In this chapter, we will cover:
Security has always played and still plays an important role in today's information-driven business processes. Consumers of information must know who sent the information and whether it has not been changed or read by others. Only then can they trust the message and do the transaction.
When thinking about security it's important to distinguish between Transport and Message-level security.
Transport-level security represents a technique where the underlying operating system or application servers are handling security features. Recipes for transport-level security are covered in the next chapter
Message-level security represents a technique where all information related to security is encapsulated in the message. This is what WS-Security specifies for web services. Securing messages using message-level security instead of using transport-level security has several advantages that includ:
Oracle Service Bus (OSB) supports both Transport and Message-level security. The level of security available on the OSB is dependent on the transport protocol used.
In this chapter, we will only cover Message-level security related recipes. The recipes for Transport-level security are covered in the next chapter.
Security in the OSB is handled by the Oracle Web Service Manager (OWSM). OWSM was introduced in the 11gR1 version of the OSB. Before 11gR1, we could only use the WLS 9.2 policies. Oracle recommends using the OWSM policies because in the next major releases of OSB, the old WLS 9.2 policies will no longer be supported.