Using OWSM Assertions and Policies

Revelation Technologies
Revelation TechnologiesTechnical Director at Revelation Technologies
Using OWSM Assertions and Policies November 14th, 2012 14:55-15:40 Room VT445-32 Harold Dost III Senior Consultant Raastech, Inc.
Slide 2 of 31 © Raastech, Inc. 2012 | All rights reserved. 1. Introduction 2. Why secure your services? 3. Where does OWSM fit? 4. Demo 5. Summary Agenda
Slide 3 of 31 © Raastech, Inc. 2012 | All rights reserved. INTRODUCTION
Slide 4 of 31 © Raastech, Inc. 2012 | All rights reserved. Harold Dost III  5+ years of Oracle middleware experience  Experience in large implementations involving SOA Suite, BAM, AIA, OSB, OSR, ODI, OWSM, OER, OEG, and more  OCE (SOA Foundation Practitioner) About Me
Slide 5 of 31 © Raastech, Inc. 2012 | All rights reserved. WHY SECURE YOUR SERVICES?
Slide 6 of 31 © Raastech, Inc. 2012 | All rights reserved.  There is a broad list of security aspects to consider:  Authentication (AuthN for short)  Authorization (AuthZ for short)  Spoofing  Tampering  Repudiation  Information Disclosure  Denial of Service  Replay attacks  Virus attacks and Intrusion Detection Why secure your services?
Slide 7 of 31 © Raastech, Inc. 2012 | All rights reserved.  Protect you against mischievous and dangerous attackers  Protect your customer’s data  Save money  For example, healthcare data security breaches cost: http://www.hipaasecurenow.com/index.php/a-look-at-the-cost-of-healthcare-breaches/ Why secure your services? # of records Cost 1 $ 240 100 $ 24,000 10,000 $ 2,400,000
Slide 8 of 31 © Raastech, Inc. 2012 | All rights reserved.  Zappos  24 million customers  Address Information  Credit Card Information http://www.darkreading.com/security/news/232500003/zappos-dealing-with-data-breach.html Why secure your services?
Slide 9 of 31 © Raastech, Inc. 2012 | All rights reserved.  UNC Charlotte  350k students and employees  Social Security Numbers http://www.darkreading.com/insider-threat/167801100/security/news/240000307/unc-charlotte-breach-affected-more-than-350-000.html Why secure your services?
Slide 10 of 31 © Raastech, Inc. 2012 | All rights reserved. WHERE DOES OWSM FIT?
Slide 11 of 31 © Raastech, Inc. 2012 | All rights reserved.  Randomized Passwords  Scheduled Expiration  Encryption of sensitive data  Over the wire  On storage media  Authorization  Authentication Layered Security Approach http://marccortez.com/2012/09/27/beating-my-dead-horse-with-a-double-edged-sword/
Slide 12 of 31 © Raastech, Inc. 2012 | All rights reserved.  “Oracle Web Services Manager offers a comprehensive and easy-to-use solution for policy management and security of service infrastructure.”  “It provides visibility and control of the policies through a centralized administration interface offered by Oracle Enterprise Manager.”  OWSM is a component of SOA Suite  Add-on  OSB  SOA Suite What is OWSM?
Slide 13 of 31 © Raastech, Inc. 2012 | All rights reserved. Where does OWSM fit? http://docs.oracle.com/cd/E17904_01/doc.1111/e15866/owsm.htm
Slide 14 of 31 © Raastech, Inc. 2012 | All rights reserved. Oracle SOA Security Strategy
Slide 15 of 31 © Raastech, Inc. 2012 | All rights reserved. Oracle SOA Security Strategy
Slide 16 of 31 © Raastech, Inc. 2012 | All rights reserved. HOW TO USE OWSM?
Slide 17 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
Slide 18 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
Slide 19 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
Slide 20 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
Slide 21 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
Slide 22 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
Slide 23 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
Slide 24 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
Slide 25 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
Slide 26 of 31 © Raastech, Inc. 2012 | All rights reserved. IS IT RIGHT FOR YOUR COMPANY?
Slide 27 of 31 © Raastech, Inc. 2012 | All rights reserved.  Yes Is it for your company?
Slide 28 of 31 © Raastech, Inc. 2012 | All rights reserved.  Yes  If you’re already using OSB or SOA Suite, it’s built-in  No extra cost Is it for your company?
Slide 29 of 31 © Raastech, Inc. 2012 | All rights reserved. SUMMARY
Slide 30 of 31 © Raastech, Inc. 2012 | All rights reserved.  OWSM provides a method to add both transport and message level protections to Web Services.  Should be used as part of a layered security approach. Summary
Slide 31 of 31 © Raastech, Inc. 2012 | All rights reserved. Contact Information Harold Dost III Senior Consultant harold.dost@raastech.com
1 of 31

