1 Overview of OWSM Interoperability

Oracle Web Services Manager (OWSM) is interoperable with various products in the security stacks.

Each chapter includes the following information:

  • Overview of each security stack

  • An explanation of the usage scenarios

For details regarding limitations and known problems, see Web Services in Release Notes for Oracle Fusion Middleware Infrastructure.

For definitions of unfamiliar terms found in this and other books, see the Glossary.

This Chapter includes the following sections:

1.1 About OWSM Policies

OWSM policies must be attached to web service endpoints. Each policy consists of one or more assertions, defined at the domain-level, that define the security requirements. A set of predefined policies and assertions are provided out-of-the-box.

For more details about the predefined policies, see "Predefined Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

For information about configuring and attaching policies, see "Securing Web Services" and "Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

1.2 OWSM Interoperability Scenarios

You can review the different scenarios for interoperability between OWSM and the various components in the security environment.

Table 1-1 describes the most common OWSM interoperability scenarios.

Table 1-1 Common OWSM Interoperability Scenarios

Security Stack OWSM Policies Interoperability Scenario

OWSM 10g

oracle/wss10_message_protection_service_policy

oracle/wss10_message_protection_client_policy

"Anonymous Authentication with Message Protection (WS-Security 1.0)"

OWSM 10g

oracle/wss10_username_token_with_message_protection_service_policy

oracle/wss10_username_token_with_message_protection_client_policy

"Username Token with Message Protection (WS-Security 1.0)"

OWSM 10g

oracle/wss10_saml_token_with_message_protection_service_policy

oracle/wss10_saml_token_with_message_protection_client_policy

"SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)"

OWSM 10g

oracle/wss10_x509_token_with_message_protection_service_policy

oracle/wss10_x509_token_with_message_protection_client_policy

"Mutual Authentication with Message Protection (WS-Security 1.0)"

OWSM 10g

oracle/wss_username_token_over_ssl_service_policy

oracle/wss_username_token_over_ssl_client_policy

"Username Token Over SSL"

OWSM 10g

oracle/wss_saml_token_over_ssl_service_policy

oracle/wss_saml_token_over_ssl_client_policy

"SAML Token (Sender Vouches) over SSL (WS-Security 1.0)"

OC4J 10g

oracle/wss10_message_protection_service_policy

oracle/wss10_message_protection_client_policy

"Anonymous Authentication with Message Protection for OC4J 10g Client (WS-Security 1.0)"

OC4J 10g

oracle/wss10_username_token_with_message_protection_service_policy

oracle/wss10_username_token_with_message_protection_client_policy

"Username Token with Message Protection for OC4J 10g Client (WS-Security 1.0)"

OC4J 10g

oracle/wss10_saml_token_with_message_protection_service_policy

oracle/wss10_saml_token_with_message_protection_client_policy

"SAML Token (Sender Vouches) with Message Protection for OC4J 10g Client (WS-Security 1.0)"

OC4J 10g

oracle/wss10_x509_token_with_message_protection_service_policy

oracle/wss10_x509_token_with_message_protection_client_policy

"Mutual Authentication with Message Protection for OC4J 10g Client (WS-Security 1.0)"

OC4J 10g

oracle/wss_username_token_over_ssl_service_policy

OR

oracle/wss_saml_or_username_token_over_ssl_service_policy

oracle/wss_username_token_over_ssl_client_policy

"Username Token over SSL for OC4J 10g Client"

OC4J 10g

oracle/wss_saml_token_over_ssl_service_policy

OR

oracle/wss_saml_or_username_token_over_ssl_service_policy

oracle/wss_saml_token_over_ssl_client_policy

"SAML Token (Sender Vouches) over SSL for OC4J 10g Client (WS-Security 1.0)"

Oracle WebLogic Server 12c

oracle/wss11_username_token_with_message_protection_service_policy

oracle/wss11_username_token_with_message_protection_client_policy

"Username Token with Message Protection for Oracle WebLogic Server (WS-Security 1.1)"

Oracle WebLogic Server 12c

oracle/wss11_username_token_with_message_protection_service_policy

oracle/wss11_username_token_with_message_protection_client_policy

"Username Token with Message Protection for Oracle WebLogic Server (WS-Security 1.1) and MTOM"

Oracle WebLogic Server 12c

oracle/wss10_username_token_with_message_protection_service_policy

oracle/wss10_username_token_with_message_protection_client_policy

"Username Token with Message Protection Oracle WebLogic Server (WS-Security 1.0)"

Oracle WebLogic Server 12c

oracle/wss_username_token_over_ssl_service_policy

"Username Token over SSL for Oracle WebLogic Server"

Oracle WebLogic Server 12c

oracle/wss_username_token_over_ssl_service_policy

"Implementing Username Token Over SSL for Oracle WebLogic Server with MTOM"

Oracle WebLogic Server 12c

oracle/wss_saml_token_over_ssl_service_policy

"SAML Token (Sender Vouches) over SSL for Oracle WebLogic Server"

Oracle WebLogic Server 12c

oracle/wss11_saml20_token_with_message_protection_service_policy

oracle/wss11_saml20_token_with_message_protection_client_policy

"Implementing SAML Token (Sender Vouches) Over SSL for Oracle WebLogic Server with MTOM"

Oracle WebLogic Server 12c

oracle/wss11_saml20_token_with_message_protection_service_policy

oracle/wss11_saml20_token_with_message_protection_client_policy

"SAML Token 2.0 (Sender Vouches) Message Protection for Oracle WebLogic Server (WS-Security 1.1)"

