1 Overview of OWSM Interoperability

This guide describes interoperability of Oracle Web Services Manager (OWSM) with various security stacks.

Each chapter includes the following information:

Overview of each security stack
An explanation of the usage scenarios

For details regarding limitations and known problems, see "Web Services" in Release Notes for Oracle Fusion Middleware Infrastructure.

For definitions of unfamiliar terms found in this and other books, see the Glossary.

1.1 About OWSM Policies

You attach OWSM policies to web service endpoints. Each policy consists of one or more assertions, defined at the domain-level, that define the security requirements. A set of predefined policies and assertions are provided out-of-the-box.

For more details about the predefined policies, see "Predefined Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

For information about configuring and attaching policies, see "Securing Web Services" and "Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

1.2 OWSM Interoperability Scenarios

Table 1-1 describes the most common OWSM interoperability scenarios.

Table 1-1 Common OWSM Interoperability Scenarios

Security Stack	OWSM Policies	Interoperability Scenario
OWSM 10g	`oracle/wss10_message_protection_service_policy` `oracle/wss10_message_protection_client_policy`	"Anonymous Authentication with Message Protection (WS-Security 1.0)"
OWSM 10g	`oracle/wss10_username_token_with_message_protection_service_policy` `oracle/wss10_username_token_with_message_protection_client_policy`	"Username Token with Message Protection (WS-Security 1.0)"
OWSM 10g	`oracle/wss10_saml_token_with_message_protection_service_policy` `oracle/wss10_saml_token_with_message_protection_client_policy`	"SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)"
OWSM 10g	`oracle/wss10_x509_token_with_message_protection_service_policy` `oracle/wss10_x509_token_with_message_protection_client_policy`	"Mutual Authentication with Message Protection (WS-Security 1.0)"
OWSM 10g	`oracle/wss_username_token_over_ssl_service_policy` `oracle/wss_username_token_over_ssl_client_policy`	"Username Token Over SSL"
OWSM 10g	`oracle/wss_saml_token_over_ssl_service_policy` `oracle/wss_saml_token_over_ssl_client_policy`	"SAML Token (Sender Vouches) Over SSL (WS-Security 1.0)"
OC4J 10g	`oracle/wss10_message_protection_service_policy` `oracle/wss10_message_protection_client_policy`	"Anonymous Authentication with Message Protection (WS-Security 1.0)"
OC4J 10g	`oracle/wss10_username_token_with_message_protection_service_policy` `oracle/wss10_username_token_with_message_protection_client_policy`	"Username Token with Message Protection (WS-Security 1.0)"
OC4J 10g	`oracle/wss10_saml_token_with_message_protection_service_policy` `oracle/wss10_saml_token_with_message_protection_client_policy`	"SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)"
OC4J 10g	`oracle/wss10_x509_token_with_message_protection_service_policy` `oracle/wss10_x509_token_with_message_protection_client_policy`	"Mutual Authentication with Message Protection (WS-Security 1.0)"
OC4J 10g	`oracle/wss_username_token_over_ssl_service_policy` OR `oracle/wss_saml_or_username_token_over_ssl_service_policy` `oracle/wss_username_token_over_ssl_client_policy`	"Username Token Over SSL"
OC4J 10g	o`racle/wss_saml_token_over_ssl_service_policy` OR `oracle/wss_saml_or_username_token_over_ssl_service_policy` `oracle/wss_saml_token_over_ssl_client_policy`	"SAML Token (Sender Vouches) Over SSL (WS-Security 1.0)"
Oracle WebLogic Server 12c	`oracle/wss11_username_token_with_message_protection_service_policy` `oracle/wss11_username_token_with_message_protection_client_policy`	"Username Token With Message Protection (WS-Security 1.1)"
Oracle WebLogic Server 12c	`oracle/wss11_username_token_with_message_protection_service_policy` `oracle/wss11_username_token_with_message_protection_client_policy`	"Username Token With Message Protection (WS-Security 1.1) and MTOM"
Oracle WebLogic Server 12c	`oracle/wss10_username_token_with_message_protection_service_policy` `oracle/wss10_username_token_with_message_protection_client_policy`	"Username Token With Message Protection (WS-Security 1.0)"
Oracle WebLogic Server 12c	`oracle/wss_username_token_over_ssl_service_policy`	"Username Token Over SSL"
Oracle WebLogic Server 12c	`oracle/wss_username_token_over_ssl_service_policy`	"Username Token Over SSL with MTOM"
Oracle WebLogic Server 12c	`oracle/wss_saml_token_over_ssl_service_policy`	"SAML Token (Sender Vouches) Over SSL"