Using OWSM Assertions and Policies

Download to read offline
Technology

MOUS 2012

Revelation Technologies
Revelation TechnologiesTechnical Director at Revelation Technologies

Recommended

Complacency deserves a place on osh as top 10 by
Complacency deserves a place on osh as top 10Complacency deserves a place on osh as top 10
Complacency deserves a place on osh as top 10Mark Lacic
342 views2 slides
Josh Wills, Director of Data Science, Cloudera at MLconf SEA - 5/01/15 by
Josh Wills, Director of Data Science, Cloudera at MLconf SEA - 5/01/15Josh Wills, Director of Data Science, Cloudera at MLconf SEA - 5/01/15
Josh Wills, Director of Data Science, Cloudera at MLconf SEA - 5/01/15MLconf
1.3K views14 slides
Sergey A. Razin Ph.D., Chief Technology Officer, SIOS Technology at MLconf SE... by
Sergey A. Razin Ph.D., Chief Technology Officer, SIOS Technology at MLconf SE...Sergey A. Razin Ph.D., Chief Technology Officer, SIOS Technology at MLconf SE...
Sergey A. Razin Ph.D., Chief Technology Officer, SIOS Technology at MLconf SE...MLconf
1.2K views34 slides
Oauth2 and OWSM OAuth2 support by
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportGaurav Sharma
4K views45 slides
Oracle Compute Cloud Service vs. Amazon Web Services EC2 by
Oracle Compute Cloud Service vs. Amazon Web Services EC2Oracle Compute Cloud Service vs. Amazon Web Services EC2
Oracle Compute Cloud Service vs. Amazon Web Services EC2Revelation Technologies
669 views26 slides
Build Features, Not Apps by
Build Features, Not AppsBuild Features, Not Apps
Build Features, Not AppsNatasha Murashev
389K views60 slides

More Related Content

Similar to Using OWSM Assertions and Policies

Oracle SOA Development - Hands-On from Start to Finish by
Oracle SOA Development - Hands-On from Start to FinishOracle SOA Development - Hands-On from Start to Finish
Oracle SOA Development - Hands-On from Start to FinishRevelation Technologies
1.2K views102 slides
10 EMS MONITORING TIPS IN 30 MINUTES BEST PRACTICES FROM TIBCO EMS PROFESSIO... by
10 EMS MONITORING TIPS IN 30 MINUTES BEST PRACTICES FROM TIBCO EMS PROFESSIO...10 EMS MONITORING TIPS IN 30 MINUTES BEST PRACTICES FROM TIBCO EMS PROFESSIO...
10 EMS MONITORING TIPS IN 30 MINUTES BEST PRACTICES FROM TIBCO EMS PROFESSIO...SL Corporation
2.1K views41 slides
Oracle here. now. your choice. by
Oracle here. now. your choice.Oracle here. now. your choice.
Oracle here. now. your choice.CIOEastAfrica
819 views47 slides
Oracle 360 by
Oracle 360Oracle 360
Oracle 360Ana Galindo
543 views40 slides
Why Check Point - Moti Sagey by
Why Check Point - Moti SageyWhy Check Point - Moti Sagey
Why Check Point - Moti SageyMoti Sagey מוטי שגיא
1.1K views31 slides
An Unbiased Look: Oracle SOA Suite 12c by
An Unbiased Look: Oracle SOA Suite 12cAn Unbiased Look: Oracle SOA Suite 12c
An Unbiased Look: Oracle SOA Suite 12cRevelation Technologies
1.2K views70 slides

Similar to Using OWSM Assertions and Policies(20)

