Web Services' security requirements involve credential transfer and service capabilities along with defining application constraints. In many cases, Web Services security tools, such as Oracle WSM, rely on Public Key Infrastructure (PKI) environments. A PKI uses cryptographic keys. Keys can be private or public. In an asymmetric cipher model, the receiving party's public key is used to encrypt plaintext, and the receiving party's matching private key is used to decrypt the ciphertext. Also, a private key is used to create a digital signature by signing the message and the public key is used for verifying the signature. Public-key certificates (or certificates, for short) are used to guarantee the integrity of public keys.
Web Services' security requirements are supported by industry standards both at the transport level (Secure Socket Layer) and at the application level, relying on XML frameworks.
Oracle Web Services Manager is designed to define and...