PacktLib: Oracle Web Services Manager

Oracle Web Services Manager

Credits

About the Author

About the Reviewers

Preface

Introduction to Web Services Security

The Need for Web Services Security

Security Challenges in a Web Services Environment

The Need for Identity Propagation from Calling Application to Web Services

Why HTTPS Based Security Is Not Enough

Components of Web Services Security

Return on Investment

Summary

Web Services Security—Architectural Overview

Overview of XML Security Standards

Overview of WS-Security Standards

Implementing WS-*Security in Applications

Centralized Management of WS-*Security

Introduction to Oracle Web Services Manager

Summary

Architecture Overview of Oracle WSM

Oracle WSM Architecture

Oracle WSM Policy Manager

Oracle WSM Gateway

Summary

Authentication and Authorization of Web Services Using Oracle WSM

Oracle WSM: Authentication and Authorization

Oracle WSM: Policy Template

Oracle WSM: Sample Application AD Authentication

Summary

Encrypting and Decrypting Messages in Oracle WSM

Overview of Encryption and Decryption

Encryption and Decryption with Oracle WSM

Oracle WSM Sample Application Overview

Oracle WSM Encryption and Decryption Policy

Summary

Digitally Signing and Verifying Messages in Web Services

Overview of Digital Signatures

Digital Signatures in Web Services

Signature Generation Using Oracle WSM

Signature Generation and Verification Example

Summary

Oracle WSM Custom Policy Step

Overview of Oracle WSM Policy Steps

Implementing a Custom Policy Step

Custom Policy Step Example: Restrict Access Based on IP Address to the Specified Method

Summary

Deployment Architecture

Oracle WSM Components

Summary

Oracle WSM Runtime-Monitoring

Oracle WSM Operational Management

Oracle WSM Overall Statistics

Oracle WSM Security Statistics

Oracle WSM Service Statistics

Oracle WSM Custom Views

Oracle WSM Alarms

Summary

XML Encryption

XML Encryption and Web Services

XML Encryption Schema

Summary

XML Signature

XML Signature and Web Services

XML Signature Schema

Summary

Sign and Encrypt

Overview of Sign and Encrypt

Signing and Encrypting Message

Sign and Encrypt by Example

Summary

Enterprise Security — Web Services and SSO

Web Services Security Components

Authentication, Authorization and Credential Stores

Integrating with Web Access Management Solution

Summary