Security in Trading partner Integration - OOW 2010
By Ramesh Nittur Anantharamaiah-Oracle on Sep 06, 2010
Security is one of the most important paradigms in the Trading partner integration as it involves message exchange between two enterprises. Message can be any sensitive data such as patient record, insurance related information or the inventory of a retailer etc.
B2B being the gateway of any enterprise, it is very essential to authenticate, authorize the messages along with ensuring the message integrity.
Oracle B2B offering
Security in Oracle B2B is broadly classified as Design Time and Run Time Security
1. Run Time Security
Security enforcement and propagation, of the message between two enterprises considering the end-to-end use cases involving application.
a. Message Security: Entire message is secured.
Non-Repudiation of Origin, Non Repudiation of Receipt, Encryption, Integrity, Privacy, Digital signing - Offered through various Exchange protocol
e.g AS2, RNIF, EBMS, AS1
b. Transport/Channel/service Security:
- Channel Security: HTTPS, FTPS, Basic Authentication
- Secured web services for Translation, Query API as web service. Security is provided by enforcing policy defined through OWSM.
- Secure Shell: SFTP (Password/Key pair based Authentication)
- Private Network: Van Support
c. Document Security: Only part of the document is secured i.e. B2B offers to store secured data in the message as part of various document standard.
for e.g. Storing passwords, digitally encoded image in the EDI document.
2. Design Time Security
Oracle B2B leverages the security features of Oracle platform security services, a comprehensive security platform framework which offers
- Identity Assertion and management
- Specification and management of application specific polity
- Credentials and Key store management through Credential security framework
- Role Administration, role and credential mappings
- User and Role API
- Single sign on solutions
- Security configuration and management
Every user in oracle B2B has to be available in the enterprise identity store before provisioning in B2B. Enterprise identity store can be based on LDAP, Oracle OID or Active directory, which can be accessed through Oracle Access manager.
The Identity Store is the repository of B2B users and groups. The Policy Store is the repository of users role, permission etc. for both host and trading partner. The Credential Store is the repository of passwords, which are used during authentication. Credential Store Framework (CSF) APIs can be used to create, read, update, and manage credentials securely.
Oracle B2B offers fine-grained self-service access for trading partner users, which ensure data privacy across partners, and helps in provisioning the role/permission. This also ensures document specific privileges to trading partner users. For better manageability oracle B2B offers following roles
- Host Administrator: This role has access to all B2B functionality
- Host Monitor: This role can access/view reports of all trading partners runtime data
- Remote Administrator: This role is typically assigned to trading partner user and has limited access to partner page. Users with this role can administer the document corresponding to the trading partner.
- Remote monitor: Access/view report of a specific trading partner.
The partner data you design, deploy, and manage with the Oracle B2B user interface is secured by its centralized storage in the Metadata Service (MDS) repository.
Oracle B2B uses Java key store with encrypted password for storing the certificate of various trading partner, which is used for Authentication, signing, encryption etc.
Oracle B2B supports payload obfuscation, which ensures the payloads in wire messages, business messages, and application messages, are visible to authorized users only. This ensures the highly sensitive data to be protected even from dba
B2B command line utilities are protected through User role/permission similar to the feature available through B2B UI.
- User, document privileges sync up between various applications in the end-to-end B2B message flow.
- Unified security infrastructure for the end-to-end application.