7.1 Overview of Oracle UCM Web Services

Web services reside as a layer on top of existing software systems such as application servers, .NET servers, Oracle WebLogic Server, and the Content Server. Web services can be used as a bridge to dissimilar operating systems or programming languages. Web services are adapted to the Internet as the model for communication and rely on the HyperText Transfer Protocol (HTTP) as the default network protocol. Thus, using web services, you can build applications using a combination of components.

Oracle Universal Content Management (UCM) Web services work with Oracle WebLogic Server Web services to perform management functions for Content Server installed on Oracle WebLogic Server. Oracle WebLogic Server Web services provide SOAP capabilities, and Oracle UCM Web services include several built-in SOAP requests. Oracle UCM Web services are automatically installed with an Oracle UCM instance, but they require additional configuration to set up security.

Core enabling technologies for Oracle UCM Web services include:

  • SOAP (Simple Object Access Protocol) is a lightweight XML-based messaging protocol used to encode the information in Web service request and response messages before sending them over a network. SOAP requests are sent by the Oracle UCM Web services to the Oracle WebLogic Server Web services for implementation. For more information about SOAP, see Simple Object Access Protocol (SOAP) at http://www.w3.org/TR/soap12.

  • Web Services Security (WS-Security) is a standard set of SOAP extensions for securing Web services for confidentiality, integrity, and authentication. For Oracle UCM Web services, WS-Security is used for authentication, either for a client to connect to the server as a particular user or for one server to talk to another as a user. For more information, see the OASIS Web Service Security Web page at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss.

  • Web Service Policy (WS-Policy) is a standard for attaching policies to Web services. For Oracle UCM Web services, policies are used for applying WS-Security to Web services. The two supported policies are username-token security and Security Assertion Markup Language (SAML) security.

    Historically, Oracle used Oracle Web Services Manager (OWSM) to secure its Web services and Oracle WebLogic Server used Web Services Security Policy (WS-SecurityPolicy) to secure its Web services. Because Web services security is partially standardized, some WSM and WS-SecurityPolicy policies can work with each other.

    Note:

    It is recommended that you use OWSM policies over Oracle WebLogic Web services whenever possible. You cannot mix your use of OWSM and Oracle WebLogic Web service policies on the same Web service.

    The generic Oracle UCM Web Services are JAX-WS based and can be assigned OWSM policies and managed by OWSM. The native Oracle UCM Web Services are SOAP based and can only support WS-Policy policies managed through the Oracle WebLogic Administration Console.

    For more information about OWSM, see the Oracle Fusion Middleware Security and Administrator's Guide for Web Services.

    A subset of WebLogic Web service policies interoperate with Oracle OWSM policies. For more information, see "Interoperability with WebLogic Web Service Policies" in Oracle Fusion Middleware Security and Administrator's Guide for Web Services.

    Web Services Security Policy (WS-SecurityPolicy) is a set of security policy assertions for use with the WS-Policy framework. For more information, see Web Services Security Policy (WS-SecurityPolicy) specification at http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html.

  • SAML is an XML standard for exchanging authentication and authorization between different security domains. For more information, see the Security Assertion Markup Language (SAML) specification at http://docs.oasis-open.org/security/saml/v2.0/.

  • WebLogic Scripting Tool (WLST) is a command-line tool for managing Oracle WebLogic Server. For more information, see Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.