Which statement is true about the valid combination of policies for a policy subject?

When more than one policy is attached to a policy subject, the combination of policies needs to be

valid. Which statement is true about the valid combination of policies for a policy subject?

When more than one policy is attached to a policy subject, the combination of policies needs to be

valid. Which statement is true about the valid combination of policies for a policy subject?

A.
Only one MTOM policy can be attached to a policy subject.

B.
More than one Reliable Messaging policy can be attached to a policy subject.

C.
Both a Reliable Messaging policy and a WS-Addressing policy cannot be attached to the same
policy subject.

D.
Only one security policy can be attached to a policy subject.

Explanation:

Note:
*Within a SOA composite application, you must attach the Oracle WS-MTOM policy to service and
reference binding components to receive and send MTOM (MIME binary) attachments within
Oracle SOA Suite.
* Message Transmission Optimization Mechanism (MTOM)
Ensures that attachments are in MTOM format. This format enables binary data to be sent to and
from web services. This reduces the transmission size on the wire.
* Reliability Policy
Supports the WS-Reliable Messaging protocol. This guarantees the end-to-end delivery of
messages.
* Addressing Policy
Verifies that simple object access protocol (SOAP) messages include WS-Addressing headers in
conformance with the WS-Addressing specification. Transport-level data is included in the XML
message rather than relying on the network-level transport to convey this information.

Show Hint

Leave a Reply 4

Your email address will not be published. Required fields are marked *

dixon

dixon

Only one MTOM policy can be attached to a policy subject.

Only one Reliable Messaging policy can be attached to a policy subject.

Only one WS-Addressing policy can be attached to a policy subject.

Only one Security policy with subtype authentication can be attached to a subject.

Only one Security policy with subtype sts-config can be attached to a subject.

If an authentication policy and an authorization policy are both attached to a policy subject, the authentication policy must precede the authorization policy.

There may be one or more security policies attached to a policy subject. For example, a security policy can contain an assertion that belongs to the authentication or message protection subtype categories, or an assertion that belongs to both subtype categories. The second security policy contains an assertion that belongs to the authorization subtype.

If the policies attached to a subject are exact duplicates of each other, including any configuration overrides, the policy attachment is viewed as a duplicate and the configuration is valid.

If the policy requires a particular transport protocol (for example, HTTP or HTTPS), it checks to see that the Web service uses the expected transport protocol. (The check is done at run time.)

Reply

igor

igor

Its C.
You cannot secure the same Web Service using a combination of OWSM and WebLogic Web
Service policies. Oracle recommends using OWSM policies over WebLogic Server policies where
possible.

Reply

SOADev

SOADev

A is correct

Below bullet points are taken from http://docs.oracle.com/cd/E23943_01/web.1111/b32511/attaching.htm#WSSEC1193

Only one MTOM policy can be attached to a policy subject.

Only one Reliable Messaging policy can be attached to a policy subject.

Only one WS-Addressing policy can be attached to a policy subject.

Only one Security policy with subtype authentication can be attached to a subject.

Only one Security policy with subtype sts-config can be attached to a subject.

If an authentication policy and an authorization policy are both attached to a policy subject, the authentication policy must precede the authorization policy.

There may be one or more security policies attached to a policy subject. For example, a security policy can contain an assertion that belongs to the authentication or message protection subtype categories, or an assertion that belongs to both subtype categories. The second security policy contains an assertion that belongs to the authorization subtype.

If the policies attached to a subject are exact duplicates of each other, including any configuration overrides, the policy attachment is viewed as a duplicate and the configuration is valid.

If the policy requires a particular transport protocol (for example, HTTP or HTTPS), it checks to see that the Web service uses the expected transport protocol. (The check is done at run time.)

Reply