This chapter describes policies and policy sets, provides information about the OWSM predefined policies and templates, and explains how policies attach to Oracle Infrastructure web services. It included the following sections:
Policies describe the capabilities and requirements of a web service such as whether and how a message must be secured, whether and how a message must be delivered reliably, and so on.
For more information, see "Understanding Polices" in Understanding Oracle Web Services Manager.
A policy set, which can contain multiple policy references, is an abstract representation that provides a means to attach policies globally to a range of subjects of the same type. Attaching policies globally using policy sets provides a mechanism for the administrator to ensure that all subjects are secured in situations where the developer, assembler, or deployer did not explicitly specify the policies to be attached. Policies that are attached using a policy set are considered externally attached.
Policy sets provide the ability to specify a runtime constraint that determines the context in which the policy set is relevant. For example, you can specify that a service use message protection when communicating with external clients only since the message may be transmitted over insecure public networks. However, when communicating with internal clients on a trusted network, message protection may not be required. For more information about policy sets, see "Global Policy Attachments Using Policy Sets" in Understanding Oracle Web Services Manager.
Oracle Web Services Manager (OWSM) provides a policy framework to manage and secure web services consistently across your organization.
OWSM can be used by both developers, at design time, and system administrators in production environments. For more information about the OWSM policy framework, see "Understanding the OWSM Policy Framework" in Understanding Oracle Web Services Manager.
There is a set of predefined OWSM policies and assertion templates that are automatically available when you install Oracle Fusion Middleware. The predefined policies are based on common best practice policy patterns used in customer deployments.
You can immediately begin attaching these predefined policies to your web services or clients. You can configure the predefined policies or create a new policy by making a copy of one of the predefined policies.
Predefined policies are constructed using assertions based on predefined assertion templates. You can create new assertion templates, as required.
For more information about the predefined OWSM policies and assertion templates, see the following sections in Securing Web Services and Managing Policies with Oracle Web Services Manager:
Security policies provide a framework to manage and secure web services consistently across your organization.
Security policies can be attached directly to web services endpoints:
Programmatically, at design time, using annotations. When developing an application using JDeveloper, you can take advantage of the wizards available to attach policies to web services and clients.
Post-deployment using Oracle Fusion Middleware and WLST.
In addition, policy sets provide a means to attach policies globally to a range of endpoints of the same type.
For complete details, see "Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager.