3.2 Using OWSM Security Policies

When higher degrees of security are desirable, Oracle I/PM web services support the following Oracle Web Services Management (OWSM) security policies.

  • wss_username_token

  • wss_username_token_over_ssl

  • wss11_username_token_with_message_protection

  • wss10_saml_token

  • wss_saml_token_over_ssl

  • wss11_saml_token_with_message_protection

When applying a security policy to the I/PM web services, remember that the same policy must be applied to all of the web services with the exception of the DocumentContentService. The DocumentContentService is designed to use streaming MTOM that is incompatible with OWSM security policies. Security for DocumentContentService first requires a separate, stateful login through the LoginService, which does leverage OWSM security policy. (This information is primarily significant when making direct web services calls. The proper login sequence occurs automatically when using the native Java API.