Oracle has a number of products delivered through a range of product suites that provide a mix and match component architecture to deliver SOA across the enterprise.

Oracle Web Services Manager(OWSM) offers a comprehensive and easy-to-use solution for policy management and security of service infrastructure. It provides visibility and control of the policies through a centralized administration interface offered by Oracle Enterprise Manager

Secure SOA Service Using Oracle Web Service Manager(OWSM)

When we expose our SOA services to external world to send or receive data, we should ensure that the service is protected and can not be executed by everyone. This means that SOA services needs to be secured.

To secure our SOA services we use OWSM. OWSM contains some security policies that we can attach to our composite and make it secure.

The OWSM policies can be applied to the SOA Services at the design time or after deployment to the SOA server.

Why secure your services?

There is a broad list of security aspects to consider:

• Authentication
• Authorization
• Spoofing
• Tampering
• Repudiation
• Information Disclosure
• Denial of Service
• Replay attacks
• Virus attacks and Intrusion Detection

Where does OWSM fit?

Layered Security Approach

• Randomized Passwords
• Scheduled Expiration
• Encryption of sensitive data
• Over the wire
• On storage media
• Authorization
• Authentication

Oracle Web Services Manager (OWSM) provides a scalable, standard-based, centrally managed approach to securing your SOA environment with WS-Security policies while leveraging your existing security providers. OWSM provides a runtime framework for security policy creation, management and governance. You create policies, attach them to services in Oracle Service Bus, and enforce those policies at various points in the messaging life cycle with OWSM agents.

Aarisha Inc has extensive experience in delivering a strategy based on SOA and then incrementally delivering this strategy on the Oracle SOA product range. We have experience in implementing OWSM built-in policies as well as custom developed policies to integrate securely the heterogeneous components of an architecture.