Credential mapping is done in order to create the proper credential for a user in order to issue a
request to another system. In a scenario where one Oracle WebLogic Server makes a Web
Service request to another Oracle WebLogic Server, where might credential mapping be
performed?
A.
In the WLS platform (OPSS / OWSM agent) making the Web Service request
B.
In the service bus, if one is being used
C.
In the WLS platform (OPSS / OWSM agent) responding to the request
D.
In a Security Token Service, if WS-Trust is being used
E.
In the credential store
F.
In the identity management server
Explanation:
OPSSworks in conjunction with OWSM and the WebLogic container. It provides
the plug-in security framework.OPSS enables OWSM to
perform credential mapping and identity assertion, which is necessary in order to
propagate and assert identity from client to service. It also handles authentication
and authorization of service requests as needed.
A credential mapping service intercepts the outbound
service request, maps the current user identity to the target credentials, and embeds
the credentials within the outbound request. The receiver then extracts the credentials
and authenticates the user. Mapping may be performed by an intermediary in order to
avoid embedding such security concerns within the requestor or target resource.
Note:
OWSMis a run-time framework for security policy creation, management, and
governance. Policies are created, attached to services, and enforced at various
points in the messaging life cycle. OWSM includes a policy manager and Web
Service security agents. Both the policy manager and agents run on Oracle
WebLogic Server (OWLS).
Agents can be on the service requester side (client) and/or the service provider
side(A and C). Agents are installed in the OWLS Web Service interceptors. A request made
to a Web Service is intercepted by an OWSM agent that enforces security policies
defined in the OWSM policy manager.
Since OWSM and Oracle Service Bus (OSB) both run on Oracle WebLogic Server,
OWSM agents can be used to secure OSB proxy and business services. This
provides a common, universal policy and enforcement model for WSS. OWSM is
also integrated with Oracle JDeveloper to provide declarative policy attachment at
development time.
Reference: Oracle Reference Architecture,Security, Release 3.1