To make message flows between client and server secure,
we need to maintain following Policies
1> Authentication - Check whether the user is authenticated
2> Integrity - Check whether message is being altered
3> Confidentiality - Check whether message is being encrypted
Using OWSM you can apply all of the above policies.
Use any one step below to apply authentication :
1> Active Directory Authenticate
2> File Authenticate
3> Ldap Authenticate and others...
Here there are two things to be considered,
one is authenication and other is authorization.
Authentication is simply checking whether the user is providing the right username and password or not...but second thing that is Authorization, meaning whether the person has permission to access particular operation or not.
OWSM allows you to manage authorization also using:
1> Active Directory Authorize
2> File Authorize
3> Ldap Authorize
4> Oracle Access Manager Authenticate Authorize and others...
Everything is happening at OWSM, dont need to worry about...
Next comes Integrity
Sign the message, so nobody can alter it...forcing integrity..
OWSM provides option to sign the message...
SIGN it with your private key on one side...
on the other side VERIFY SIGNATURE with your public key
Next is Confidentiality
The message should not be readable.....no spy can see what are you sending....
Encrypt it using XML Encryption in OWSM...
Decrypt it on other side using XML Decryption....
Applying above policies makes your transaction highly secure...
Just do it...
Lalit has perspicaciously brought to fore how simple it is to secure your resources using OWSM. For those wondering if OWSM is the only ray of hope, rest assured. There is more. You might as well use JDeveloper and secure your resources, creating keystores to store the keys, certificates etc. Then you can go ahead and add all those that Lalit talked about - authentication, authorization and so on. It is a little cubersome though, and is recommended only if you dont have OWSM. If you have OWSM, nothing like it.
ReplyDelete