Thanks for sharing such a valuable information with us.
Your blog is quite informative and useful.
I have a question on OWSM deployment architecture, wondering if I could solicit your thoughts on this:
Deploying OWSM infrastructure on an intranet-only Web Services scenario, where several WS clients will be calling several other WS. Clients and Services are distributed between Oracle BPM, Oracle ESB, Weblogic App Servers and Oracle Apps (Finance). Goal is to implement WS-Security - Authentication only. No individual user authentication is applicable, we will instead use different service accounts to authenticate to different WS. These ids/passwords exist in an OID repository. All WS calls will be intercepted by OWSM Gateway to check for Authentications.
In this context, how will the user id/password be injected into the clients calling WS? Do you recommend using OWSM Agents deployed at all WS client endpoints to do so, while the OWSM Gateway does the authentication? Any other way to achieve this? Or is using service account authentication is not a recommendation at all?
Commenting by HaloScan
