Hey Friend
Nice Blog
really Nice Blog
i ask 4 if u can visit my blog
it's about protection and security prog
free download with direct links
http://scan-now.blogspot.com
Visit me and leave a comment with ur opinion.
Thank u
Hi Vikas,
Your high-knowledge-content blogs on OWSM are really helpful, thanks.
Was wondering if I could pose an OWSM deployment architecture question here:
As part of an SOA project using OSB, BPL and custom J2EE apps, OWSM Gateways will be protecting access to web services from WS-clients, in an all-intranet zone. We've planned to use authentication policies only (on top of using TLS for all WS invocations), and each WS will have a service account/password allowing access to itself. These accounts will be stored in an OID (and OWSM integrated with OID for these authentications)
My question is: how will a WS client inject a service account user id/password while making the WS call? Note that it's an OWSM Gateway which intercepts the call from the client, validates the uid/pwd, and then allows the Service to be invoked. So, while the Gateway validates the uid, which component should inject the uid/pwd in the client? Should it be OWSM Agents sitting on Oracle ESB/BPM/J2EE Apps? Or should it be custom codes doing this? Or, is authentication not necessary at all in an intranet-only deployment, and 2-way SSL is sufficient?
Commenting by HaloScan