Oracle SOA Development - Hands-On from Start to Finish by Revelation Technologies
Oracle SOA Development - Hands-On from Start to FinishOracle SOA Development - Hands-On from Start to Finish
Oracle SOA Development - Hands-On from Start to Finish
Revelation Technologies1.2K views
10 EMS MONITORING TIPS IN 30 MINUTES BEST PRACTICES FROM TIBCO EMS PROFESSIO... by SL Corporation
10 EMS MONITORING TIPS IN 30 MINUTES BEST PRACTICES FROM TIBCO EMS PROFESSIO...10 EMS MONITORING TIPS IN 30 MINUTES BEST PRACTICES FROM TIBCO EMS PROFESSIO...
10 EMS MONITORING TIPS IN 30 MINUTES BEST PRACTICES FROM TIBCO EMS PROFESSIO...
SL Corporation2.1K views
Oracle here. now. your choice. by CIOEastAfrica
Oracle here. now. your choice.Oracle here. now. your choice.
Oracle here. now. your choice.
CIOEastAfrica819 views
Oracle 360 by Ana Galindo
Oracle 360Oracle 360
Oracle 360
Ana Galindo543 views
Why Check Point - Moti Sagey by Moti Sagey מוטי שגיא
Why Check Point - Moti SageyWhy Check Point - Moti Sagey
Why Check Point - Moti Sagey
Moti Sagey מוטי שגיא1.1K views
An Unbiased Look: Oracle SOA Suite 12c by Revelation Technologies
An Unbiased Look: Oracle SOA Suite 12cAn Unbiased Look: Oracle SOA Suite 12c
An Unbiased Look: Oracle SOA Suite 12c
Revelation Technologies1.2K views
Database Security Overview by Shawn McElhinney
Database Security OverviewDatabase Security Overview
Database Security Overview
Shawn McElhinney328 views
Demystifying Oracle 'Con'Fusion Middleware by Revelation Technologies
Demystifying Oracle 'Con'Fusion MiddlewareDemystifying Oracle 'Con'Fusion Middleware
Demystifying Oracle 'Con'Fusion Middleware
Revelation Technologies360 views
Predicting product life using reliability analysis methods by ASQ Reliability Division
Predicting product life using reliability analysis methodsPredicting product life using reliability analysis methods
Predicting product life using reliability analysis methods
ASQ Reliability Division13.5K views
Systems Resilience by Accenture Middle East
Systems ResilienceSystems Resilience
Systems Resilience
Accenture Middle East102 views
New ThousandEyes Product Features and Release Highlights: November 2022 by ThousandEyes
New ThousandEyes Product Features and Release Highlights: November 2022New ThousandEyes Product Features and Release Highlights: November 2022
New ThousandEyes Product Features and Release Highlights: November 2022
ThousandEyes55 views
#OOW16 - Risk Management Cloud / GRC General Session by Dane Roberts
#OOW16 - Risk Management Cloud / GRC General Session#OOW16 - Risk Management Cloud / GRC General Session
#OOW16 - Risk Management Cloud / GRC General Session
Dane Roberts1.1K views
An Unbiased Look: Oracle SOA Suite 12c by Revelation Technologies
An Unbiased Look: Oracle SOA Suite 12cAn Unbiased Look: Oracle SOA Suite 12c
An Unbiased Look: Oracle SOA Suite 12c
Revelation Technologies1.5K views
Do You Trust Your DevSecOps Pipeline? by DevOps.com
Do You Trust Your DevSecOps Pipeline?Do You Trust Your DevSecOps Pipeline?
Do You Trust Your DevSecOps Pipeline?
DevOps.com217 views
New ThousandEyes Product Features and Release Highlights: November 2022 by ThousandEyes
New ThousandEyes Product Features and Release Highlights: November 2022New ThousandEyes Product Features and Release Highlights: November 2022
New ThousandEyes Product Features and Release Highlights: November 2022
ThousandEyes62 views
206490 implementation best practice by p6academy
206490 implementation best practice206490 implementation best practice
206490 implementation best practice
p6academy281 views
STPCon fall 2012: The Testing Renaissance Has Arrived by SOASTA
STPCon fall 2012: The Testing Renaissance Has ArrivedSTPCon fall 2012: The Testing Renaissance Has Arrived
STPCon fall 2012: The Testing Renaissance Has Arrived
SOASTA 180 views
Girls Days 2014 - Cisco Germany - Duesseldorf by Christoph Nienhaus
Girls Days 2014 - Cisco Germany - DuesseldorfGirls Days 2014 - Cisco Germany - Duesseldorf
Girls Days 2014 - Cisco Germany - Duesseldorf
Christoph Nienhaus1.1K views
Con8834 bring your own identity - final by OracleIDM
Con8834 bring your own identity - finalCon8834 bring your own identity - final
Con8834 bring your own identity - final
OracleIDM1.1K views
SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In... by SolarWinds
SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...
SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...
SolarWinds593 views