Oracle WebLogic Server 12c

oracle/wss11_saml_token_with_message_protection_service_policy

oracle/wss11_saml_token_with_message_protection_client_policy

"SAML Token (Sender Vouches) with Message Protection (WS-Security 1.1) for Oracle WebLogic Server"

Oracle WebLogic Server 12c

oracle/wss11_saml_token_with_message_protection_service_policy

oracle/wss11_saml_token_with_message_protection_client_policy

"SAML Token (Sender Vouches) with Message Protection (WS-Security 1.1) and MTOM for Oracle WebLogic Server"

Oracle WebLogic Server 12c

oracle/wss10_saml_token_with_message_protection_service_policy

oracle/wss10_saml_token_with_message_protection_client_policy

"SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0) for Oracle WebLogic Server"

Oracle WebLogic Server 12c

oracle/wss10_x509_token_with_message_protection_service_policy

oracle/wss10_x509_token_with_message_protection_client_policy

"Mutual Authentication with Message Protection (WS-Security 1.0) for Oracle WebLogic Server"

Oracle WebLogic Server 12c

oracle/wss11_x509_token_with_message_protection_service_policy

oracle/wss11_x509_token_with_message_protection_client_policy

"Mutual Authentication with Message Protection (WS-Security 1.1) for Oracle WebLogic Server"

Microsoft WCF/.NET 3.5

oracle/wsmtom_policy

"Implementing a Message Transmission Optimization Mechanism for Microsoft WCF/.NET 3.5 Client"

Microsoft WCF/.NET 3.5

oracle/wss11_username_token_with_message_protection_service_policy

OR

oracle/wss11_saml_or_username_token_with_message_protection_service_policy

oracle/wss11_username_token_with_message_protection_client_policy

"Implementing a Username Token with Message Protection (WS-Security 1.1) for Microsoft WCF/.NET 3.5 Client"

Microsoft WCF/.NET 3.5

oracle/wss_saml_or_username_token_over_ssl_service_policy

OR

oracle/wss_username_token_over_ssl_service_policy

"Implementing a Username Token Over SSL for Microsoft WCF/.NET 3.5 Client"

Microsoft WCF/.NET 3.5

oracle/wss11_x509_token_with_message_protection_service_policy

oracle/wss11_x509_token_with_message_protection_client_policy

"Implementing a Mutual Authentication with Message Protection (WS-Security 1.1) for Microsoft WCF/.NET 3.5 Client"

Microsoft WCF/.NET 3.5

oracle/wss11_kerberos_with_message_protection_service_policy

"Implementing a Kerberos with Message Protection for Microsoft WCF/.NET 3.5 Client"

Microsoft WCF/.NET 3.5

wss11_kerberos_token_with_message_protection_basic128_service_policy

"Implementing a Kerberos with Message Protection Using Derived Keys for Microsoft WCF/.NET 3.5 Client"

Microsoft WCF/.NET 3.5

Policy created with http_spnego_token_service_template

"Implementing a Kerberos with SPNEGO Negotiation for Microsoft WCF/.NET 3.5 Client"

Microsoft WCF/.NET 3.5

Policy created with http_spnego_token_service_template

"Implementing a Kerberos with SPNEGO Negotiation and Credential Delegation for Microsoft WCF/.NET 3.5 Client"

Oracle Service Bus 10g

wss10_username_token_with_message_protection_client_policy

wss10_username_token_with_message_protection_service_policy

"Implementing a Username Token with Message Protection (WS-Security 1.0) for Oracle Service Bus 10g Client"

Oracle Service Bus 10g

oracle/wss10_saml_token_with_message_protection_service_policy

oracle/wss10_saml_token_with_message_protection_client_policy

"Implementing a SAML Sender Vouches Token with WS-Security 1.0 Message Protection for Oracle Service Bus 10g Client"

Oracle Service Bus 10g

oracle/wss_saml_or_username_token_over_ssl_service_policy

"Implementing a SAML or Username Token Over SSL for Oracle Service Bus 10g Client"

Oracle Service Bus 10g

oracle/wss10_x509_token_with_message_protection_service_policy

oracle/wss10_x509_token_with_message_protection_client_policy

"Implementing a Mutual Authentication with WS-Security 1.0 Message Protection for Oracle Service Bus 10g Client"

Axis 1.4 and WSS4J 1.5.8

oracle/wss10_username_token_with_message_protection_service_policy

oracle/wss10_username_token_with_message_protection_client_policy

"Implementing a Username Token with Message Protection (WS-Security 1.0) for Axis and WSS4J Client"

Axis 1.4 and WSS4J 1.5.8

oracle/wss10_saml_token_with_message_protection_service_policy

oracle/wss10_saml_token_with_message_protection_client_policy

"Implementing a SAML Token with Message Protection (WS-Security 1.0) for Axis and WSS4J Client"

Axis 1.4 and WSS4J 1.5.8

oracle/wss_username_token_over_ssl_service_policy

oracle/wss_username_token_over_ssl_client_policy

"Implementing a Username Token over SSL for Axis and WSS4J Client"

Axis 1.4 and WSS4J 1.5.8

oracle/wss_saml_token_over_ssl_service_policy

oracle/wss_saml_token_over_ssl_client_policy

"Implementing a SAML Token (Sender Vouches) over SSL for Axis and WSS4J Client"

GlassFish Enterprise Server

oracle/wss11_saml_token_with_message_protection_service_policy

oracle/wss11_saml_token_with_message_protection_client_policy

"Implementing a SAML Token (Sender Vouches) with Message Protection for GlassFish Client (WS-Security 1.1)"