Database Reference
In-Depth Information
Enterprise Security Gateway
Some organizations use a centralized security gateway to protect the services from
an SOA platform. Some of the available options for a centralized gateway are Oracle
Enterprise Gateway 11
g
and other third-party products such as Intel Expressway
Service Gateway.
As shown in the following diagram, the gateway intercepts the calls between service
clients and service providers, and performs authentication, authorization, and en-
cryption. The OWSM can act as a gateway to enforce the security policies. However,
some organizations can use a separate security gateway product for enforcing se-
curity in DMZ. Alternatively, the web server handles the encryption and a provider
such as Oracle Access Manager and IBM Tivoli Access Manager handle the authen-
tication and authorization.
Oracle Web Service Manager (OWSM)
OWSM is for protecting web services by applying the security policies and enforcing
them. It is a platform for securing and managing access to a web service. As shown
in the following diagram, OWSM defines, attaches, validates, enforces, and monitors
security policies for securing web services.
OWSM is part of the SOA Suite that doesn't require a separate install. Oracle also
provides many security enforcement software products such as
Oracle Entitlement
Server
and
Oracle Identity Manager
. However, OWSM satisfies the basic needs
to protect most of the web service implementations. OWSM supports WS-security
