Managing Web Services Users

From a product perspective, a Web Service is a channel into the objects within Oracle Utilities Work and Asset Management. Any of the objects, services and scripts available in the product can be exposed as JAX-WS 2.0 based Web Service. From a security perspective Web Services uses the following security mechanisms:

Security Mechanism	Description
Authentication	The Web Services component of Oracle Utilities Work and Asset Management uses the Web Services support native to Oracle WebLogic. This allows security tokens supporting many standards to be used to authenticate individual web service calls.
Authorization	The Web Services component uses the same authorization model as the Online Users and the Batch component. Note: The Authorization User within the User object is mapped through the Authentication User in the same way that Online Users are mapped.

To manage Web Services security users the following is recommended:

• Users for authentication are added to the security repository configured with Oracle WebLogic. This should match the Login Id used for the authorization model.

• Security Policies need to be attached to Web Services using Oracle WebLogic. For Oracle WebLogic the security policies available using Oracle Web Services Manager are available for use with individual Web Services. Multiple policies are supported. Refer to the Securing WebLogic Web Services for Oracle WebLogic Server for more information and the policies available.

• Users must be defined to the authorization model with appropriate access to underlying services used by the Web Service. For Web Services based upon business objects, services and scripts, users need appropriate access to the Application Service defined on these objects.

• Transaction Types in the Web Services translate to Access Modes within the Application Service calls.

For more information about Inbound Web Services, refer to the Web Services Best Practices (Doc Id: 2214375.1).