Web Service Security

Oracle Insurance Rules Palette

You are here: Admin Explorer > Files > SOAP Security

 

SOAP Security

OIPA adheres to the WS-Security standards for the authentication of SOAP messages. The standards, as developed by the OASIS Open committee, can be referenced at the following two URLs. Paste a URL in a browser to view the standards.  

 

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf

 

The <wsse:UsernameToken> element is used to contain the authentication information. The username and password are specified inside of the <wsse:Username>, and <wsse:Password> elements, respectively. Use an OIPA user name and password here. 

 

It is suggested that SSL (Secure Socket Layer) is used as a method of encryption for all SOAP messages.  

 

The optional <wsse:Nonce> element allows a nonce to be used as added security. A nonce is a random number, in this case represented in base 64, which is embedded in the security header to aid in preventing old communications from being reused. This number is newly generated for each request on the client side and is returned along with the SOAP response from OIPA. The <wsu:Created> element must contain the timestamp of the creation time of the nonce.   

 

Sample of security in SOAP message

SOAP File with Security

 

Copyright © 2009, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices