product iamge

Oracle Web Services Manager: Securing your Web Services

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Download
Search on Amazon

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

In Detail

Web services (WS) provide a simple, standardized way to connect applications over the Internet, however they require management of security and other run-time operations to work effectively. Oracle Web Services Manager is a software solution for managing the operations of web services and the interactions between these services.

This book explains the business reasons why web services security is required and gives an architectural overview of WS Security for an enterprise. It then provides details about the Oracle Web Service Manager product and how it can be leveraged to address the key security issues of Confidentiality, Integrity, Authentication, and Authorization. Whilst addressing these key issues, the book describes them fully with examples. It ends with a couple of unique features: one is the various options available for a successful deployment and the other is an explanation, in depth, of how the security components work.

What you will learn from this book?

  • Secure web services
  • Use Oracle WSM to configure web services security
  • Deploy Oracle WSM into production
  • Leverage Oracle WSM to address the key security issues of confidentiality, integrity, authentication, and authorization
  • Create Custom Policy to address any new Security implementation
  • Encrypt and decrypt messages
  • Understand the basics of enterprise Security - Web Services, SSO, and Token Service

Approach

This book is an easy-to-follow reference tutorial that explains how to use Oracle WSM to address various security use cases with detailed step-by-step examples to learn Oracle Web Service Manager.

Who this book is written for?

This is the book for those who want to learn how to:
  • Secure web services
  • Use Oracle WSM to configure web services security
It is mainly for Developers and Architects who want to learn how to use Oracle WSM to address the security challenges of web services and those who want to learn how to use Oracle WSM to address their security needs. If you have a basic knowledge of web services then this book will help you understand the need for security and how to use Oracle WSM to address the security challenges.

Author(s): Sitaraman Lakshminarayanan
Publisher: Packt
Year: 2008

Language: English
Pages: 231

Oracle Web Services Manager......Page 1
Table of Contents......Page 12
Preface......Page 18
The Need for Web Services Security......Page 22
Security Challenges in a Web Services Environment......Page 23
The Need for Identity Propagation from Calling Application to Web Services......Page 24
Why HTTPS Based Security Is Not Enough......Page 26
Authorization......Page 27
Return on Investment......Page 28
Summary......Page 29
Overview of XML Security Standards......Page 30
Closer Look at SOAP Messages......Page 31
Authentication......Page 32
Confidentiality......Page 34
Integrity......Page 37
Overview of WS-Security Standards......Page 40
Implementing WS-*Security in Applications......Page 41
The Need for Centralizing WS-*Security Operations......Page 44
Introduction to Oracle Web Services Manager......Page 45
Summary......Page 46
Oracle WSM Architecture......Page 48
Authorization......Page 50
Integrity and Non-Repudiation......Page 51
Policy Steps and Pipeline Templates......Page 52
Oracle WSM Gateway......Page 54
Proxy, or Exposing Internal Service to External Business Partner, or Outside of Intranet......Page 55
Transport Protocol Translation......Page 57
Content Routing......Page 58
Summary......Page 59
Oracle WSM: Authentication and Authorization......Page 60
Oracle WSM: File Authenticate and Authorize......Page 62
Oracle WSM: Active Directory Authenticate and Authorize......Page 66
Oracle WSM: Policy Template......Page 69
Oracle WSM: Sample Application AD Authentication......Page 70
Registering The Web Service with Oracle WSM......Page 71
Creating The Security Policy......Page 75
Oracle WSM Test Page as Client Application......Page 81
Microsoft .NET Client Application......Page 84
Summary......Page 89
Symmetric Cryptography......Page 90
Oracle WSM and Encryption......Page 91
Encryption and Decryption with Oracle WSM......Page 92
Internal Working of the XML Encrypt Policy Step......Page 94
Oracle WSM Sample Application Overview......Page 97
Oracle WSM Encryption and Decryption Policy......Page 98
Creating the Security Policy......Page 102
Oracle WSM Test Page as Client Application......Page 108
Microsoft .NET Client Application......Page 113
Summary......Page 119
Overview of Digital Signatures......Page 120
Digital Signatures in Web Services......Page 121
Sign Message Policy Step......Page 122
Reference Element......Page 126
Signature Generation and Verification Example......Page 127
Registering Web Service with Oracle WSM......Page 128
Signature Verification by Oracle WSM......Page 131
Signature Generation by Oracle WSM......Page 135
Oracle WSM Test Page as Client Application......Page 137
Microsoft .NET Client Application......Page 139
Summary......Page 145
Overview of Oracle WSM Policy Steps......Page 146
Implementing a Custom Policy Step......Page 148
Extending the AbstractStep Class......Page 149
Step Template XML File Creation......Page 150
Custom Policy Step Example: Restrict Access Based on IP Address to the Specified Method......Page 153
Extending the AbstractStep......Page 154
Testing the Custom Policy Step......Page 163
Summary......Page 165
Oracle WSM Components......Page 166
Addressing High Availability......Page 167
Installation......Page 168
Disabling Unnecessary Components......Page 169
Mapping Component ID on Host1 and Host2......Page 170
Summary......Page 171
Oracle WSM Operational Management......Page 172
Oracle WSM Overall Statistics......Page 173
Oracle WSM Security Statistics......Page 176
Oracle WSM Service Statistics......Page 177
Oracle WSM Custom Views......Page 179
Oracle WSM Alarms......Page 183
Summary......Page 185
XML Encryption and Web Services......Page 186
XML Encryption Schema......Page 187
EncryptedData......Page 189
EncryptionMethodType......Page 190
CipherData Element......Page 191
EncryptedKey Element......Page 192
KeyInfo Element......Page 193
Summary......Page 194
XML Signature and Web Services......Page 196
XML Signature Schema......Page 197
Signature Element......Page 200
SignedInfo Element......Page 201
Reference Element......Page 202
Transforms Element......Page 203
Summary......Page 204
Overview of Sign and Encrypt......Page 206
Signing and Encrypting Message......Page 207
Example Overview......Page 212
Time Web Service: Decrypt and Verify Signature......Page 213
Beauty of Oracle WSM Gateway: Sign And Encrypt by Oracle WSM......Page 214
Service Provider:......Page 215
Sign And Encrypt Policy......Page 216
Summary......Page 217
Web Services Security Components......Page 218
Authentication, Authorization and Credential Stores......Page 219
Integrating with Web Access Management Solution......Page 220
Security Token Service: Bridging the GAP between WAM and Oracle WSM......Page 223
Integrated Security Architecture......Page 225
Summary......Page 226
Index......Page 228