Sanae BEKKAR – My Blog –

Here are some points about the Oracle SOA Suite 11g infrastructure stack:

• JDeveloper provides a design and development environment for software developers and architects, using the Oracle SOA Suite 11g to create standards based reusable enterprise software assets.

• Service components can be built as BPEL and/or BPMN processes, business rules and decision components, human task, events and mediator, or a combination thereof. They are the building blocks used to construct SOA composite applications. The service infrastructure, comprising a unified platform for services, processes, and events, provides the internal message transport infrastructure capabilities for connecting service components and enabling data flow. Service engines, such as the BPEL Process Manager Engine, Mediator Engine, and BPM Engine, process messages received  |from the service infrastructure.

• Oracle Service Bus provides a framework for lightweight, scalable, and reliable service orchestration designed to connect, mediate, and manage interaction between heterogeneous systems and services. It is widely adopted in all major SOA implementations, and is used to transform protocols and messages between different components.

• Oracle Business Activity Monitoring (BAM) is used to build interactive  real-time dashboards and proactive alerts for monitoring business  processes and services, giving business executives and operation  managers the information they need to take corrective action, if the  business environment changes.

• Oracle Business-to-Business (B2B) Integration enables integration with trading partners by using industry standard protocols such as RossettaNet, Electronic Data Interchange (EDI), and so on, to provide a solution for establishing online collaborations and automated processes.

• Oracle Complex Event Processing (CEP) provides a mechanism to process multiple event streams to detect patterns and trends in real time, and provide enterprises the necessary visibility via BAM. Oracle CEP is designed to look across discrete event streams to find only the important events/trends within a given time frame, and to detect missing events and events that should have occurred but did not.

• Oracle Web Services Manager (OWSM) is used to govern interactions with shared services through security and operational policy management and enforcement to ensure service reuse remains under control. Starting with the Oracle SOA Suite 11g release, OWSM is a component that is built into the suite. Every Oracle SOA Suite 11g domain has this component built-in by default to facilitate the management of web services.

Oracle Web Service Manager (OWSM) based policies for authentication, authorization, message integrity, identity propagation, and so on, can be attached or detached at runtime from the Policies link to either services, references, or components in a composite.

Of the numerous what-ifs and how-tos, some of the main questions you will encounter while planning to put in place a protected infrastructure are:

• How do you authenticate that a service access requestor is who he claims  to be?

• In what ways can access control grants be authorized to specific requestors based on their entitlements?

• Is there a way to ensure confidentiality and privacy to keep information secret when it is transmitted to external systems?

• How do you preserve integrity of messages to be sure that they remain unaltered during transit and also have non-repudiation to prevent replaying the same messages more than once?

Security in general can be implemented at either:

-the transport level by implementing SSL to protect communication channels between the provider and consumer of services,

-at the application level by using several message level security management techniques, or a combination thereof. For instance, an identification token can be generated and sent along with a message to authorize and authenticate service requestors, and/or message privacy and confidentiality can be achieved by encrypting the content of a message and obfuscating the sending and receiving parties’ identities, while a timestamp in the signature prevents anyone from replaying this message after its expiry and, thus, providing nonrepudiation.

The challenge, however, lies with the infrastructure administrator, like you, to manage and configure security across different integration points and components. Although security can be implemented in many ways, the preferred approach to implementing common security patterns in Oracle SOA Suite 11g is by leveraging Oracle Web Services Manager (OWSM) policies –> More