Question: When we need to secure our services?
Answer: Security only require when we expose our services to external world.
Question: How we implement security in SOA Suite tool?
Answer: We use OWSM to implement security in SOA Suite tool.
Question: What is OWSM?
Answer: OWSM stands for Oracle Web Service Manager. Oracle Web Services Manager offers a comprehensive and easy-to-use solution for policy management and security of service infrastructure. It is a standalone platform for securing and managing access to web services.
Question: Do we need to install OWSM?
Answer: Yes, we need to check OWSM option while creating a domain so that we can use predefine policies.
Question: How we can add OWSM policies to SOA Composite?
Answer: We can add OWSM policies to SOA composites by following ways.
1. Through policy annotations at design time using JDeveloper
2. Via the Administration Console at runtime
3. Via Fusion Middleware Control or WLST
Question: How we categories the policies?
Answer: We categories policies to two types. One Service policy and other Client policy.
Question: When we call secured web service from SOA, which policy we will use “Client” or “Service”?
Answer: When we call secured web service from SOA then we add “Client” policy to reference partner link and when we want to secure our web service then we use “Service” policy.
Question: Can we attach OWSM policy to multiple composites to secure composites?
Answer: yes, we can apply one policy to all composites in one domain using policy sets.
Question: what is the scope of Policy Sets or where we can apply Policy sets ?
Answer: Below is the scope of Policy Sets.
Domain: all policy subjects of the specified type in a domain
Application or Partition : all policy subjects of the specified type in an application or SOA partition
Application module or SOA composite : all policy subjects of the specified type in an application module or SOA composite
Service or reference: all policy subjects of the specified type in a SOA service or reference
Port or component: all policy subjects of the specified type in a port or SOA component