Oracle Web Services Manager


Oracle Web Services Manager
eBook: $35.99
Formats: PDF, PacktLib, ePub and Mobi formats
$25.19
save 30%!
Print + free eBook + free PacktLib access to the book: $95.98    Print cover: $59.99
$59.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Overview
Table of Contents
Author
Support
Sample Chapters
  • Secure your web services using Oracle WSM
  • Authenticate, Authorize, Encrypt, and Decrypt messages
  • Create Custom Policy to address any new Security implementation
  • Deal with the issue of propagating identities across your web applications and web services
  • Detailed examples for various security use cases with step-by-step configurations

Book Details

Language : English
Paperback : 236 pages [ 235mm x 191mm ]
Release Date : July 2008
ISBN : 1847193838
ISBN 13 : 9781847193834
Author(s) : Sitaraman Lakshminarayanan
Topics and Technologies : All Books, Enterprise Products and Platforms, Oracle Fusion Middleware, Enterprise, Oracle, Web Services


Table of Contents

Preface
Chapter 1: Introduction to Web Services Security
Chapter 2: Web Services Security—Architectural Overview
Chapter 3: Architecture Overview of Oracle WSM
Chapter 4: Authentication and Authorization of Web Services Using Oracle WSM
Chapter 5: Encrypting and Decrypting Messages in Oracle WSM
Chapter 6: Digitally Signing and Verifying Messages in Web Services
Chapter 7: Oracle WSM Custom Policy Step
Chapter 8: Deployment Architecture
Chapter 9: Oracle WSM Runtime-Monitoring
Chapter 10: XML Encryption
Chapter 11: XML Signature
Chapter 12: Sign and Encrypt
Chapter 13: Enterprise Security—Web Services and SSO
Index
  • Chapter 1: Introduction to Web Services Security
    • The Need for Web Services Security
    • Security Challenges in a Web Services Environment
    • The Need for Identity Propagation from Calling Application to Web Services
    • Why HTTPS Based Security Is Not Enough
    • Components of Web Services Security
      • Authentication
      • Authorization
      • Confidentiality
      • Integrity
    • Return on Investment
    • Summary
  • Chapter 2: Web Services Security—Architectural Overview
    • Overview of XML Security Standards
      • Closer Look at SOAP Messages
      • Authentication
      • Confidentiality
      • Integrity
    • Overview of WS-Security Standards
    • Implementing WS-*Security in Applications
    • Centralized Management of WS-*Security
      • The Need for Centralizing WS-*Security Operations
      • Benefits of Centralizing Web Services Security Operations
    • Introduction to Oracle Web Services Manager
    • Summary
  • Chapter 3: Architecture Overview of Oracle WSM
    • Oracle WSM Architecture
    • Oracle WSM Policy Manager
      • Overview of Oracle WSM Policy Manager
        • Authentication
        • Authorization
        • Confidentiality
        • Integrity and Non-Repudiation
        • Policy Steps and Pipeline Templates
      • Relationship Between Policy and Service
    • Oracle WSM Gateway
      • Proxy, or Exposing Internal Service to External Business Partner, or Outside of Intranet
      • Transport Protocol Translation
      • Content Routing
    • Summary
  • Chapter 4: Authentication and Authorization of Web Services Using Oracle WSM
    • Oracle WSM: Authentication and Authorization
      • Oracle WSM: File Authenticate and Authorize
      • Oracle WSM: Active Directory Authenticate and Authorize
    • Oracle WSM: Policy Template
    • Oracle WSM: Sample Application AD Authentication
      • Web Service Security Policy
        • Registering The Web Service with Oracle WSM
        • Creating The Security Policy
        • Commit The Policy
      • Oracle WSM Test Page as Client Application
      • Microsoft .NET Client Application
    • Summary
  • Chapter 5: Encrypting and Decrypting Messages in Oracle WSM
    • Overview of Encryption and Decryption
      • Symmetric Cryptography
      • Asymmetric Cryptography
      • Oracle WSM and Encryption
    • Encryption and Decryption with Oracle WSM
