Monday Jun 01, 2015

Protecting Sensitive Data in Oracle SOA Suite 12c by Jennie DeRosa

clip_image001

Given the recent security breaches, data security should always be a concern when designing and creating IT solutions. In particular, what are some considerations that should be made when implementing a solution within the Oracle SOA Suite? Is it sufficient to protect the data using WS-Security/SSL or is additional security needed? If you have sensitive data traversing through the SOA Suite then additional security must be considered.

As noted within the National Institute Standards and Technology (NIST) publication, ‘to appropriately protect the confidentiality of personally identifiable information (PII), organizations should use a risk-based approach’. To understand what is considered PII, or sensitive data, along with recommendations to protect PII read Guide to Protecting the Confidentiality of Personally Identifiable Information.

WS-Security and SSL only will protect data outside a SOA composite or Service Bus. Once the data hits either one of these, it is viewable in clear text within audit trails, console or logs. This means sensitive data is viewable within the console and log, causing this data to be unencrypted at rest. An example of this is shown below. Anyone with access to EM (Enterprise Manager) could view the sensitive data just by opening the audit trail of a process: Read the complete article here.

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki

Saturday Jan 31, 2015

API Catalog to Simplify API Management By Mala Ramakrishnan

Oracle is extending its API Management solution with a new product, API Catalog. This will give customers the ability to simplify the publication of API services that are developed in Oracle SOA Suite and other sources. Oracle API Catalog will be part of Oracle's broader API Management solution portfolio. Oracle API Catalog also integrates seamlessly with with Oracle Mobile Suite portfolio of products for mobile enablement. Oracle API Catalog harvests services in Oracle Fusion Middleware to allow one-click publish, submit ratings, or manage re-use across other consuming applications. Oracle's API Catalog is SOAP as well as REST/JSON compliant to easily support mobile mobile applications.

clip_image001

Here is a validation by one of our beta customers Peter Osborne, IT Technical Lead at LG&E and KU Services Company: "The Oracle API Catalog is a straightforward, easy-to-use governance tool for capturing what services exist, what these services do, and how they can be consumed. Within hours of installation, an organization can begin cataloging their SOAP and REST web services, regardless of the underlying service technology. The harvesting functionality provides a jump start on aggregating service details, while minimizing manual data entry and the risk of duplication and error. Finally, the included JDeveloper plug-in completes the lifecycle by providing a mechanism within JDeveloper to easily view and consume documented services."

To find out more information on Oracle API Catalog, visit us: Website and explore our Datasheet.

Thanks to Andre, Lucas and Luis for the first community feedback. Send us your feedback via twitter @soacommunity #APIcatalog12c & #OER12c

clip_image002André Evensen @anevensen ·  2h 2 hours ago

Harvesting services from WSDLs and publishing to #APIcatalog12c, works like a charm. @soacommunity #OracleSOA

clip_image004

clip_image002[1]André Evensen @anevensen ·  8h 8 hours ago

Newly released #APIcatalog12c installed on SOA Suite 12c. Next: Harvesting services! @soacommunity #OER12c

clip_image006

clip_image007Luis Augusto Weir @Luisw19 ·  10h 10 hours ago

Publish your #API in minutes with #OAC new killer tool to manage APIs @soacommunity @oracleace @OTNArchBeat http://tinyurl.com/oac12c

clip_image008Lucas Jellema @lucasjellema ·  11h 11 hours ago

Oracle Enterprise Repository 12c is available for download at http://www.oracle.com/technetwork/middleware/repository/overview/index.html … - including the brand new API Catalog @soacommunity

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki

Wednesday Jan 21, 2015

Critical Patch Update Advisory includes SOA Suite & BPM Suite – January 2015

Oracle Critical Patch Update Advisory - January 2015

A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to: Critical Patch Updates and Security Alerts for information about Oracle Security Advisories.

Affected Products and Versions include the following Fusion Middleware solutions:

Oracle Fusion Middleware, version(s) 10.1.3.5, 11.1.1.7, 11.1.2.1, 11.1.2.2, 12.1.2, 12.1.3
Oracle Access Manager, version(s) 11.1.1.5, 11.1.1.7, 11.1.2.1, 11.1.2.2
Oracle Adaptive Access Manager, version(s) 11.1.1.5, 11.1.1.7, 11.1.2.1, 11.1.2.2
Oracle BI Publisher, version(s) 10.1.3.4.2, 11.1.1.7
Oracle Business Intelligence Enterprise Edition, version(s) 10.1.3.4.2, 11.1.1.7
Oracle Containers for J2EE, version(s) 10.1.3.5
Oracle Directory Server Enterprise Edition, version(s) 7.0, 11.1.1.7
Oracle Exalogic Infrastructure, version(s) 2.0.6.2.0 (for all X2-2, X3-2, X4-2)
Oracle Forms, version(s) 11.1.1.7, 11.1.2.1, 11.1.2.2
Oracle GlassFish Server, version(s) 3.0.1, 3.1.2
Oracle HTTP Server, version(s) 10.1.3.5.0, 11.1.1.7.0, 12.1.2.0, 12.1.3.0
Oracle OpenSSO, version(s) 8.0 Update 2 Patch 5
Oracle Real-Time Decision Server, version(s) 11.1.1.7, RTD Platform 3.0.x
Oracle Reports Developer, version(s) 11.1.1.7, 11.1.2.2
Oracle SOA Suite, version(s) 11.1.1.7, 12.1.3.0
Oracle Waveset, version(s) 8.1.1
Oracle WebCenter Content, version(s) 11.1.1.8.0
Oracle WebLogic Portal, version(s) 10.0.1.0, 10.2.1.0, 10.3.6.0
Oracle WebLogic Server, version(s) 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, 12.1.3.0

For more information please visit the OTN here.

Note: Patch 20333237  is currently only limited available, please contact myself if you need to get access.

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki

Wednesday Jul 02, 2014

Fusion Middleware Summer Camps IV 2014 become trained in SOA Suite 12c & BPM Suite 12c

You are working on large Fusion Middleware opportunities & projects? Oracle is pleased to invite you to the Fusion Middleware Summer Camps IV by the SOA & BPM & WebLogic Partner Communities. The goal of the training is to support you in delivering a successful project. Most of the trainers are members of the Oracle Product Management Team.

Come to Lisbon to get a 5 days hands-on training in one of the following topics:

  • SOA Suite 12c hands-on
  • BPM Suite 12c hands-on
  • Mobile Framework Hackathon

Important: all trainings are hands-on and require a laptop with 8+ GB or more!

Registration is free of charge, except in case of cancellation fee € 150 or no-show fee €2000! Please read the registration page carefulfy before you register - make the right choice for your bootcamp (you can not change later). Please be aware that we will NOT answer questions via e-mail with details you can find at the registration page. If you are not yet a member, we would like to invite you to join the Oracle EMEA Partner Communities:

Social Media

Quotes from previous Middleware Summer Camps

  • “This is an amazing event to know in-depth the platform and know developers from different countries” David Elizarraraz
  • “An excellent meeting point of SOA BPM knowledge” Kai Schlüssler
  • “I will come back We want more!” Maria Joao Costa
  • “Good food, good weather, good people and excellent Oracle workshops, One of the weeks of the year” Joao Biachi
  • “A big thank you to Juergen for the Oracle FMW camp last week in Lisbon. Great event, great organization and great fun! Keep up the great work!” Niall Commiskey
  • “The best ideas are the ideas from the best” Filipe Sequeria, Primesoft
  • “Best invest in the education in the last 12 months” Richard Schaller, IPT
  • “Practice best practice with the best instructor”  Graham Lamond Capgemini
  • “If you have basic BPM knowledge, this is the course to really mater it” Diogo Henriques Link Consulting
  • “Very good trainers lot of work. Lot of fun as well” Matthias Gris Workflow Factory
  • “If you like to accelerate in Oracle come to the training to bring it all together” Marcel van der Glind, Amis
  • “The best way to learn Fusion Middleware from the #1.  Alexandro Montantes, STO Consulting
  • “Excellent training, well organized” Pedro Antunh, Capgemini

Register for Event

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki

Tuesday Jul 01, 2014

ACT on Marketing Campaign “Middleware Consolidation and Innovation Program”

Do you want to run a SOA Suite 12c or BPM Suite 12c launch event?

Do you want marketing budget to run joint Oracle Fusion Middleware 12c events?

Participate in the OFM ACTon Campaign. The opportunity for you as a partners is to :


  • Create larger deals by reselling software and systems e.g. WebLogic on ODA, SOA on ODA, Exalogic for AppAdvantage
  • Create more service revenue at our existing customer, by consolidation and migration of application servers platforms. Extend and innovate platforms e.g. mobile integration big data or business process automation
  • Create service business at new customers, more than 120.000 customers use middleware today!

The objective of the initiative is to run joint events for our middleware customers and

  • Generate re-sell middleware license revenue  in the broad market
  • Generate Service revenue for partners
  • Prepare partners to understand upgrade and upsell opportunities to Oracle Fusion Middleware 12c

Get the ACT on Marketing Campaign kit here

At our SOA Community Workspace (SOA Community membership required) you can learn details about the campaign: Middleware Consolidation and Innovation_Act-On Program_Salesplay and the OFM ACTon event Brief
Interested and want to participate? Contact your local Value Added Distributer and he will work with you on a joint campaign plan!

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki

Monday Jun 30, 2014

Working with Oracle Security Token Service in an Architecture Involving Oracle WebLogic and Oracle Service Bus by Ronaldo Fernandes

Using Oracle Security Token Service to generate Security Assertion Markup Language (SAML) tokens.

