I'm looking into Middleware security in our Oracle Fusion 12c environment.
Context: I'm attempting to pull together a high-level Middleware Security Reference Architecture which will help aid decisions on service security, particularly in the areas of Authentication, Authorisation and Message Protection.
Anyway I keep thinking I understand it and then another massive framework jumps out and just confuses the days out of me. I'm looking for somebody to help me join up the dots really.
I would like to know the relationship between the following if at all possible. Perhaps there isn't a relationship between some of these components but there certainly seems to be overlap. It may be use case dependent? I'm just a little confused in all honesty.
High level clarity of relationships and associations between the following would be fantastic:
Hopefully this question makes sense, if you need me to be a bit more specific then do say and I'll try to explain in a bit more detail where I'm getting stuck.
Thanks in advance!
That's a lot, and I can understand your questioning. There is one book that might help pull this together for you. Take a look at Fusion Middleware Architecture.
In brief: WebLogic Security Realms - defines the users, groups, providers and policies for an arbitrary unit of management - a "realm." While you can define multiple realms, you can only have one active at a time. A provider can perform authentication (amongst other things) : Oracle Unified Director, Active Director, etc. (apologies in advance, I'm not a full-blown WLS admin).
OWSM is a pluggable SW layer that secures endpoints for web Services coming in and going out of WLS. It defines, enforces and monitors security policies that have been added to web services deployed to WLS & Oracle SOA Suite.
OPSS is an abstraction layer that provides an API to developers to use for accessing security information and activities, w/o having to code directly to the underlying (WLS) API.
CSF - manage security credentials.