1 Overview of Oracle Web Services Security and Policy Management

Learn about Oracle web services security and policy management using Oracle Web Services Manager (OWSM).

It includes the following topics:

• Web Services Security and Policy Management

• Categories of Oracle Web Services Secured Using OWSM

1.1 Web Services Security and Policy Management

Oracle Web Services Manager (OWSM) provides a policy framework to manage and secure web services consistently across your organization.

For details about OWSM, see Understanding Oracle Web Services Manager.

OWSM can be used by both developers, at design time, and system administrators in production environments:

• Application developers use Oracle JDeveloper to leverage the security and management features of the OWSM policy framework. For more information, see "Developing and Securing Web Services" in Developing Applications with Oracle JDeveloper.

• System administrators can leverage OWSM post-deployment using Oracle Enterprise Manager Fusion Middleware Control or the command line interface WebLogic Scripting Tool (WLST).

Details for using OWSM, including the predefined policies and assertions, to secure the web services in your environment are described throughout this document.

For definitions of unfamiliar terms found in this and other books, see the Glossary.

1.2 Categories of Oracle Web Services Secured Using OWSM

Know more about the types and categories of Oracle web services you can secure using the OWSM framework.

The types and categories of Oracle web services are listed in Table 1-1. For more information about the web service categories and the types of web services and clients, see "Overview of Web Services in Oracle Fusion Middleware 12c" in Understanding Web Services.

Table 1-1 Categories of Oracle Web Services Secured Using OWSM

Web Service Category	Web Service and Client Types
Oracle Infrastructure web services	Oracle ADF Services ADF Business Components services (SOAP and RESTful) ADF web applications (SOAP and RESTful) ADF data controls (SOAP only)
Oracle Infrastructure web services	Oracle Enterprise Scheduler Web service jobs and callback services (SOAP only)
Oracle Infrastructure web services	Oracle Service Bus Business and proxy services (SOAP, RESTful) JCA adapters Note: You can also attach a subset of OWSM policies to non-SOAP HTTP endpoints. For more information, see "Supported OWSM Seed Policies for WSDL (non-SOAP), XML, and Messaging Service Service Types with HTTP Transport" in Developing Services with Oracle Service Bus.
Oracle Infrastructure web services	Oracle SOA web services Service components (SOAP and RESTful) Service and reference binding components (SOAP and RESTful) JCA adapters
Java EE (WebLogic) web services	JAX-WS (SOAP) web services JAX-RS (RESTful) web services