More from Revelation Technologies

Oracle BPM Suite Development: Getting Started by
Oracle BPM Suite Development: Getting StartedOracle BPM Suite Development: Getting Started
Oracle BPM Suite Development: Getting StartedRevelation Technologies
532 views26 slides
Developing Web Services from Scratch - For DBAs and Database Developers by
Developing Web Services from Scratch - For DBAs and Database DevelopersDeveloping Web Services from Scratch - For DBAs and Database Developers
Developing Web Services from Scratch - For DBAs and Database DevelopersRevelation Technologies
330 views61 slides
Domain Partitions and Multitenancy in Oracle WebLogic Server 12c - Why It's U... by
Domain Partitions and Multitenancy in Oracle WebLogic Server 12c - Why It's U...Domain Partitions and Multitenancy in Oracle WebLogic Server 12c - Why It's U...
Domain Partitions and Multitenancy in Oracle WebLogic Server 12c - Why It's U...Revelation Technologies
1.4K views64 slides
Oracle Database Cloud Service - Provisioning Your First DBaaS Instance by
Oracle Database Cloud Service - Provisioning Your First DBaaS InstanceOracle Database Cloud Service - Provisioning Your First DBaaS Instance
Oracle Database Cloud Service - Provisioning Your First DBaaS InstanceRevelation Technologies
1K views78 slides
Anyone Can Build a Site, Even You! Create a Microsite with Oracle Sites Cloud... by
Anyone Can Build a Site, Even You! Create a Microsite with Oracle Sites Cloud...Anyone Can Build a Site, Even You! Create a Microsite with Oracle Sites Cloud...
Anyone Can Build a Site, Even You! Create a Microsite with Oracle Sites Cloud...Revelation Technologies
347 views63 slides
Getting Started with Security for your Oracle SOA Suite Integrations by
Getting Started with Security for your Oracle SOA Suite IntegrationsGetting Started with Security for your Oracle SOA Suite Integrations
Getting Started with Security for your Oracle SOA Suite IntegrationsRevelation Technologies
1.3K views78 slides

More from Revelation Technologies(20)

