Since the 11g release, OWSM has been integrated with SOA Suite. This means you now have a greater ease of managing web service policies for security and administration of your SOA components. OWSM defines security through externally defined policies that are applied to the web service components at invocation time rather than applying security during implementation. At the server side, a security policy attached to the consumer adds the required security token to the SOAP header and performs assertions specified in the policy. At the provider side, an equivalent policy pair validates all the security tokens and delegates the assertion to the Oracle Platform Security Services (OPSS) layer, discussed shortly, which then verifies its validity against the configured identity store. Most of the security related configuration and administration can be done through Oracle Enterprise Manager Fusion Middleware Control.

A set of predefined security...