Service-Oriented Security

Today's applications must fulfill a wide range of security requirements, including authentication; fine-grained authorization; user provisioning and federation; and compliance with industry standards and government regulations. Application developers must consider the implications integrating these security components not only on an application basis, but within the existing security infrastructure. To overcome these challenges, Oracle Identity Management 11g delivers Service-Oriented Security - a revolutionary architectural approach that drastically simplifies application security by making identity functions available as discrete reusable web services. This enables developers to weave a centralized security infrastructure into applications instead of adding piecemeal components, resulting in faster development lifecycles, better IT agility and dramatically lower integration costs.


Service-Oriented Security simplifies application security challenges with a multi-pronged solution that optimizes each stage of the application lifecycle, from application development, through deployment, administration and maintenance.

  • Identity function externalization—By declaratively attaching important security artifacts such as authentication, authorization, audit and encryption directly to applications, Service-Oriented Security allows developers to decouple security logic from application business logic, speeding development cycles and enabling companies to change policies without touching application code.
  • Centralized policy administration—Developers can weave a centralized identity management framework into applications, eliminating the bolt-on security problems commonly found in custom deployments.
  • Run-time monitoring and audit—Enterprises more effectively control security, audit and policy enforcement through streamlined application-level visibility.


Oracle Platform Security Services (OPSS) offers a standards-based security framework that allows application developers to abstract security, audit, and identity management functionality from applications via discrete services that insulate developers from the intricacies of implementing security details not directly related to application development. Developers can rely on its standards-based API to attach security artifacts declaratively to applications, resulting in shorter application development cycles and lower administration and maintenance costs.

OPSS is the underlying security platform offering critical security functionality for Oracle Fusion Middleware. It is certified for interoperability with most Oracle Fusion Middleware products, including Oracle WebLogic, Oracle SOA Suite, Oracle WebCenter, Oracle JDeveloper, and Oracle ADF. The unique hot-pluggable design enables developers to rely on OPSS as the single security framework for both Oracle and third-party application environments.


  • Streamlined security—Application developers can now rely on security functions offered as discrete services to as a single and consistent security building block rather than building separate security artifacts into each application.
  • Improved agility and faster innovation—By decoupling security policies from application business logic, IT organizations can focus resources on innovation while keeping pace with rapidly evolving business mandates.
  • Cost efficiency—Organizations can realize significant cost savings by optimizing application development lifecycles and reducing administrative and integration costs.