Enabling security on any transaction between applications becomes imperative when the applications are remotely located. Oracle SOA is a middleware platform that provides these security control features including “Basic Authentication”, “Mutual Authentication” over SSL/TLS.
Example of E&O calculation:
- Basic Authentication - requires the messages to carry username and password along with the actual business data.
- Mutual Authentication over SSL/TLS - Authentication with a higher level of security logistics that includes Identity of the client, Trust, Certificate Authority.
It is only fair to say, trust needs to be established between any two entities before they start to exchange the information. This potential of mutual trust between two applications remotely held is established via 1-way SSL or a 2-way SSL.
On Oracle SOA, this configuration usually includes importing the server’s certificates into its Keystore and to configure if SOA is making a 1-way SSL or a 2-way SSL.