using owsm assertions and policies
TRANSCRIPT
Using OWSM Assertions and Policies
November 14th, 2012
14:55-15:40
Room VT445-32
Harold Dost III Senior Consultant
Raastech, Inc.
Slide 2 of 31 © Raastech, Inc. 2012 | All rights reserved.
1. Introduction
2. Why secure your services?
3. Where does OWSM fit?
4. Demo
5. Summary
Agenda
Slide 4 of 31 © Raastech, Inc. 2012 | All rights reserved.
Harold Dost III
5+ years of Oracle middleware experience
Experience in large implementations involving SOA
Suite, BAM, AIA, OSB, OSR, ODI, OWSM, OER, OEG,
and more
OCE (SOA Foundation Practitioner)
About Me
Slide 6 of 31 © Raastech, Inc. 2012 | All rights reserved.
There is a broad list of security aspects to consider:
Authentication (AuthN for short)
Authorization (AuthZ for short)
Spoofing
Tampering
Repudiation
Information Disclosure
Denial of Service
Replay attacks
Virus attacks and Intrusion Detection
Why secure your services?
Slide 7 of 31 © Raastech, Inc. 2012 | All rights reserved.
Protect you against mischievous and dangerous attackers
Protect your customer’s data
Save money
For example, healthcare data security breaches cost:
http://www.hipaasecurenow.com/index.php/a-look-at-the-cost-of-healthcare-breaches/
Why secure your services?
# of records Cost
1 $ 240
100 $ 24,000
10,000 $ 2,400,000
Slide 8 of 31 © Raastech, Inc. 2012 | All rights reserved.
Zappos
24 million customers
Address Information
Credit Card Information
http://www.darkreading.com/security/news/232500003/zappos-dealing-with-data-breach.html
Why secure your services?
Slide 9 of 31 © Raastech, Inc. 2012 | All rights reserved.
UNC Charlotte
350k students and employees
Social Security Numbers
http://www.darkreading.com/insider-threat/167801100/security/news/240000307/unc-charlotte-breach-affected-more-than-350-000.html
Why secure your services?
Slide 11 of 31 © Raastech, Inc. 2012 | All rights reserved.
Randomized Passwords
Scheduled Expiration
Encryption of sensitive data
Over the wire
On storage media
Authorization
Authentication
Layered Security Approach
http://marccortez.com/2012/09/27/beating-my-dead-horse-with-a-double-edged-sword/
Slide 12 of 31 © Raastech, Inc. 2012 | All rights reserved.
“Oracle Web Services Manager offers a comprehensive
and easy-to-use solution for policy management and
security of service infrastructure.”
“It provides visibility and control of the policies through a
centralized administration interface offered by Oracle
Enterprise Manager.”
OWSM is a component of SOA Suite
Add-on
OSB
SOA Suite
What is OWSM?
Slide 13 of 31 © Raastech, Inc. 2012 | All rights reserved.
Where does OWSM fit?
http://docs.oracle.com/cd/E17904_01/doc.1111/e15866/owsm.htm
Slide 28 of 31 © Raastech, Inc. 2012 | All rights reserved.
Yes
If you’re already using OSB or SOA Suite, it’s built-in
No extra cost
Is it for your company?
Slide 30 of 31 © Raastech, Inc. 2012 | All rights reserved.
OWSM provides a method to add both transport and
message level protections to Web Services.
Should be used as part of a layered security approach.
Summary
Slide 31 of 31 © Raastech, Inc. 2012 | All rights reserved.
Contact Information
Harold Dost III
Senior Consultant