      • Encryption Algorithm
      • Key Transport Algorithm
      • Internal Working of the XML Encrypt Policy Step
    • Oracle WSM Sample Application Overview
    • Oracle WSM Encryption and Decryption Policy
      • Creating the Security Policy
    • Oracle WSM Test Page as Client Application
    • Microsoft .NET Client Application
  • Summary
  • Chapter 6: Digitally Signing and Verifying Messages in Web Services
    • Overview of Digital Signatures
    • Digital Signatures in Web Services
    • Signature Generation Using Oracle WSM
      • Sign Message Policy Step
      • Internals of Sign Message Policy Step
        • Reference Element
        • SignedInfo Element
        • Signature
    • Signature Generation and Verification Example
      • Registering Web Service with Oracle WSM
      • Signature Verification by Oracle WSM
      • Signature Generation by Oracle WSM
      • Oracle WSM Test Page as Client Application
      • Microsoft .NET Client Application
    • Summary
  • Chapter 7: Oracle WSM Custom Policy Step
    • Overview of Oracle WSM Policy Steps
    • Implementing a Custom Policy Step
      • Extending the AbstractStep Class
      • Deploying the Custom Policy Step
      • Step Template XML File Creation
    • Custom Policy Step Example: Restrict Access Based on IP Address to the Specified Method
      • Extending the AbstractStep
      • Testing the Custom Policy Step
    • Summary
  • Chapter 8: Deployment Architecture
    • Oracle WSM Components
      • Addressing Oracle WSM Scalability
      • Addressing High Availability
        • Installation
        • Disabling Unnecessary Components
        • Mapping Component ID on Host1 and Host2
      • Configuring Oracle WSM Monitor on Host3
    • Summary
  • Chapter 9: Oracle WSM Runtime-Monitoring
    • Oracle WSM Operational Management
    • Oracle WSM Overall Statistics
    • Oracle WSM Security Statistics
    • Oracle WSM Service Statistics
    • Oracle WSM Custom Views
    • Oracle WSM Alarms
    • Summary
  • Chapter 10: XML Encryption
    • XML Encryption and Web Services
    • XML Encryption Schema
      • EncryptedData
        • EncryptionMethodType
        • EncryptionMethodType Schema
        • CipherData Element
      • EncryptedKey Element
      • KeyInfo Element
    • Summary
  • Chapter 11: XML Signature
    • XML Signature and Web Services
    • XML Signature Schema
      • Signature Element
      • SignedInfo Element
        • Reference Element
        • Transforms Element
      • KeyInfo Element
    • Summary
  • Chapter 12: Sign and Encrypt
    • Overview of Sign and Encrypt
    • Signing and Encrypting Message
    • Sign and Encrypt by Example
      • Example Overview
      • Time Web Service: Decrypt and Verify Signature
      • Beauty of Oracle WSM Gateway: Sign And Encrypt by Oracle WSM
        • Service Provider:
        • Service Consumer:
        • Sign And Encrypt Policy
    • Summary
  • Chapter 13: Enterprise Security—Web Services and SSO
    • Web Services Security Components
    • Authentication, Authorization and Credential Stores
    • Integrating with Web Access Management Solution
      • Security Token Service: Bridging the GAP between WAM and Oracle WSM
        • Integrated Security Architecture
    • Summary

Sitaraman Lakshminarayanan

Sitaraman Lakshminarayanan is an Enterprise Architect with over 11 years of IT experience in implementing Software solutions based on Microsoft and Java platforms. His area of interest is in Enterprise Architecture, Application Integration, and Information security and he specializes in Identity & Access Management, Web Services, and SOA. He is a co-author of ASP.NET Security (Wrox publications) and has presented at regional and International conferences on Web Services Security and Identity Management.

Sorry, we don't have any reviews for this title yet.

Code Downloads

Download the code and support files for this book.


Submit Errata

Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.


