By Rekha Ayothi-Oracle on Aug 26, 2010
One of the most common questions that Oracle E-Business Suite developers have is, "How do you secure E-Business Suite web services?" Generally, web service security consists of authentication, message integrity and confidentiality. I'll discuss the authentication aspect of web service security in this article.
The WS-Security specification describes enhancements to SOAP that increase the protection and confidentiality of messages. It provides this protection by defining mechanisms for associating tokens with Simple Object Access Protocol (SOAP) messages.
An Oracle E-Business Suite Integration Repository administrator can select the appropriate authentication type for each Web service-enabled interface. The authentication type should be selected before deploying the API as a standard web service. Integration Repository administrators can grant user access to E-Business Suite web service operations.
SAML security tokens (Sender Vouches) are composed of assertions: one or more statements about a user, such as an authentication or attribute statement. SAML tokens are attached to SOAP messages by placing assertion elements inside the header. SAML security tokens enable interoperable single-sign-on and federated identity for E-Business Suite Web services.
Your Feedback is Welcome
We're extremely interested in hearing about your use cases and your experiences with our Integrated SOA Gateway. If you've used this product -- or are evaluating it -- please post a comment here or drop us a line with your thoughts.
- Oracle E-Business Suite Integrated SOA Gateway Implementation Guide (PDF, 4.4 MB)
- Installing Oracle E-Business Suite Integrated SOA Gateway, Release 12 (My Oracle Support Knowledge Document 556540.1)
- WS-Security specifications
- Critical Rollup Update for E-Business Suite Integrated SOA Gateway Release 12.1.1
- Integration Simplified: Native Service-Oriented Architecture in Oracle E-Business Suite (OpenWorld 2008 Recap)
- Integration Architectures for Oracle EBS (OpenWorld 2009 Recap)
- Integration Repository for the E-Business Suite
- Service-Enable 11i -- Get A Jump On Fusion