| Oracle® Retail Service Backbone Oracle® Retail Service Backbone Implementation Guide 14.1 E57331-01 |
|
 Previous |
 Next |
| Oracle® Retail Service Backbone Oracle® Retail Service Backbone Implementation Guide 14.1 E57331-01 |
|
Previous |
Next |
Security in the integration layer is a big concern for every retail enterprise. The security system should be open enough to allow trusted remote applications to integrate easily and, at the same time, lock down unauthorized remote access. To address security concerns, RSB utilizes a standard policy based security model supported by WebLogic and OSB. The security policy and the implementation details are described in the RSB Security Guide.
The RSB decorator services, edge app Web services and consumers can be secured to in many ways. The preferred method of security is by using web service security policies. There are many security policies available in OSB and edge app servers. Additionally, you can write custom security policies using security policy authoring tools.
The choice of security policy for a layer depends on the security policies available in other layers. The policies have to be compatible in order for the system to work. RSB supports two sets of such compatible policies out of the box. These are called Policy A and Policy B. While there is no restriction on RSB side to use any other policy, there is no built-in support for any other policies other than the two sets mentioned before.
In both Policy A and Policy B, OWSM is the security provider in RSB/OSB layer and WebLogic is the security provider in the edge app layer. Policy A is basically SSL plus Username Token and Policy B is Message Protection plus Username Token.