Oracle BPM Suite Development: Getting Started by Revelation Technologies
Oracle BPM Suite Development: Getting StartedOracle BPM Suite Development: Getting Started
Oracle BPM Suite Development: Getting Started
Revelation Technologies532 views
Developing Web Services from Scratch - For DBAs and Database Developers by Revelation Technologies
Developing Web Services from Scratch - For DBAs and Database DevelopersDeveloping Web Services from Scratch - For DBAs and Database Developers
Developing Web Services from Scratch - For DBAs and Database Developers
Revelation Technologies330 views
Domain Partitions and Multitenancy in Oracle WebLogic Server 12c - Why It's U... by Revelation Technologies
Domain Partitions and Multitenancy in Oracle WebLogic Server 12c - Why It's U...Domain Partitions and Multitenancy in Oracle WebLogic Server 12c - Why It's U...
Domain Partitions and Multitenancy in Oracle WebLogic Server 12c - Why It's U...
Revelation Technologies1.4K views
Oracle Database Cloud Service - Provisioning Your First DBaaS Instance by Revelation Technologies
Oracle Database Cloud Service - Provisioning Your First DBaaS InstanceOracle Database Cloud Service - Provisioning Your First DBaaS Instance
Oracle Database Cloud Service - Provisioning Your First DBaaS Instance
Revelation Technologies1K views
Anyone Can Build a Site, Even You! Create a Microsite with Oracle Sites Cloud... by Revelation Technologies
Anyone Can Build a Site, Even You! Create a Microsite with Oracle Sites Cloud...Anyone Can Build a Site, Even You! Create a Microsite with Oracle Sites Cloud...
Anyone Can Build a Site, Even You! Create a Microsite with Oracle Sites Cloud...
Revelation Technologies347 views
Getting Started with Security for your Oracle SOA Suite Integrations by Revelation Technologies
Getting Started with Security for your Oracle SOA Suite IntegrationsGetting Started with Security for your Oracle SOA Suite Integrations
Getting Started with Security for your Oracle SOA Suite Integrations
Revelation Technologies1.3K views
Scale Oracle WebLogic Server by Revelation Technologies
Scale Oracle WebLogic ServerScale Oracle WebLogic Server
Scale Oracle WebLogic Server
Revelation Technologies516 views
First Impressions: Docker in the Cloud with Oracle Container Cloud Service by Revelation Technologies
First Impressions: Docker in the Cloud with Oracle Container Cloud ServiceFirst Impressions: Docker in the Cloud with Oracle Container Cloud Service
First Impressions: Docker in the Cloud with Oracle Container Cloud Service
Revelation Technologies169 views
Oracle Compute Cloud vs. Amazon Web Services EC2 -- A Hands-On Showdown by Revelation Technologies
Oracle Compute Cloud vs. Amazon Web Services EC2 -- A Hands-On ShowdownOracle Compute Cloud vs. Amazon Web Services EC2 -- A Hands-On Showdown
Oracle Compute Cloud vs. Amazon Web Services EC2 -- A Hands-On Showdown
Revelation Technologies204 views
Building Reusable Development Environments with Docker by Revelation Technologies
Building Reusable Development Environments with DockerBuilding Reusable Development Environments with Docker
Building Reusable Development Environments with Docker
Revelation Technologies371 views
Oracle Java & Developer Cloud Service: What It Does & Doesn't Do by Revelation Technologies
Oracle Java & Developer Cloud Service: What It Does & Doesn't DoOracle Java & Developer Cloud Service: What It Does & Doesn't Do
Oracle Java & Developer Cloud Service: What It Does & Doesn't Do
Revelation Technologies403 views
Oracle Compute Cloud Service vs. Amazon Web Services EC2 : A Hands-On Review by Revelation Technologies
Oracle Compute Cloud Service vs. Amazon Web Services EC2 : A Hands-On ReviewOracle Compute Cloud Service vs. Amazon Web Services EC2 : A Hands-On Review
Oracle Compute Cloud Service vs. Amazon Web Services EC2 : A Hands-On Review
Revelation Technologies516 views
Version Uncontrolled - How to Manage Your Version Control (whitepaper) by Revelation Technologies
Version Uncontrolled - How to Manage Your Version Control (whitepaper)Version Uncontrolled - How to Manage Your Version Control (whitepaper)
Version Uncontrolled - How to Manage Your Version Control (whitepaper)
Revelation Technologies435 views
Oracle SOA Tips & Tricks (whitepaper) by Revelation Technologies
Oracle SOA Tips & Tricks (whitepaper)Oracle SOA Tips & Tricks (whitepaper)
Oracle SOA Tips & Tricks (whitepaper)
Revelation Technologies822 views
Usability - Ignored by Developers and Undervalued by Managers (article) by Revelation Technologies
Usability - Ignored by Developers and Undervalued by Managers (article)Usability - Ignored by Developers and Undervalued by Managers (article)
Usability - Ignored by Developers and Undervalued by Managers (article)
Revelation Technologies472 views
Understanding and Developing Web Services - For DBAs and Developers (whitepaper) by Revelation Technologies
Understanding and Developing Web Services - For DBAs and Developers (whitepaper)Understanding and Developing Web Services - For DBAs and Developers (whitepaper)
Understanding and Developing Web Services - For DBAs and Developers (whitepaper)
Revelation Technologies163 views
What Every Client Should Do On Their Oracle SOA Projects (whitepaper) by Revelation Technologies
What Every Client Should Do On Their Oracle SOA Projects (whitepaper)What Every Client Should Do On Their Oracle SOA Projects (whitepaper)
What Every Client Should Do On Their Oracle SOA Projects (whitepaper)
Revelation Technologies226 views
Human Task and ADF: How-To (whitepaper) by Revelation Technologies
Human Task and ADF: How-To (whitepaper)Human Task and ADF: How-To (whitepaper)
Human Task and ADF: How-To (whitepaper)
Revelation Technologies329 views
What Every Client Should Do On Their Oracle SOA Projects (article) by Revelation Technologies
What Every Client Should Do On Their Oracle SOA Projects (article)What Every Client Should Do On Their Oracle SOA Projects (article)
What Every Client Should Do On Their Oracle SOA Projects (article)
Revelation Technologies359 views
Oracle SOA Suite 11g Troubleshooting Methodology (whitepaper) by Revelation Technologies
Oracle SOA Suite 11g Troubleshooting Methodology (whitepaper)Oracle SOA Suite 11g Troubleshooting Methodology (whitepaper)
Oracle SOA Suite 11g Troubleshooting Methodology (whitepaper)
Revelation Technologies324 views

