Securing SOA composite applications
Oracle SOA Suite 11g uses a policy-based model to centrally manage and secure Web Services across an organization. This functionality is provided by the Oracle Web Services Manager (OWSM), which is integrated into the SOA Infrastructure and implements an interceptor-based framework for enforcing security policies. It also enables end-to-end identity propagation inside composite applications. Policies can be declaratively managed (attached or detached) by developers in a design-time environment (using JDeveloper) and system administrators in a runtime environment (using EM Console). Policies can be attached to binding components (services and references) and service components.
Each policy consists of one or more assertions. The assertions are executed in the same order in which they appear in the policy. We can use one of many predefined policies, modify these policies, or create our own policies.
The following policy categories are supported:
Security...
