C Secure Web Services

Oracle Retail Integration Bus uses Web services for its integrations with Oracle Retail Management System. This appendix discusses security for the Web services.

WS-Security

The OASIS WS-Security specification is the open standard for Web services security. Its goal is to enable applications to secure SOAP message exchanges by providing encryption, integrity, and authentication support. WS-Security offers a general-purpose mechanism for associating security tokens with message content. The specification defines these approved token types:

• Username Token Profile

• X.509 Certificate Token Profile

• Security Assertion Markup Language (SAML) Token Profile

Web Service Security Implementation

Oracle Retail Management System Web services are protected using the WS-Security user authentication mechanism. Clients who want to access these Web services have to provide a valid user ID and password using a WS-Security Username Token.

Oracle Retail Management System Web Service

Oracle Retail Integration Bus can communicate with both secured and unsecured Oracle Retail Management System Web services. If the Web service is secured, the Oracle Retail Integration Bus adds the Username Token to the request.