11g Release 1 (11.1.1) includes a complete redesign of Oracle Web Services Manager 10g and Web services security management. For more details about what has changed in Release 11g, see Chapter 4, "Examining the Rearchitecture of Oracle WSM in Oracle Fusion Middleware."
The following topics provide a summary of the features and enhancements in each of the 11g Release 1 releases:
11g Release 1 (11.1.1.6) includes the following new features and enhancements:
Global Policy Attachment Enhancements
The global policy attachment feature has been enhanced as follows:
Support for attaching policies globally at the partition, service or reference, and port and component levels for clients and services. For more information, see "Subject Types and Scope of Resources".
Support for a new WLST command (deleteAllPolicySets) that allows a user to delete all policy set documents in the repository. For more information, see "Deleting Policy Sets".
Support for configuration overrides for global policy attachments. For more information, see "Overriding Configuration Properties for Globally Attached Policies".
Ability to specify the priority of a policy attachment which allows an administrator to indicate a preference over which policy attachment is used. For more information, see "Specifying the Priority of a Policy Attachment".
Improved visibility into the endpoint configuration using Fusion Middleware Control, including the ability to see the secure status of the endpoints, any configuration overrides, and if the endpoints have a valid configuration. For more information, see "Determining the Secure Status of an Endpoint".
Oracle WSM provides the ability to specify a run-time constraint that determines the context in which the policy set is relevant, for example external clients outside a firewall versus internal clients. For more information, see "Specifying Run-time Constraints in Policy Sets".
Oracle SPARC Server T-Series Cryptographic Acceleration Support
Ability to configure Oracle WSM to take advantage of Oracle SPARC Server Cryptographic Acceleration. For more information, see "Configuring Oracle WSM for Oracle SPARC T4 Cryptographic Acceleration".
Enhanced Support for WebLogic Java EE Clients in Fusion Middleware Control
Ability to use Fusion Middleware Control to view and monitor Java EE clients and attach Oracle WSM policies.
A new tab, Java EE Web Service Clients, has been added to the Web Services (Java EE) Home page for viewing information about Java EE clients. For more information, see "Viewing Java EE Web Service Clients".
Ability to attach Oracle WSM policies to Java EE clients. For more information, see "Attaching Policies to Java EE Web Service Clients".
Ability to view Web Service statistics for the run-time client instances in a Java EE application. For more information, see "Viewing Web Service Statistics for Java EE Web Service Clients".
Enhanced ability to test Web service security using Oracle WSM policies. For more information, see Chapter 12, "Testing Web Services."
Derived Keys and Encrypt Signature Controls Enabled in Fusion Middleware Control
Oracle WSM supports the Derived Key setting in wss11 message protection policies and the Encrypt Signature setting in wss10 and wss11 message protection policies. You can now enable these features using Fusion Middleware Control in the Message Security settings in message protection policies. For more information about these settings, refer to the message protection assertion templates described in Appendix C, "Predefined Assertion Templates."
No Server Restart Required for JKS Keystore Changes
You no longer need to restart the server when you make changes to the JKS keystore. For more information about the JKS keystore, see "Generating Private Keys and Creating the Java Keystore".
Support for Anonymous User with SAML Policies
Oracle WSM supports propagating the anonymous user with SAML policies. For more information, see "Using Anonymous Users with SAML Policies".
Oracle WSM is certified with MySQL and Oracle Edition Based Redefinitions (EBR).
Oracle WSM supports multiple versions (namespaces) of a Web service. Service names in WLST input and output, and Fusion Middleware Control, now require the use of the namespace with the service name, for example {http://mynamespace/}myService. For more information, see the following topics:
"Specifying a Service Name" in "Web Services Custom WLST Commands" in WebLogic Scripting Tool Command Reference
"listWebServices" in "Web Services Custom WLST Commands" in WebLogic Scripting Tool Command Reference
You no longer need to define SAML issuers in the SAML login module. In this release, if you define a SAML issuer using the Platform Policy Configuration page, any issuers added in the SAML login module are ignored. Also, when SAML issuers are added using the platform policy configuration, you do not need to restart the server. For more information, see "Defining Trusted Issuers and Trusted Distinguished Name List for Signing Certificates".
