3-12 Oracle Fusion Middleware Concepts and Architecture for Oracle Service Bus with certificates. For more information, see Service Key Providers in the Oracle Fusion Middleware Administrators Guide for Oracle Service Bus.

3.3.4.3 Options for Identity Propagation

Options for Identity Propagation allows for decision making when designing security for Oracle Service Bus, including how to propagate the identities that clients provide. Oracle Service Bus can be configured to do any of the following: ■ Authenticate the credentials that clients provide ■ Perform authorization checks ■ Pass client credentials to business services unchanged ■ Map client credentials to a different set of credentials that a business service can authenticate and authorize ■ Bridge between security technologies For detailed descriptions of these Oracle WebLogic Server security providers and Oracle WebLogic Server security architecture in general, see Oracle Fusion Middleware Understanding Security for Oracle WebLogic Server Oracle Service Bus security supports the WS-Policy specification. For more information on WS-Policy specification, see the Web Services Policy Framework WS-Policy and Web Services Policy Attachment WS-PolicyAttachment which is available at http:specs.xmlsoap.orgws200409policy . Using the Oracle Service Bus Administration Console, it is possible to configure a service with security policies that apply to messages in its interface. A security policy can be specified for a service or for individual messages associated with the operations of a service. When a security policy is specified for a service, the policy applies to all messages sent to that service. Oracle Service Bus enables you to use the Oracle WebLogic Server security providers at several different levels in its operation. The following levels of security are supported: ■ Section 3.3.4.4, User Management ■ Section 3.3.4.5, Administrative Security ■ Section 3.3.4.6, Transport-Level Security ■ Section 3.3.4.7, Message-Level Security For more information on security levels, see the Oracle Fusion Middleware Developers Guide for Oracle Service Bus.

3.3.4.4 User Management

Oracle Service Bus user management is built on the unified Oracle WebLogic Server security framework. This framework enables the Oracle Service Bus Administration Console to support task-level authorization based on security policies associated with roles assigned to named groups or individual users. For more information on the Oracle WebLogic Server security framework, see the Oracle Fusion Middleware Understanding Security for Oracle WebLogic Server. The Oracle Service Bus Administration Console is used to manage Oracle Service Bus users, groups, and roles. For information on how to manage Oracle Service Bus users, groups, and roles using the Oracle Service Bus Administration Console, see Security Configuration in the Oracle Fusion Middleware Administrators Guide for Oracle Service Bus. Service Integration 3-13

3.3.4.5 Administrative Security

To give users access to administrative functions such as creating proxy services, they can be assigned to one of four security roles with pre-defined access privileges. A security role is an identity that can be dynamically conferred upon a user or group based on conditions that are evaluated at runtime. The access privileges for the Oracle Service Bus administrative security roles cannot be changed but the conditions under which a user or group is in one of the roles can be changed. By default, the first user created for an Oracle Service Bus domain is an Oracle WebLogic Server Administrator. This user has full access to all Oracle Service Bus objects and functions, and can execute user management tasks to provide controlled access to Oracle Service Bus Administration Console functionality. The following is a list of default roles to which Oracle Service Bus users can be assigned: ■ IntegrationAdmin ■ IntegrationDeployer ■ IntegrationMonitor ■ IntegrationOperator For information on configuring administrative security, see Configuring Administrative Security: Main Steps in the Oracle Fusion Middleware Developers Guide for Oracle Service Bus. For information on how to manage Oracle Service Bus users, groups, and roles using the Oracle Service Bus Administration Console, see Security Configuration in the Oracle Fusion Middleware Administrators Guide for Oracle Service Bus.

3.3.4.6 Transport-Level Security