End2End WS-Security with Oracle ESB (OESB)
Talking about SOA means talking about messages flowing all around the systems in the whole enterprise. Heterogeous systems exchange messages through the messaging infraestructure in place with local and/or external networks (when consuming external services, providing services to the internet, etcetera). In this situation P2P (point to point) security techniques like SSL are no more able to meet the security needs. So, how can those messages flow securely from consumer to provider and vice-versa?? That's what security techniques like XML encryption and XML digital signature have been created for.
One of the facts that the digital signature provides you with is data integrity. So, in case you have to use it you need to ensure the message is being transfered EXACTLY "as is" all way long. By default, this does not happen when using Oracle ESB as a mediator but this behaviour can now be changed using the 10.1.3.4.0 MLR#3 patchset.
In order to achieve the later, a new property has been defined for routing services: the "passthrough" property. Setting this property to true makes the ESB to send exactly the same message it has received thus making it happen. For more information take a look at bug #6811827 in Metalink.