Recently uploaded

20231123_Camunda Meetup Vienna.pdf by
20231123_Camunda Meetup Vienna.pdf20231123_Camunda Meetup Vienna.pdf
20231123_Camunda Meetup Vienna.pdfPhactum Softwareentwicklung GmbH
49 views73 slides
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ... by
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...ShapeBlue
52 views10 slides
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or... by
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...ShapeBlue
128 views20 slides
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive by
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLiveAutomating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLiveNetwork Automation Forum
49 views35 slides
Kyo - Functional Scala 2023.pdf by
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdfFlavio W. Brasil
443 views92 slides
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... by
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...Bernd Ruecker
50 views69 slides

Recently uploaded(20)

20231123_Camunda Meetup Vienna.pdf by Phactum Softwareentwicklung GmbH
20231123_Camunda Meetup Vienna.pdf20231123_Camunda Meetup Vienna.pdf
20231123_Camunda Meetup Vienna.pdf
Phactum Softwareentwicklung GmbH49 views
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ... by ShapeBlue
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
ShapeBlue52 views
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or... by ShapeBlue
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
ShapeBlue128 views
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive by Network Automation Forum
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLiveAutomating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Network Automation Forum49 views
Kyo - Functional Scala 2023.pdf by Flavio W. Brasil
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdf
Flavio W. Brasil443 views
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... by Bernd Ruecker
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
Bernd Ruecker50 views
NTGapps NTG LowCode Platform by Mustafa Kuğu
NTGapps NTG LowCode Platform NTGapps NTG LowCode Platform
NTGapps NTG LowCode Platform
Mustafa Kuğu287 views
State of the Union - Rohit Yadav - Apache CloudStack by ShapeBlue
State of the Union - Rohit Yadav - Apache CloudStackState of the Union - Rohit Yadav - Apache CloudStack
State of the Union - Rohit Yadav - Apache CloudStack
ShapeBlue218 views
Keynote Talk: Open Source is Not Dead - Charles Schulz - Vates by ShapeBlue
Keynote Talk: Open Source is Not Dead - Charles Schulz - VatesKeynote Talk: Open Source is Not Dead - Charles Schulz - Vates
Keynote Talk: Open Source is Not Dead - Charles Schulz - Vates
ShapeBlue178 views
Confidence in CloudStack - Aron Wagner, Nathan Gleason - Americ by ShapeBlue
Confidence in CloudStack - Aron Wagner, Nathan Gleason - AmericConfidence in CloudStack - Aron Wagner, Nathan Gleason - Americ
Confidence in CloudStack - Aron Wagner, Nathan Gleason - Americ
ShapeBlue58 views
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f... by TrustArc
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc130 views
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ... by ShapeBlue
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...
ShapeBlue114 views
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue by ShapeBlue
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlueMigrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue
ShapeBlue147 views
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue by ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
ShapeBlue191 views
Data Integrity for Banking and Financial Services by Precisely
Data Integrity for Banking and Financial ServicesData Integrity for Banking and Financial Services
Data Integrity for Banking and Financial Services
Precisely76 views
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R... by ShapeBlue
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
ShapeBlue105 views
Business Analyst Series 2023 - Week 4 Session 7 by DianaGray10
Business Analyst Series 2023 - Week 4 Session 7Business Analyst Series 2023 - Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7
DianaGray10110 views
Ransomware is Knocking your Door_Final.pdf by Security Bootcamp
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
Security Bootcamp81 views
Future of AR - Facebook Presentation by Rob McCarty
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook Presentation
Rob McCarty54 views
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue by ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlueCloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
ShapeBlue68 views

