OWSM lays the foundation to implement security through runtime enforcement and declarative policy attachment for different types of use case scenarios. For instance, OWSM has policies supporting Security Assertion Markup Language (SAML) token profiles, Kerberos, Web Service Security (WSS) 1.0/1.1, and Secure Socket Layer (SSL), allowing you to easily attach policies for security, auditing, and management of components, services, and references in a composite as well as any standalone web services deployed to the infrastructure. It also provides consistency and ease of use in such a way that developers can attach a particular security policy at design time and system administrators can prepare the infrastructure for the policies to work. Security policies can be attached to any web service-based client apart from all the artifacts in the service composite assembly.

The policy framework is built using the Web Services...