Oracle Fusion Middleware Security Performance Tuning 25-7 section provides information on factors that might affect performance of the web service. ■ Choosing the Right Policy ■ Policy Manager ■ Configuring the Log Assertion to Record SOAP Messages ■ Monitoring the Performance of Web Services

25.4.1 Choosing the Right Policy

Oracle Web Services Security supports many policies and the appropriate policies must be implemented based on the security need of the deployment. Careful consideration should be given to performance, since each additional policy can impact performance. For example Transport level security SSL is faster than Application level security, but transport level security can be vulnerable in multi-step transactions. Application level security has more performance implications, but provides end-to-end security. See Configuring Policies in Oracle Fusion Middleware Security and Administrators Guide for Web Services to determine which security policies are required for a deployment.

25.4.2 Policy Manager

There is an inherent performance impact when using the database-based policy enforcement. When database policy enforcement is chosen, careful consideration must be given to the polling frequency of the agent to the database.

25.4.3 Configuring the Log Assertion to Record SOAP Messages

The request and response pipelines of the default policy include a log assertion that causes policy enforcement points PEP to record SOAP messages to either a database or a component-specific local file. There can be potential performance impacts to the logging level. To prevent performance issues, consider using the lowest logging level that is appropriate for your deployment. The following logging levels can be configured in the log step: ■ Header - Only the SOAP header is recorded. ■ Body - Only the message content body is recorded. ■ Envelope - The entire SOAP envelope, which includes both the header and the body, is recorded. Any attachments are not recorded. ■ All - The full message is recorded. This includes the SOAP header, the body, and all attachments, which might be URLs existing outside the SOAP message itself. Note: Typically, system performance improves when log files are located in topological proximity to the enforcement component. If possible, use multiple distributed logs in a highly distributed environment.

25.4.4 Monitoring the Performance of Web Services

You can monitor the performance on the following Oracle Web Services through the Web Services home page of Oracle Fusion Middleware Control: ■ Endpoint Enabled Metrics such as: 25-8 Oracle Fusion Middleware Performance and Tuning Guide – Policy Reference Status – Total Violations – Security Violations ■ Invocations Completed ■ Response Time, in seconds ■ Policy Violations such as: – Total Violations – Authentication Violations – Authorization Violations – Confidentiality Violations – Integrity Violations ■ Total Faults For general information on monitoring Oracle Fusion Middleware components, see Chapter 4, Monitoring Oracle Fusion Middleware . For detailed information on using Oracle Fusion Middleware Control to monitor Oracle Web Services, see Monitoring the Performance of Web Services in Oracle Fusion Middleware Security and Administrators Guide for Web Services.