Which statement describes how the identity is made available by Oracle Web Services Manager (OWSM)?

In your solution, a web service client needs to invoke a series of three web services in support of a
single transaction. The third web service needs the identity of the original web service client.
Which statement describes how the identity is made available by Oracle Web Services Manager
(OWSM)?

In your solution, a web service client needs to invoke a series of three web services in support of a
single transaction. The third web service needs the identity of the original web service client.
Which statement describes how the identity is made available by Oracle Web Services Manager
(OWSM)?

A.
The transaction manager accesses an internal table that maintains credentials used to invoke
each individual web service in the chain.

B.
Each web service in the chain does its own authentication so the third web service handles its
own identity checking.

C.
OWSM sets the user in the Java Authentication and Authorization (JAAS) Subject when the first
web service successfully authenticates, and the Java Subject is used by subsequent web services
to access the identity.

D.
OWSM stores a SAML token from the first web service invocation in a database table, and that
table is accessed by subsequent web services in the chain to retrieve identity.

Explanation:
Propagating Identities through a Chain of Web Services
A web service may invoke another web service which in turn may invoke yet another web service
to complete a single transaction (this pattern is known as “chained web services”). Eachof the
services in the chain may be protected. Instead of checking which service is calling which other
service, Oracle WSM allows you to check who the original user invoking the chain of
Web services is. Oracle WSM policies can be used to propagate the original user’s identity across
the chained web services. Following successful authentication to the first web service in the chain,
Oracle WSM sets the user as a Java Subject used throughout the transaction. When invoking
another service, the Oracle WSM client policy picks up the user identity from the Java
Subject, generates a SAML token based on the Subject ’s information, and inserts the SAML

token in the WS-Security header of the request message to be sent to the service provider. This
allows all theweb services in a chain to track the identity of the actual user calling a web
serviceendpoint instead of having the identity of the prior service in the chain calling the first web
service
to get that information.
Reference: Securing Web Services and Service-Oriented Architectures with Oracle Web Services
Manager 11g, Oracle White Paper

Show Hint

Leave a Reply 4

Your email address will not be published. Required fields are marked *

Jorge

Jorge

the correct answer is D.

Reply

azonium

azonium

D

Reply

azonium

azonium

guess it was wrong (have got “Describe security and identity propagation” in final report of incorrect topics)

Reply