Web service client to store the Web service's public certificate in its domain-level keystore.
Enhanced support for permission-based authorization using the oracle.wsm.security.WSFunctionPermission permission check class. In this release, the resource target of the WSFunctionPermission is enhanced to include the actual Web service operation name.
Ability to browse WSIL documents and import UDDI v3 registries using Fusion Middleware Control, and register services accordingly
Compliance with WSI-Basic Security Profile
Support for testing RESTful Web services in Fusion Middleware Control Test Web Service page
Support for Microsoft SQL Server in the MDS repository
Ability to use the same Oracle WSM Repository to manage policies across multiple domains. In previous releases, a repository could only be used by a single domain.
New document, Oracle Fusion Middleware Interoperability Guide for Oracle Web Services Manager, that contains the interoperability content previously provided in this document
Interoperability is certified between Oracle Web Services Manager and Axis 1.4 and WSS4J 1.58 security environments
11g Release 1 (11.1.1) includes the following new features:
Integration with the Oracle Fusion Middleware framework
Shared authorization and authentication infrastructure for Web applications and Web services through Oracle Platform Security Services
Automatic identity propagation
Integrated configuration, management, and monitoring of Web services using Oracle Enterprise Manager Fusion Middleware Control
Use of the Oracle Metadata Repository via Oracle Enterprise Manager Fusion Middleware Control
Integrated security management and monitoring of WebLogic Web services
Integrated policy attachment and monitoring support for WebLogic Web services
Enhanced support for Web services security standards
Enterprise policy framework with full standards support (WS-Policy, WS-SecurityPolicy, and WS-PolicyAttachment)
Run Time Services Oriented Architecture (SOA) governance support through reusable run-time policies and bulk attachment of policies
Policy usage and impact analysis