Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Using OWSM Assertions and Policies
November 14th, 2012
14:55-15:40
Room VT445-32
Harold Dost III
Senior Consultant
Raastec...
Slide 2 of 31 © Raastech, Inc. 2012 | All rights reserved.
1. Introduction
2. Why secure your services?
3. Where does OWSM...
Slide 3 of 31 © Raastech, Inc. 2012 | All rights reserved.
INTRODUCTION
Slide 4 of 31 © Raastech, Inc. 2012 | All rights reserved.
Harold Dost III
 5+ years of Oracle middleware experience
 Ex...
Slide 5 of 31 © Raastech, Inc. 2012 | All rights reserved.
WHY SECURE YOUR SERVICES?
Slide 6 of 31 © Raastech, Inc. 2012 | All rights reserved.
 There is a broad list of security aspects to consider:
 Auth...
Slide 7 of 31 © Raastech, Inc. 2012 | All rights reserved.
 Protect you against mischievous and dangerous attackers
 Pro...
Slide 8 of 31 © Raastech, Inc. 2012 | All rights reserved.
 Zappos
 24 million customers
 Address Information
 Credit ...
Slide 9 of 31 © Raastech, Inc. 2012 | All rights reserved.
 UNC Charlotte
 350k students and employees
 Social Security...
Slide 10 of 31 © Raastech, Inc. 2012 | All rights reserved.
WHERE DOES OWSM FIT?
Slide 11 of 31 © Raastech, Inc. 2012 | All rights reserved.
 Randomized Passwords
 Scheduled Expiration
 Encryption of ...
Slide 12 of 31 © Raastech, Inc. 2012 | All rights reserved.
 “Oracle Web Services Manager offers a comprehensive
and easy...
Slide 13 of 31 © Raastech, Inc. 2012 | All rights reserved.
Where does OWSM fit?
http://docs.oracle.com/cd/E17904_01/doc.1...
Slide 14 of 31 © Raastech, Inc. 2012 | All rights reserved.
Oracle SOA Security Strategy
Slide 15 of 31 © Raastech, Inc. 2012 | All rights reserved.
Oracle SOA Security Strategy
Slide 16 of 31 © Raastech, Inc. 2012 | All rights reserved.
HOW TO USE OWSM?
Slide 17 of 31 © Raastech, Inc. 2012 | All rights reserved.
 Filler
OWSM
Slide 18 of 31 © Raastech, Inc. 2012 | All rights reserved.
 Filler
OWSM
Slide 19 of 31 © Raastech, Inc. 2012 | All rights reserved.
 Filler
OWSM
Slide 20 of 31 © Raastech, Inc. 2012 | All rights reserved.
 Filler
OWSM
Slide 21 of 31 © Raastech, Inc. 2012 | All rights reserved.
 Filler
OWSM
Slide 22 of 31 © Raastech, Inc. 2012 | All rights reserved.
 Filler
OWSM
Slide 23 of 31 © Raastech, Inc. 2012 | All rights reserved.
 Filler
OWSM
Slide 24 of 31 © Raastech, Inc. 2012 | All rights reserved.
 Filler
OWSM
Slide 25 of 31 © Raastech, Inc. 2012 | All rights reserved.
 Filler
OWSM
Slide 26 of 31 © Raastech, Inc. 2012 | All rights reserved.
IS IT RIGHT FOR YOUR COMPANY?
Slide 27 of 31 © Raastech, Inc. 2012 | All rights reserved.
 Yes
Is it for your company?
Slide 28 of 31 © Raastech, Inc. 2012 | All rights reserved.
 Yes
 If you’re already using OSB or SOA Suite, it’s built-i...
Slide 29 of 31 © Raastech, Inc. 2012 | All rights reserved.
SUMMARY
Slide 30 of 31 © Raastech, Inc. 2012 | All rights reserved.
 OWSM provides a method to add both transport and
message lev...
Slide 31 of 31 © Raastech, Inc. 2012 | All rights reserved.
Contact Information
Harold Dost III
Senior Consultant
harold.d...
Upcoming SlideShare
Loading in …5
×

Using OWSM Assertions and Policies

500 views

Published on

MOUS 2012

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Using OWSM Assertions and Policies

