OWSM currently does not
support REST security. Oracle is planning to add support in upcoming 11g
release-PS6 and 12c releases.
SAML
V/s OAuth in REST
In
terms of SAML vs. OAuth. OAuth has more buzz and is prevalent/popular for
REST. However the answer can vary based on the use-case. For simple identity
propagation – it’s better to use SAML.
SAML
is supported by OWSM. OAuth is more suited for cases where we don’t want to propagate
the password. OAuth uses digital signatures instead
of sending the full credentials with each request. Digital signatures help the recipient
to verify that the content of the request hasn’t changed in transit. To do
that, the sender uses a mathematical algorithm to calculate the signature of
the request and includes it with the request.
In today’s Service Bus product, security for
RESTful API is provided using transport level security (SSL).
In 11.1.1.7 (PS6), one can apply OWSM transport policies to non-WSDL
services (aka RESTful API).
Service
Bus has a custom token capability a few customers are using for proprietary
tokens for RESTful API (in lieu of OAUTH below) read more here:
So
the only option is to use custom Oauth mechanism implemented in Java and I will
mention more on this implementation in my coming articles
No comments:
Post a Comment