Additional OR Groups Added to wss11_saml_or_username_token_with_message_protection_service_policy
The oracle/wss11_saml_or_username_token_with_message_protection_service_policy now includes five assertions:
wss11_saml_token_with_message_protection
wss11_username_token_with_message_protection
wss_saml_token_bearer_over_ssl
wss_username_token_over_ssl
wss_http_token_over_ssl
For more information, see "Configuring a Policy With an OR Group".
11g Release 1 (11.1.1.5) includes the following updates and enhancements:
Added two new attributes to the asynchronous Web service queue annotations, @AsyncWebServiceQueue and @AsyncWebServiceResponseQueue. These new attributes, listed below, enable you to configure the initial and maximum sizes of the Message-driven bean (MDB) pool size, respectively:
messageProcessorInitialPoolSize
messageProcessorMaxPoolSize
For more information, refer to the following topics in "Annotation Reference" in Developer's Guide for Oracle Infrastructure Web Services:
Enhanced diagnostic and troubleshooting documentation to include additional information about diagnosing common problems with Oracle WSM and policy attachment issues using WLST. For more information, see "Diagnosing Problems".
Enhanced message protection keystore configuration documentation. For more information, see the following topics:
Reorganized documentation describing configuration overrides. For more information, see the following topics:
Added documentation that describes how to modify a default users group or role to ensure they have the proper permissions to access the Policy Manager. For more information, see "Modify the User's Group or Role".
11g Release 1 (11.1.1.4) includes the following new features:
Oracle Infrastructure Web services provide the ability to create and attach policy sets to subjects on a global scope (domain, server, application, or SOA composite). See:
For conceptual information about policy sets, see "Attaching Policies Globally Using Policy Sets".
For information on configuring and managing policy sets using Oracle Enterprise Manager Fusion Middleware Control, see "Creating and Managing Policy Sets".
For information on configuring and managing policy sets using WLST, see "Web Services Custom WLST Commands" in the WebLogic Scripting Tool Command Reference.
For information on importing and exporting policy sets using WLST, see "Importing and Exporting Documents in the Repository".
Oracle Web Services Manager and Oracle Infrastructure Web Services supported on IBM WebSphere
Differences in behavior, and any limitations, are described in "Managing Web Services on IBM WebSphere" in the Oracle Fusion Middleware Third-Party Application Server Guide.
There is new configuration control for overriding policy attachments and new predefined SAML 2.0 policies.
A new SAML 2.0 Login Module has been added. See "Configuring the SAML and Kerberos Login Modules".
New predefined SAML 2.0 policies have been added. See "Predefined Assertion Templates".
Support for WS-Trust 1.3 policies has been added. WS-Trust extensions provide methods for issuing, renewing, and validating security tokens. See "WS-Trust Policies and Configuration Steps".
A new Automatic Policy Configuration feature dynamically generates the information about an STS config policy by parsing the STS WSDL document. See "Setting Up Automatic Policy Configuration for STS".
New predefined WS-Trust assertions have been added. See "Predefined Assertion Templates".
Oracle WSM provides the ability to use the LunaSA Hardware Security Manager (HSM) for key storage. See "Using Hardware Security Modules With Oracle WSM".
Oracle WebLogic Web Services Monitoring Enhancements
The Web Service Endpoint page in Oracle Enterprise Manager Fusion Middleware Control provides the ability to monitor policy violations for WebLogic JAX-WS Web services. In addition, the tab that displays Oracle WSM policy information has been renamed to OWSM Policies. For WebLogic JAX-RPC Web services, the endpoint tab is labeled WebLogic Policy Violations.
For more information on monitoring Web services, see "Monitoring the Performance of Web Services".
The Usage Analysis page in Oracle Enterprise Manager Fusion Middleware Control provides:
The option to filter the Policy Subject List by subject type.
The option to view the available policy subjects in the entire enterprise or only in the local domain/cell.
The total number of policy subjects to which the policy is attached in the Attachment Count field.
For more information on policy usage analysis, see "Analyzing Policy Usage".
The Request/Response tabs on Test Web Services page in Oracle Enterprise Manager Fusion Middleware Control have enhanced usability, as follows:
The Request tab sections are now collapsed by default.
On the Response tab, the Test Status results has better readability and the composite test results are now highlighted.
For more information on testing Web services, see "Testing Web Services".