  1. 1. Using OWSM Assertions and Policies November 14th, 2012 14:55-15:40 Room VT445-32 Harold Dost III Senior Consultant Raastech, Inc.
  2. 2. Slide 2 of 31 © Raastech, Inc. 2012 | All rights reserved. 1. Introduction 2. Why secure your services? 3. Where does OWSM fit? 4. Demo 5. Summary Agenda
  3. 3. Slide 3 of 31 © Raastech, Inc. 2012 | All rights reserved. INTRODUCTION
  4. 4. Slide 4 of 31 © Raastech, Inc. 2012 | All rights reserved. Harold Dost III  5+ years of Oracle middleware experience  Experience in large implementations involving SOA Suite, BAM, AIA, OSB, OSR, ODI, OWSM, OER, OEG, and more  OCE (SOA Foundation Practitioner) About Me
  5. 5. Slide 5 of 31 © Raastech, Inc. 2012 | All rights reserved. WHY SECURE YOUR SERVICES?
  6. 6. Slide 6 of 31 © Raastech, Inc. 2012 | All rights reserved.  There is a broad list of security aspects to consider:  Authentication (AuthN for short)  Authorization (AuthZ for short)  Spoofing  Tampering  Repudiation  Information Disclosure  Denial of Service  Replay attacks  Virus attacks and Intrusion Detection Why secure your services?
  7. 7. Slide 7 of 31 © Raastech, Inc. 2012 | All rights reserved.  Protect you against mischievous and dangerous attackers  Protect your customer’s data  Save money  For example, healthcare data security breaches cost: http://www.hipaasecurenow.com/index.php/a-look-at-the-cost-of-healthcare-breaches/ Why secure your services? # of records Cost 1 $ 240 100 $ 24,000 10,000 $ 2,400,000
  8. 8. Slide 8 of 31 © Raastech, Inc. 2012 | All rights reserved.  Zappos  24 million customers  Address Information  Credit Card Information http://www.darkreading.com/security/news/232500003/zappos-dealing-with-data-breach.html Why secure your services?
  9. 9. Slide 9 of 31 © Raastech, Inc. 2012 | All rights reserved.  UNC Charlotte  350k students and employees  Social Security Numbers http://www.darkreading.com/insider-threat/167801100/security/news/240000307/unc-charlotte-breach-affected-more-than-350-000.html Why secure your services?
  10. 10. Slide 10 of 31 © Raastech, Inc. 2012 | All rights reserved. WHERE DOES OWSM FIT?
  11. 11. Slide 11 of 31 © Raastech, Inc. 2012 | All rights reserved.  Randomized Passwords  Scheduled Expiration  Encryption of sensitive data  Over the wire  On storage media  Authorization  Authentication Layered Security Approach http://marccortez.com/2012/09/27/beating-my-dead-horse-with-a-double-edged-sword/
  12. 12. Slide 12 of 31 © Raastech, Inc. 2012 | All rights reserved.  “Oracle Web Services Manager offers a comprehensive and easy-to-use solution for policy management and security of service infrastructure.”  “It provides visibility and control of the policies through a centralized administration interface offered by Oracle Enterprise Manager.”  OWSM is a component of SOA Suite  Add-on  OSB  SOA Suite What is OWSM?
  13. 13. Slide 13 of 31 © Raastech, Inc. 2012 | All rights reserved. Where does OWSM fit? http://docs.oracle.com/cd/E17904_01/doc.1111/e15866/owsm.htm
  14. 14. Slide 14 of 31 © Raastech, Inc. 2012 | All rights reserved. Oracle SOA Security Strategy
  15. 15. Slide 15 of 31 © Raastech, Inc. 2012 | All rights reserved. Oracle SOA Security Strategy
  16. 16. Slide 16 of 31 © Raastech, Inc. 2012 | All rights reserved. HOW TO USE OWSM?
  17. 17. Slide 17 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
  18. 18. Slide 18 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
  19. 19. Slide 19 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
  20. 20. Slide 20 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
  21. 21. Slide 21 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
  22. 22. Slide 22 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
  23. 23. Slide 23 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
  24. 24. Slide 24 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
  25. 25. Slide 25 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
  26. 26. Slide 26 of 31 © Raastech, Inc. 2012 | All rights reserved. IS IT RIGHT FOR YOUR COMPANY?
  27. 27. Slide 27 of 31 © Raastech, Inc. 2012 | All rights reserved.  Yes Is it for your company?
  28. 28. Slide 28 of 31 © Raastech, Inc. 2012 | All rights reserved.  Yes  If you’re already using OSB or SOA Suite, it’s built-in  No extra cost Is it for your company?
  29. 29. Slide 29 of 31 © Raastech, Inc. 2012 | All rights reserved. SUMMARY
  30. 30. Slide 30 of 31 © Raastech, Inc. 2012 | All rights reserved.  OWSM provides a method to add both transport and message level protections to Web Services.  Should be used as part of a layered security approach. Summary
  31. 31. Slide 31 of 31 © Raastech, Inc. 2012 | All rights reserved. Contact Information Harold Dost III Senior Consultant harold.dost@raastech.com

×