Using OWSM Assertions and Policies

  • 1. Using OWSM Assertions and Policies November 14th, 2012 14:55-15:40 Room VT445-32 Harold Dost III Senior Consultant Raastech, Inc.
  • 2. Slide 2 of 31 © Raastech, Inc. 2012 | All rights reserved. 1. Introduction 2. Why secure your services? 3. Where does OWSM fit? 4. Demo 5. Summary Agenda
  • 3. Slide 3 of 31 © Raastech, Inc. 2012 | All rights reserved. INTRODUCTION
  • 4. Slide 4 of 31 © Raastech, Inc. 2012 | All rights reserved. Harold Dost III  5+ years of Oracle middleware experience  Experience in large implementations involving SOA Suite, BAM, AIA, OSB, OSR, ODI, OWSM, OER, OEG, and more  OCE (SOA Foundation Practitioner) About Me
  • 5. Slide 5 of 31 © Raastech, Inc. 2012 | All rights reserved. WHY SECURE YOUR SERVICES?
  • 6. Slide 6 of 31 © Raastech, Inc. 2012 | All rights reserved.  There is a broad list of security aspects to consider:  Authentication (AuthN for short)  Authorization (AuthZ for short)  Spoofing  Tampering  Repudiation  Information Disclosure  Denial of Service  Replay attacks  Virus attacks and Intrusion Detection Why secure your services?
  • 7. Slide 7 of 31 © Raastech, Inc. 2012 | All rights reserved.  Protect you against mischievous and dangerous attackers  Protect your customer’s data  Save money  For example, healthcare data security breaches cost: http://www.hipaasecurenow.com/index.php/a-look-at-the-cost-of-healthcare-breaches/ Why secure your services? # of records Cost 1 $ 240 100 $ 24,000 10,000 $ 2,400,000
  • 8. Slide 8 of 31 © Raastech, Inc. 2012 | All rights reserved.  Zappos  24 million customers  Address Information  Credit Card Information http://www.darkreading.com/security/news/232500003/zappos-dealing-with-data-breach.html Why secure your services?
  • 9. Slide 9 of 31 © Raastech, Inc. 2012 | All rights reserved.  UNC Charlotte  350k students and employees  Social Security Numbers http://www.darkreading.com/insider-threat/167801100/security/news/240000307/unc-charlotte-breach-affected-more-than-350-000.html Why secure your services?
  • 10. Slide 10 of 31 © Raastech, Inc. 2012 | All rights reserved. WHERE DOES OWSM FIT?
  • 11. Slide 11 of 31 © Raastech, Inc. 2012 | All rights reserved.  Randomized Passwords  Scheduled Expiration  Encryption of sensitive data  Over the wire  On storage media  Authorization  Authentication Layered Security Approach http://marccortez.com/2012/09/27/beating-my-dead-horse-with-a-double-edged-sword/
  • 12. Slide 12 of 31 © Raastech, Inc. 2012 | All rights reserved.  “Oracle Web Services Manager offers a comprehensive and easy-to-use solution for policy management and security of service infrastructure.”  “It provides visibility and control of the policies through a centralized administration interface offered by Oracle Enterprise Manager.”  OWSM is a component of SOA Suite  Add-on  OSB  SOA Suite What is OWSM?
  • 13. Slide 13 of 31 © Raastech, Inc. 2012 | All rights reserved. Where does OWSM fit? http://docs.oracle.com/cd/E17904_01/doc.1111/e15866/owsm.htm
  • 14. Slide 14 of 31 © Raastech, Inc. 2012 | All rights reserved. Oracle SOA Security Strategy
  • 15. Slide 15 of 31 © Raastech, Inc. 2012 | All rights reserved. Oracle SOA Security Strategy
  • 16. Slide 16 of 31 © Raastech, Inc. 2012 | All rights reserved. HOW TO USE OWSM?
  • 17. Slide 17 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
  • 18. Slide 18 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
  • 19. Slide 19 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
  • 20. Slide 20 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
  • 21. Slide 21 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
  • 22. Slide 22 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
  • 23. Slide 23 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
  • 24. Slide 24 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
  • 25. Slide 25 of 31 © Raastech, Inc. 2012 | All rights reserved.  Filler OWSM
  • 26. Slide 26 of 31 © Raastech, Inc. 2012 | All rights reserved. IS IT RIGHT FOR YOUR COMPANY?
  • 27. Slide 27 of 31 © Raastech, Inc. 2012 | All rights reserved.  Yes Is it for your company?
  • 28. Slide 28 of 31 © Raastech, Inc. 2012 | All rights reserved.  Yes  If you’re already using OSB or SOA Suite, it’s built-in  No extra cost Is it for your company?
  • 29. Slide 29 of 31 © Raastech, Inc. 2012 | All rights reserved. SUMMARY
  • 30. Slide 30 of 31 © Raastech, Inc. 2012 | All rights reserved.  OWSM provides a method to add both transport and message level protections to Web Services.  Should be used as part of a layered security approach. Summary
  • 31. Slide 31 of 31 © Raastech, Inc. 2012 | All rights reserved. Contact Information Harold Dost III Senior Consultant harold.dost@raastech.com