Oracle WebLogic Server 12c	`oracle/wss11_saml20_token_with_message_protection_service_policy` `oracle/wss11_saml20_token_with_message_protection_client_policy`	"SAML Token (Sender Vouches) Over SSL with MTOM"
Oracle WebLogic Server 12c	`oracle/wss11_saml20_token_with_message_protection_service_policy` `oracle/wss11_saml20_token_with_message_protection_client_policy`	"SAML Token 2.0 (Sender Vouches) With Message Protection (WS-Security 1.1)"
Oracle WebLogic Server 12c	`oracle/wss11_saml_token_with_message_protection_service_policy` `oracle/wss11_saml_token_with_message_protection_client_policy`	"SAML Token (Sender Vouches) with Message Protection (WS-Security 1.1)"
Oracle WebLogic Server 12c	`oracle/wss11_saml_token_with_message_protection_service_policy` `oracle/wss11_saml_token_with_message_protection_client_policy`	"SAML Token (Sender Vouches) with Message Protection (WS-Security 1.1) and MTOM "
Oracle WebLogic Server 12c	`oracle/wss10_saml_token_with_message_protection_service_policy` `oracle/wss10_saml_token_with_message_protection_client_policy`	"SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)"
Oracle WebLogic Server 12c	`oracle/wss10_x509_token_with_message_protection_service_policy` `oracle/wss10_x509_token_with_message_protection_client_policy`	"Mutual Authentication with Message Protection (WS-Security 1.0)"
Oracle WebLogic Server 12c	`oracle/wss11_x509_token_with_message_protection_service_policy` `oracle/wss11_x509_token_with_message_protection_client_policy`	"Mutual Authentication with Message Protection (WS-Security 1.1)"
Microsoft WCF/.NET 3.5	`oracle/wsmtom_policy`	"Message Transmission Optimization Mechanism (MTOM)"
Microsoft WCF/.NET 3.5	`oracle/wss11_username_token_with_message_protection_service_policy` OR `oracle/wss11_saml_or_username_token_with_message_protection_service_policy` `oracle/wss11_username_token_with_message_protection_client_policy`	"Username Token With Message Protection (WS-Security 1.1)"
Microsoft WCF/.NET 3.5	`oracle/wss_saml_or_username_token_over_ssl_service_policy` OR `oracle/wss_username_token_over_ssl_service_policy`	"Username Token Over SSL"
Microsoft WCF/.NET 3.5	`oracle/wss11_x509_token_with_message_protection_service_policy` `oracle/wss11_x509_token_with_message_protection_client_policy`	"Mutual Authentication with Message Protection (WS-Security 1.1)"
Microsoft WCF/.NET 3.5	`oracle/wss11_kerberos_with_message_protection_service_policy`	"Kerberos with Message Protection"
Microsoft WCF/.NET 3.5	`wss11_kerberos_token_with_message_protection_basic128_service_policy`	"Kerberos with Message Protection Using Derived Keys"
Microsoft WCF/.NET 3.5	Policy created with `http_spnego_token_service_template`	"Kerberos with SPNEGO Negotiation"
Microsoft WCF/.NET 3.5	Policy created with `http_spnego_token_service_template`	"Kerberos with SPNEGO Negotiation and Credential Delegation"
Oracle Service Bus 10g	`wss10_username_token_with_message_protection_client_policy` `wss10_username_token_with_message_protection_service_policy`	"Username Token with Message Protection (WS-Security 1.0)"
Oracle Service Bus 10g	`oracle/wss10_saml_token_with_message_protection_service_policy` `oracle/wss10_saml_token_with_message_protection_client_policy`	"SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)"
Oracle Service Bus 10g	`oracle/wss_saml_or_username_token_over_ssl_service_policy`	"SAML or Username Token Over SSL"
Oracle Service Bus 10g	`oracle/wss10_x509_token_with_message_protection_service_policy` `oracle/wss10_x509_token_with_message_protection_client_policy`	"Mutual Authentication with Message Protection (WS-Security 1.0)"
Axis 1.4 and WSS4J 1.5.8	`oracle/wss10_username_token_with_message_protection_service_policy` `oracle/wss10_username_token_with_message_protection_client_policy`	"Username Token with Message Protection (WS-Security 1.0)"
Axis 1.4 and WSS4J 1.5.8	`oracle/wss10_saml_token_with_message_protection_service_policy` `oracle/wss10_saml_token_with_message_protection_client_policy`	"SAML Token with Message Protection (WS-Security 1.0)"
Axis 1.4 and WSS4J 1.5.8	`oracle/wss_username_token_over_ssl_service_policy` `oracle/wss_username_token_over_ssl_client_policy`	"Username Token Over SSL"
Axis 1.4 and WSS4J 1.5.8	`oracle/wss_saml_token_over_ssl_service_policy` `oracle/wss_saml_token_over_ssl_client_policy`	"SAML Token (Sender Vouches) Over SSL"
GlassFish Enterprise Server	`oracle/wss11_saml_token_with_message_protection_service_policy` `oracle/wss11_saml_token_with_message_protection_client_policy`	"SAML Token (Sender Vouches) with Message Protection (WS-Security 1.1)"