What is Web Services Security Pass-Through?
In a WS-Security pass-through scenario, the client applies WS-Security to the request and/or response messages. The proxy service does not process the security header, instead, it passes the secured request message untouched to a business service. Although Oracle Service Bus does not apply any WS-Security to the message, it can route the message based on values in the header. After the business service receives the message, it processes the security header and acts on the request. The business service must be configured with WS-Policy security statements. The secured response message is passed untouched back to the client. For example, the client encrypts and signs the message and sends it to the proxy service. The proxy service does not decrypt the message or verify the digital signature, it simply routes the message to the business service. The business service decrypts the messages and verifies the digital signature, and then processes the request. The response path is similar. This
Related Questions
- I understand SOAP, XML and UDDI as foundation protocol for web services, but how about web services security and other advanced protocols?
- I understand SOAP, XML and UDDI as foundation protocol for web services, but how about web services security and other advanced protocols?
- What is an XML gateway and why is it important to a companys Web services security strategy?
- What is an XML gateway and why is it important to a companys Web services security strategy?
- How is Web Services Security Implemented by Grants.gov?
- What is Web Services Security Pass-Through?