3-10 Oracle Fusion Middleware Concepts and Architecture for Oracle Service Bus

3.3.1 Oracle Web Services Manager

You can secure your services by using Oracle Web Services Manager policies with your Oracle Service Bus services. Oracle Web Services Manager is a component of the Oracle Enterprise Manager Fusion Middleware Control, a run-time framework that provides centralized management and governance of Oracle SOA Suite environments and applications. For more information, see Security Oracle Service Bus with Oracle Web Services Manager in the Oracle Fusion Middleware Developers Guide for Oracle Service Bus.

3.3.2 WS-Policies

Web Services Policy WS-Policy is a standards-based framework for defining a Web services security constraints and requirements. It expresses security constraints and requirements in a collection of XML statements called policies, each of which contains one or more assertions. In Oracle Service Bus, WS-Policy assertions are used to specify a Web services requirements for digital signatures and encryption, along with the security algorithms and authentication mechanisms that it requires. WS-Policy policies may be included directly in a WSDL document or included by reference, and a WSDL document may import other WSDL documents that contain or refer to WS-Policy policies. An XML file that contains these policies can be used by multiple proxy services or business services. The WebLogic Web Services runtime environment recognizes two types of WS-Policy statements: ■ Concrete WS-Policy statements: specify the security tokens that are used for authentication, encryption, and digital signatures. These WS-Policy statements are created if the type of authentication required such as using X.509 or SAML tokens, multiple private key and certificate pairs from the keystore used for encryption and digital signatures, are known at run-time. ■ Abstract WS-Policy statements: that do not specify security tokens. The Oracle Service Bus runtime environment determines which security token types an abstract policy will accept. For information on configuring the runtime environment, see Using WS-Policy in Oracle Service Bus Proxy and Business Services in the Oracle Fusion Middleware Developers Guide for Oracle Service Bus. Policies are referenced by an URI, either embedded within a WSDL, an HTTP URI, or a policy URI for example. policy:myPolicy. Policy URIs can reference in-built policies. For more information on WS-Policy, see the Oracle Fusion Middleware Developers Guide for Oracle Service Bus.

3.3.3 Service Accounts