Oracle Web Services Manager

More Information
  • Secure web services
  • Use Oracle WSM to configure web services security
  • Deploy Oracle WSM into production
  • Leverage Oracle WSM to address the key security issues of confidentiality, integrity, authentication, and authorization
  • Create Custom Policy to address any new Security implementation
  • Encrypt and decrypt messages
  • Understand the basics of enterprise Security – Web Services, SSO, and Token Service

Chapter 1 gives an introduction to web services security – the need for it, what are the security options, and even a quick look at Return on Investment in web services security

Chapter 2 discusses the need for centralized management of web services, policy definition, and policy enforcement with a quick introduction to Oracle Web Services Manager.

In the first two chapters we discussed the need for web services security and in Chapter 3 we take a closer look at the architecture of Oracle Web Services Manager and how to address the web services security requirements.

In Chapter 4 we explore how Oracle WSM can be leveraged to authenticate and authorize web services requests.

In Chapter 5 we take a closer look at how we can leverage Oracle WSM to protect the confidentiality of messages.

In Chapter 6 we describe in detail how to digitally sign and verify messages in web services using Oracle Web Services Manager.

In Chapter 7 we will take a look at how to implement a custom policy step in Oracle Web Services Manager.

In Chapter 8 we discuss the various components of Oracle WSM and how they can be deployed to ensure high availability and scalability.

Chapter 9 discusses in detail how to manage the OWSM environment from an operational stand point i.e. how the monitoring works.

In web Services, encrypted XML is represented in an interoperable standard format such as XML Encryption; in Chapter 10 we take a closer look at the XML Encryption standard from W3C.

In Chapter 11 we take a closer look at XML Signature Specification from W3C. XML Signature is an interoperable industry standard that addresses how digitally signed messages are represented or described in an XML format and OWSM can digitally sign and verify web service messages.
In Chapter 12 we discuss the importance of digitally signing and encrypting the same message or data element and how to implement this using Oracle Web Services Manager.

In Chapter 13 we take a closer look at the Integrated Web Services Security Solution.


Web services (WS) provide a simple, standardized way to connect applications over the Internet, however they require management of security and other run-time operations to work effectively. Oracle Web Services Manager is a software solution for managing the operations of web services and the interactions between these services.

This book explains the business reasons why web services security is required and gives an architectural overview of WS Security for an enterprise. It then provides details about the Oracle Web Service Manager product and how it can be leveraged to address the key security issues of Confidentiality, Integrity, Authentication, and Authorization. Whilst addressing these key issues, the book describes them fully with examples. It ends with a couple of unique features: one is the various options available for a successful deployment and the other is an explanation, in depth, of how the security components work.

  • Secure your web services using Oracle WSM
  • Authenticate, Authorize, Encrypt, and Decrypt messages
  • Create Custom Policy to address any new Security implementation
  • Deal with the issue of propagating identities across your web applications and web services
  • Detailed examples for various security use cases with step-by-step configurations
Page Count 236
Course Length 7 hours 4 minutes
ISBN 9781847193834
Date Of Publication 9 Jul 2008


Sitaraman Lakshminarayanan

Sitaraman Lakshminarayanan is an Enterprise Architect with over 11 years of IT experience in implementing Software solutions based on Microsoft and Java platforms. His area of interest is in Enterprise Architecture, Application Integration, and Information security and he specializes in Identity & Access Management, Web Services, and SOA. He is a co-author of ASP.NET Security (Wrox publications) and has presented at regional and International conferences on Web Services Security and Identity Management.