Database Reference
In-Depth Information
•
How do you preserve integrity of messages to be sure that they remain un-
altered during transit and also have non-repudiation to prevent replaying the
same messages more than once?
These are a selected few of the issues you will need to consider. Rest assured
you will come across many more! Security in general can be implemented at
either the transport level by implementing SSL to protect communication chan-
nels between the provider and consumer of services, at the application level by
using several message level security management techniques, or a combination
thereof. For instance, an identification token can be generated and sent along
with a message to authorize and authenticate service requestors, and/or mes-
sage privacy and confidentiality can be achieved by encrypting the content of a
message and obfuscating the sending and receiving parties' identities, while a
timestamp in the signature prevents anyone from replaying this message after
its expiry and, thus, providing non-repudiation. However, an important point to
consider before building security into the application layer is that it makes the se-
curity framework inhibitive if security requirements change. It is, therefore, wise
and smart to build and enforce security through the middleware layer instead,
external to any individual application. Not only will this allow building a secur-
ity framework that is flexible to changes and not requiring any change in the
deployed applications, but having this strategy also allows for a centralized ad-
ministration of security policies. If security requirements happen to change, a
change in the declarative policy components and some supported configuration
in the infrastructure is all that is required to cater to the change. The challenge,
however, lies with the infrastructure administrator, like you, to manage and con-
figure security across different integration points and components. Although se-
curity can be implemented in many ways, the preferred approach to implement-
ing common security patterns in Oracle SOA Suite 11g is by leveraging
Oracle
Web Services Manager (OWSM)
policies and this will be the primary focus of
this chapter.
This chapter introduces you to the OWSM-based policy framework, how it
provides security as a service, and how to implement it in your infrastructure in
a step-by-step fashion. You will also learn to transpire the theories into real life
use cases showcasing security implementations using OWSM.
