This chapter describes the intended audience of the Oracle Service Bus security documentation and provides links to related Oracle WebLogic Server security documentation.
The Oracle Service Bus security documentation describes how to use standard technologies such as SSL and Web Services Security along with Oracle proprietary technologies to ensure that only authorized users can access resources and messages in an Oracle Service Bus domain.
This document is intended for the following audiences:
Application Architects – Architects who, in addition to setting security goals and designing the overall security architecture for their organizations, evaluate Oracle Service Bus security features and determine how to best implement them. Application Architects have in-depth knowledge of Java programming, Java security, and network security, as well as knowledge of security systems and leading-edge, security technologies and tools.
Security Developers – Developers who focus on defining the system architecture and infrastructure for security products that integrate into Oracle Service Bus and on developing custom security providers for use with Oracle Service Bus. They work with Application Architects to ensure that the security architecture is implemented according to design and that no security holes are introduced, and work with Server Administrators to ensure that security is properly configured. Security Developers have a solid understanding of security concepts, including authentication, authorization, auditing (AAA), in-depth knowledge of Java and Java Management eXtensions (JMX), and working knowledge of Oracle WebLogic Server, Oracle Service Bus, and security provider functionality.
Application Developers – Developers who are Java programmers that focus on developing client applications, adding security to Web applications and Enterprise JavaBeans (EJBs), and working with other engineering, quality assurance (QA), and database teams to implement security features. Application Developers have in-depth knowledge of Java (including J2EE components such as servlets/JSPs and JSEE) and Java security.
Server Administrators – Administrators work closely with Application Architects to design a security scheme for the server and the applications running on the server, to identify potential security risks, and to propose configurations that prevent security problems. Related responsibilities may include maintaining critical production systems, configuring and managing security realms, implementing authentication and authorization schemes for server and application resources, upgrading security features, and maintaining security provider databases. Server Administrators have in-depth knowledge of the Java security architecture, including Web services, Web application and EJB security, Public Key security, SSL, and Security Assertion Markup Language (SAML).
Application Administrators – Administrators who work with Server Administrators to implement and maintain security configurations and authentication and authorization schemes, and to set up and maintain access to deployed application resources in defined security realms. Application Administrators have general knowledge of security concepts and the Java Security architecture. They understand Java, XML, deployment descriptors, and can identify security events in server and audit logs.
Oracle Service Bus uses the Oracle WebLogic security framework as the foundation for higher level security services, including authentication, identity assertion, authorization, role mapping, auditing, and credential mapping. In addition to this document, the following documents provide information about Oracle WebLogic security:
Oracle Fusion Middleware Understanding Security for Oracle WebLogic Server
Oracle Fusion Middleware Security and Administrator's Guide for Web Services
Oracle Fusion Middleware Securing a Production Environment for Oracle WebLogic Server
Oracle Fusion Middleware Securing Resources Using Roles and Policies for Oracle WebLogic Server