My client has a requirement to implement enterprise level security ( for all the webservices developed usinig SOA suite or for services including EJBs deployed onto weblogic server ) and we haven't purchased products like OEG , OAM , SSO etc. But ideally would wish to implement security ( common layer ) within weblogic server. I believe we could use the below scenarios to acheve the same.
1) Mutual authentication ( SSL certificate exchange ) for all services.
2) User Authentication access ( don't know how exactly to achieve this at a domain level).
Would request your feedback and comments on the same to achieve domain level security. Any other scenarios also would be much appreciated.
You can guarantee message level security by using securing the webservices usiing canned policies...
You can ensure transport level security by making the Webservice accessible over SSL, you can also enable two way SSL on WLS.
In that case, the client trying to connect to WLS will have to pass a certificate.