Home » Oracle » 1z0-478 » Which statement describes how the identity is made available by Oracle Web Services Manager (OWSM)?
In your solution, a web service client needs to invoke a series of three web services in support of a single transaction. The third web service needs the identity of the original web service client.
Which statement describes how the identity is made available by Oracle Web Services Manager (OWSM)?
A. The transaction manager accesses an internal table that maintains credentials used to invoke each individual web service in the chain.
B. Each web service in the chain does its own authentication so the third web service handles its own identity checking.
C. OWSM sets the user in the Java Authentication and Authorization (JAAS) Subject when the first web service successfully authenticates, and the Java Subject is used by subsequent web services to access the identity.
D. OWSM stores a SAML token from the first web service invocation in a database table, and that table is accessed by subsequent web services in the chain to retrieve identity.
Correct Answer: C
Explanation/Reference:
Propagating Identities through a Chain of Web Services
A web service may invoke another web service which in turn may invoke yet another web service to complete a single transaction (this pattern is known as "chained web services"). Each of the services in the chain may be protected. Instead of checking which service is calling which other service, Oracle WSM allows you to check who the original user invoking the chain of Web services is. Oracle WSM policies can be used to propagate the original user’s identity across the chained web services. Following successful authentication to the first web service in the chain, Oracle WSM sets the user as a Java Subject used throughout the transaction. When invoking another service, the Oracle WSM client policy picks up the user identity from the Java Subject, generates a SAML token based on the Subject ‘s information, and inserts the SAML token in the WS-Security header of the request message to be sent to the service provider. This allows all the web services in a chain to track the identity of the actual user calling a web service endpoint instead of having the identity of the prior service in the chain calling the first web service to get that information.
Reference: Securing Web Services and Service-Oriented Architectures with Oracle Web Services Manager 11g, Oracle White Paper
Download Printable PDF. VALID exam to help you PASS.
|
|