Server Policy vs Clinet Policy

When you start working with security policies, during initial days, often you get confused with server policy vs client policy.

Every policy will have a client and a server version

Server Policy : This policy does the actual work.
For ex,
The OWSM policy oracle/wss_http_token_server_policy does the http basic authentication, i.e. checks the provided userid/pwd against the server’s LDAP/IDAM/watever…

Client Policy :: Adds the security information
On the other hand, the client policy appends the required security information to the SOAP HTTP header before sending the request out
For ex, OWSM policy oracle/wss_http_token_client_policy adds the security header with userid/pwd or csf-key to the outgoing request

So, a service policy will be applied to the service provider, whereas the client policy will be applied to the service consumer/caller

Without a client policy to the service caller, the security information cannot be provided to the service request and thus the service policy on the service rejects the message. So, a service caller will have the client version of the policy on the actual service

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s