Install Oracle WSM on a Standalone WebLogic Server
If you have a standalone WebLogic Server environment with JAX-WS Web services and clients deployed, you can install Oracle WSM and use it to secure your Web services and clients. For more information, see "Installing Oracle WSM on WebLogic Server".
Enhanced Specification Support for WS-Policy 1.5 and WS-SecurityPolicy 1.2, 1.3
Supported versions, with links to the specifications, are provided in "Supported Standards" in Developer's Guide for Oracle Infrastructure Web Services.
For information about valid version combinations, see "Policy Advertisement".
New Extensibility Guide for Creating Custom Assertions
All information related to developing custom assertions has been moved from this guide and into the new Extensibility Guide for Oracle Web Services Manager.
11g Release 1 (11.1.1.3) includes the following new features:
Oracle WSM policy attachment to WebLogic Java EE endpoints using Oracle Enterprise Manager Fusion Middleware Control
Deployment descriptor migration for ADF Business Connect and WebCenter applications using the WebLogic Scripting Tool (WLST)
Cross-domain policy management of Oracle WSM Policies
Advertise policies for WebLogic JAX-WS Web services secured with Oracle WSM security policies
Web services atomic transaction support for SOA Web services and references and WebLogic JAX-WS Web services
Ability to configure a remote policy store at design time in JDeveloper. For more information, see "Using a Different Oracle WSM Policy Store" in "Developing with Web Services" in the JDeveloper Online Help.
Shared policy store for Oracle Infrastructure Web services and WebLogic Web services. For information about managing policies in the shared policy store, see "Using Custom Web Service Policies" in "Developing with Web Services" in the JDeveloper Online Help.
Ability to register Web service sources and to publish registered Web services to UDDI
Support for the DB2 database in the MDS repository
Ability to attach policies to Oracle Infrastructure Web Service providers
Ability to view assertion details for a policy when attaching to an endpoint
Ability to include a timestamp property for assertion templates that define Transport Security (SSL)
Ability to manually configure WebLogic Web service repository retrieval properties in Oracle Enterprise Manager Fusion Middleware Control
11g Release 1 (11.1.1.2) includes the following new features:
Enhanced administration and policy management for asynchronous Web services
Ability to define policy alternatives (OR groups)
Service-side policy configuration overrides
Oracle WSM policy attachment using the WebLogic Scripting Tool (WLST)
Ability to upgrade the Oracle WSM policies in the Oracle WSM Repository using WLST commands
Service identity certification extension for Web services that implement a message-protection policy. The Web service's public certificate is published in the WSDL, and it is no longer necessary for the Web service client to store the Web service's public certificate in its domain-level keystore.
Enhanced support for permission-based authorization using the oracle.wsm.security.WSFunctionPermission permission check class. In this release, the resource target of the WSFunctionPermission is enhanced to include the actual Web service operation name.
Ability to browse WSIL documents and import UDDI v3 registries using Fusion Middleware Control, and register services accordingly
Compliance with WSI-Basic Security Profile
Support for testing RESTful Web services in Fusion Middleware Control Test Web Service page
Support for Microsoft SQL Server in the MDS repository
Ability to use the same Oracle WSM Repository to manage policies across multiple domains. In previous releases, a repository could only be used by a single domain.
New document, Oracle Fusion Middleware Interoperability Guide for Oracle Web Services Manager, that contains the interoperability content previously provided in this document
Interoperability is certified between Oracle Web Services Manager and Axis 1.4 and WSS4J 1.58 security environments
11g Release 1 (11.1.1) includes the following new features:
Integration with the Oracle Fusion Middleware framework
Shared authorization and authentication infrastructure for Web applications and Web services through Oracle Platform Security Services
Automatic identity propagation
Integrated configuration, management, and monitoring of Web services using Oracle Enterprise Manager Fusion Middleware Control
Use of the Oracle Metadata Repository via Oracle Enterprise Manager Fusion Middleware Control
Integrated security management and monitoring of WebLogic Web services
Integrated policy attachment and monitoring support for WebLogic Web services
Enhanced support for Web services security standards
Enterprise policy framework with full standards support (WS-Policy, WS-SecurityPolicy, and WS-PolicyAttachment)
Run Time Services Oriented Architecture (SOA) governance support through reusable run-time policies and bulk attachment of policies
Policy usage and impact analysis