Downloads

download-icon13-1Oracle Security Token Service
download-icon13-1Oracle WebLogic Server
download-icon13-1Oracle Service Bus

Recently, I've worked on a proof of concept for the use of Oracle Security Token Service (OSTS) in an architecture involving Oracle Fusion Middleware, focused on Oracle WebLogic Server (WLS), Oracle Web Service Manager (OWSM) and Oracle Service Bus (OSB). There are many security scenarios in which OSTS can be used, but the initial objective was to provide single sign-on between WLS and OSB using OSTS to generate Security Assertion Markup Language (SAML) tokens. This article describes the steps to implement this solution.

Scenario

The solution was applied on OWSM with OSB 11g (11.1.1.6), Oracle Access Manager (OAM) 11gR2 (11.1.2) and WLS 11g (10.3.6). A Security Token Service (STS) creates and validates security tokens, using protocols such as WS-Trust, acting as a centralizer point in security infrastructure architecture and simplifying identity propagation between heterogeneous environments.

OSTS is an Oracle Identity Management access management solution. For more information on OSTS, consult the following articles by Oracle Fusion Middleware A-Team solution architect Andre Correa:

The proof of concept required a client on WLS accessing a service provided by OSB using SAML. The SAML Assertion should be generated from OSTS.

WLS can use WS-Trust policies and communicate with OSTS, but OSB 11g still doesn't support WS-Trust policies. To work around this issue, configure OSB to trust messages signed by an OSTS certificate. Here is the complete scenario: Read the complete article here.

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki

Tuesday Apr 29, 2014

Working with Oracle Security Token Service in an Architecture Involving Oracle WebLogic and Oracle Service Bus by Ronaldo Fernandes

Using Oracle Security Token Service to generate Security Assertion Markup Language (SAML) tokens.
Downloads: Oracle Security Token Service & Oracle WebLogic Server & Oracle Service Bus.

Recently, I've worked on a proof of concept for the use of Oracle Security Token Service (OSTS) in an architecture involving Oracle Fusion Middleware, focused on Oracle WebLogic Server (WLS), Oracle Web Service Manager (OWSM) and Oracle Se

fernandes-osts-weblogic-osb-fig09

rvice Bus (OSB). There are many security scenarios in which OSTS can be used, but the initial objective was to provide single sign-on between WLS and OSB using OSTS to generate Security Assertion Markup Language (SAML) tokens. This article describes the steps to implement this solution.

Scenario

The solution was applied on OWSM with OSB 11g (11.1.1.6), Oracle Access Manager (OAM) 11gR2 (11.1.2) and WLS 11g (10.3.6). A Security Token Service (STS) creates and validates security tokens, using protocols such as WS-Trust, acting as a centralizer point in security infrastructure architecture and simplifying identity propagation between heterogeneous environments.

OSTS is an Oracle Identity Management access management solution. For more information on OSTS, consult the following articles by Oracle Fusion Middleware A-Team solution architect Andre Correa:

The proof of concept required a client on WLS accessing a service provided by OSB using SAML. The SAML Assertion should be generated from OSTS.

WLS can use WS-Trust policies and communicate with OSTS, but OSB 11g still doesn't support WS-Trust policies. To work around this issue, configure OSB to trust messages signed by an OSTS certificate. Here is the complete scenario: Read the complete article here.

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki

Thursday Oct 10, 2013

Securing the SOA Landscape part of Industrial SOA series

imgIntroduction

Security requirements are usually relatively easy to manage when using local restrictions in conventional closed systems. They become more complex in the distributed system landscape of an SOA. Not limited to only an application or an application domain anymore, security must work across a range of applications and business processes.

Numerous security standards have been created in order to realize these comprehensive security requirements. These include WS-SecurityPolicy, WS-Trust, XML Encryption, XKMS, XML Signature, WS-Federation, WS-SecureConversation, SAML1, SAML2, and many more. Currently, no product or open source framework can fully support all of these standards. In our experience, incompatibilities arise whenever an SOA product or deployed Web service framework needs to communicate outside of its small ecosystem.

Not surprisingly, project managers who are confronted with increasing expenses tend to start looking for viable alternatives. They then usually choose to develop inflexible solutions in-house that can quickly implement risky anti-patterns, such as transferring usernames and passwords within the functional payload. The variety of different standards makes it difficult to formulate a clear understanding of the available security standards and internal product dependencies, in light of the individual restrictions to designing a well-secured system.

Our aim is to provide IT experts and SOA architects with tips on how to handle security responsibly, using tried and true best practices as a basis.

How Much Security Do I Need?

Security plays a crucial role due to SOA's extensively networked nature, yet is not required by all of the different types of applications and architecture layers to the same degree. Defining both internal and external security requirements for the entire organization and its individual departments by conceptually developing the implementation is therefore important.

Read the full article at the Service Technology Magazine or Oracle Technology Network.

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki Mix Forum

About





Search

Archives
« July 2015
SunMonTueWedThuFriSat
   
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
       
Today