Skip Headers
Oracle® Fusion Middleware Developer's Guide for Oracle Infrastructure Web Services
11g Release 1 (11.1.1)

Part Number E15184-06
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

3 Securing Oracle Infrastructure Web Services

This chapter describes how to secure Oracle Infrastructure Web services.

This chapter includes the following topics:

Overview of Web Services Security

Web services security includes several aspects:

For more information about these Web services security concepts, see "Understanding Web Services Security Concepts" in Security and Administrator's Guide for Web Services.

Oracle Web Services Manager (WSM) is designed to define and implement Web services security in heterogeneous environments, including authentication, authorization, message encryption and decryption, signature generation and validation, and identity propagation across multiple Web services used to complete a single transaction. In addition, Oracle WSM provides tools to manage Web services based on service-level agreements. For example, the user (a security architect or a systems administrator) can define the availability of a Web service, its response time, and other information that may be used for billing purposes. For more information about Oracle WSM, see "Understanding Oracle WSM Policy Framework" in Security and Administrator's Guide for Web Services.

Oracle WSM Predefined Security Policies and Assertion Templates

As described in Chapter 2, "Attaching Policies to Oracle Infrastructure Web Services,", Oracle WSM provides a set of predefined policies and assertion templates that are automatically available when you install Oracle Fusion Middleware.

The following categories of security policies and assertion templates are available out-of-the-box:

For complete details about the predefined security policies and assertion template, see the following sections in Security and Administrator's Guide for Web Services:

For assistance in determining which security policies to use, see "Determining Which Security Policies to Use" in Security and Administrator's Guide for Web Services.

Attaching Security Policies

You can attach security policies to Oracle Infrastructure Web services and clients at design time using Oracle JDeveloper, or runtime using the Oracle Enterprise Manager. For more information, see Chapter 2, "Attaching Policies to Oracle Infrastructure Web Services."

Configuring Security Policies

You must configure the security policies before you can use them in your environment. The steps to configure security policies are described in "Configuring Policies" in Security and Administrator's Guide for Web Services.

The following table provides references to the configuration steps for each policy category.

Table 3-1 Configuring Security Policies

Policy Category Configuration Steps in Security and Administrator's Guide for Web Services

Authentication Only Policies

"Authentication-Only Policies and Configuration Steps"

Message Protection Only Policies

"Message Protection-Only Policies and Configuration Steps"

Message Protection and Authentication Policies

"Message Protection and Authentication Policies and Configuration Steps"

Authorization Policies

"Authorization Policies"