We can create composite web services by orchestrating the flow between the web services using the Oracle SOA Suite, as shown in the following diagram. Anyone can invoke a BPEL process if they know the WSDL URL; the network route is then open for them. It is required that we design and develop a solution that handles authentication, authorization, transport layer security, and protects from denial of service attacks.
As shown in the following diagram, a client can be an SOA Suite, a J2EE container, or a third-party application. The invocation of the web service is via an SOA Suite platform. In this scenario, a client can create an authentication policy and propagate the user credential to the service provider.
In this book, we are not covering the security for Data at Rest, which provides the data protection from the system administrators of the SOA Suite platform.
In an enterprise, the security solution for an Oracle SOA Suite is designed and deployed using some of the...