By Naresh Persaud-Oracle on Feb 23, 2012
As organizations adopt external authorization, one of the more urgent applications for the technology is securing SOA services. Most SOA services are created to serve data. When SOA services are created the developers are unable to forecast what attribute data will need to be secure in the future. If SOA services were refactored to address all of the security permutations required by privacy and compliance laws, there would be an excessive number of services and the result would be un-manageable. For example, a "getPatient" service would need to have several different versions to filter private patient data depending on if the viewer of the information was a doctor, a nurse or a pharmacist. While the doctor should be able to see previous diagnosis codes, the pharmacist shouldn't have this information. The hospital administrator wouldn't want the nurse or the pharmacist to have the patient's private address information. The problem is more challenging when the legal and regulatory rules change on private data. For example, a recent court ruling in California found that zip codes could be considered PII ( Personally, Identifiable, Information). How can an organization quickly change the authorization to data to address the security and regulatory pressure? This is a job for the Oracle Enterprise Gateway (OEG).
Some Highlights of OEG:
DMZ-class security—Delivers critical protection needed between un-trusted and trusted zones by providing DMZ-class security and a comprehensive threat defense system at the service perimeter to SOA and Cloud environments.
Certified on Oracle Fusion Middleware—Offers out-of-the-box integrations with Oracle SOA Suite, Oracle SOA Governance Solution, Oracle Identity Management, and Oracle Enterprise Manager.
SOA & Cloud ready—Secures and improves efficiency of SOA infrastructures on-premise or in the cloud by mediating traffic in different data formats such as SOAP, REST, XML, and others. OEG also manages connections to the enterprise, partners, and 3rd party cloud services.
To learn more about Oracle Enterprise Gateway and how it can be utilized in conjunction with Oracle Entitlements Server, register for this SANS webcast.