Errata

- 1 submitted: last submission 24 May 2013

Errata type: Grammar | Page number: 156

Since the data regarding all the statistics can be huge, the it is automatically purged every 100 minutes. should be changed to: Since the data regarding all the statistics can be huge, it is automatically purged every 100 minutes.

 

Sample chapters

You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

Frequently bought together

Oracle Web Services Manager +    Governance, Risk, and Compliance Handbook for Oracle Applications =
50% Off
the second eBook
Price for both: $56.25

Buy both these recommended eBooks together and get 50% off the cheapest eBook.

What you will learn from this book

  • Secure web services
  • Use Oracle WSM to configure web services security
  • Deploy Oracle WSM into production
  • Leverage Oracle WSM to address the key security issues of confidentiality, integrity, authentication, and authorization
  • Create Custom Policy to address any new Security implementation
  • Encrypt and decrypt messages
  • Understand the basics of enterprise Security – Web Services, SSO, and Token Service

Chapter 1 gives an introduction to web services security – the need for it, what are the security options, and even a quick look at Return on Investment in web services security

Chapter 2 discusses the need for centralized management of web services, policy definition, and policy enforcement with a quick introduction to Oracle Web Services Manager.

In the first two chapters we discussed the need for web services security and in Chapter 3 we take a closer look at the architecture of Oracle Web Services Manager and how to address the web services security requirements.

In Chapter 4 we explore how Oracle WSM can be leveraged to authenticate and authorize web services requests.

In Chapter 5 we take a closer look at how we can leverage Oracle WSM to protect the confidentiality of messages.

In Chapter 6 we describe in detail how to digitally sign and verify messages in web services using Oracle Web Services Manager.

In Chapter 7 we will take a look at how to implement a custom policy step in Oracle Web Services Manager.

In Chapter 8 we discuss the various components of Oracle WSM and how they can be deployed to ensure high availability and scalability.

Chapter 9 discusses in detail how to manage the OWSM environment from an operational stand point i.e. how the monitoring works.

In web Services, encrypted XML is represented in an interoperable standard format such as XML Encryption; in Chapter 10 we take a closer look at the XML Encryption standard from W3C.

In Chapter 11 we take a closer look at XML Signature Specification from W3C. XML Signature is an interoperable industry standard that addresses how digitally signed messages are represented or described in an XML format and OWSM can digitally sign and verify web service messages.
 
In Chapter 12 we discuss the importance of digitally signing and encrypting the same message or data element and how to implement this using Oracle Web Services Manager.

In Chapter 13 we take a closer look at the Integrated Web Services Security Solution.

In Detail

Web services (WS) provide a simple, standardized way to connect applications over the Internet, however they require management of security and other run-time operations to work effectively. Oracle Web Services Manager is a software solution for managing the operations of web services and the interactions between these services.

This book explains the business reasons why web services security is required and gives an architectural overview of WS Security for an enterprise. It then provides details about the Oracle Web Service Manager product and how it can be leveraged to address the key security issues of Confidentiality, Integrity, Authentication, and Authorization. Whilst addressing these key issues, the book describes them fully with examples. It ends with a couple of unique features: one is the various options available for a successful deployment and the other is an explanation, in depth, of how the security components work.

This book not only describes the need for web services security but also explains, with detailed examples, how to define security policies and enforce those policies using Oracle Web Services Manager (WSM).

This book emphasizes how to use Oracle WSM to address various security use cases with detailed step-by-step examples to learn Oracle Web Service Manager.

Approach

This book is an easy-to-follow reference tutorial that explains how to use Oracle WSM to address various security use cases with detailed step-by-step examples to learn Oracle Web Service Manager.

Who this book is for

This is the book for those who want to learn how to:

  • Secure web services
  • Use Oracle WSM to configure web services security

It is mainly for Developers and Architects who want to learn how to use Oracle WSM to address the security challenges of web services and those who want to learn how to use Oracle WSM to address their security needs.

If you have a basic knowledge of web services then this book will help you understand the need for security and how to use Oracle WSM to address the security challenges.

Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software