|Oracle® Fusion Middleware User's Guide for Oracle B2B
11g Release 1 (22.214.171.124.1)
Part Number E10229-08
|PDF · Mobi · ePub|
This chapter discusses how Oracle B2B, an e-commerce gateway, enables the secure and reliable exchange of business documents between an enterprise and its trading partners. It also covers how Oracle B2B supports business-to-business document standards, security, transports, messaging services, and trading partner management.
With Oracle B2B used as a binding component within an Oracle SOA Suite composite application, end-to-end business processes can be implemented. Oracle B2B also supports Health Level 7, which enables health care systems to communicate with each other.
For more information about Oracle SOA Suite, see Oracle Fusion Middleware Developer's Guide for Oracle SOA Suite.
This chapter contains the following topics:
E-commerce is the buying and selling of products or services over the Internet, including business-to-business (B2B). In B2B e-commerce, an enterprise extends its business processes over the Internet to reach trading partners. B2B e-commerce represents classic business processes, mature business documents, and industry-tempered messaging services. It requires a unified business process platform, end-to-end instance tracking, visibility and auditing, integrated process intelligence, process and service governance, and centralized security.
You can think of an e-commerce transaction between businesses as analogous to a mail or express carrier (shipping) transaction. In both kinds of transactions, the sender must consider the details required for packaging and sending an item, and the receiver's requirements. Table 1-1 provides an example that compares the two kinds of transactions.
|Traditional Shipping Transaction||E-Commerce Transaction|
What is the item to be shipped, that is, the transaction item?
How is the item packaged?
Box, bubble wrap
How is the item sent and received?
Truck, ship, airplane
Transport protocols: HTTP, File, FTP, SFTP (SSH FTP), TCP/IP, SMTP, MLLP, and more
Who is the carrier?
DHL, FedEx, UPS, USPS
Message exchange protocols: RNIF, AS1, AS2, ebMS, and more
What carrier services are required?
This guide describes how to use Oracle B2B to define the document, the packaging, and the delivery, in addition to configuring trading partners, creating and deploying agreements, and monitoring a deployment.
Oracle B2B supports numerous industry-standard e-commerce protocols, as defined for a range of industries, including health care, retail, IT, telecom, electronics, manufacturing, the food industry, and more. Table 1-2 lists the protocols supported in Oracle B2B.
Table 1-2 Protocols Supported in Oracle B2B
Message exchange protocol
About Document Types:
Using the Custom and positional flat file document protocols, you can use many other document types, including W3CXML Schema (OAGIS, xCBL, UBL, ebXML, and more). Use Oracle Document Editor to create the guideline documents.
Oracle B2B instance data is stored and managed within the SOAINFRA schema of your database. Oracle B2B metadata for design-time and configuration is stored and managed through Metadata Services (MDS), available in Oracle Fusion Middleware. See Oracle Fusion Middleware Administrator's Guide for more information about MDS.
Because documents created in Oracle B2B are stored in the metadata repository, it is possible that the transaction log for the database can become full. If this occurs often, increase the database configuration parameter to allow a larger log file. A larger log file requires more space but reduces the need for applications to retry the operation.
To increase this value, issue the following command:
db2 update database config for soainfra using LOGFILESIZ 8192
Identity assertion and management
The specification and management of application-specific policies
Credential and key store management through the Credential Store Framework
Role administration, and role and credential mappings
The User and Role API
Single sign-on solutions
Security configuration and management
The default administrator user created during Oracle SOA Suite installation is assigned the administrator role, which has access to all Oracle B2B functionality. The default administrator user can create additional users and assign the following roles:
Remote administrator—This role has limited access to the Partners page. Users with this role can view and edit only their own design data (channels, documents, and so on); can view only those agreements for which they are a partner; and can access only their own run-time report data.
See Section 5.3, "Adding Trading Partner Users," for how to assign roles.
Other security features include:
Transport protocol-based security for HTTP, FTP, and SMTP exchanges
Digital envelopes and certificates
Digital signatures for host and remote trading partners
Integration with Credential Store Framework for storing all passwords and security credentials
Encrypted Key Store password for a host trading partner
See the following for more information about security:
Oracle B2B supports payload obfuscation before payloads are stored in the instance repository. The security infrastructure of Oracle Fusion Middleware is used to obfuscate, store, and retrieve the payloads, and ensure that payloads in wire messages, business messages, and application messages are visible to authorized users only. The encryption algorithm is not specifiable. Keys are stored in the Credential Store.
At run time, the payload is obfuscated before it is stored in the instance repository. When this payload is retrieved from the instance store during processing, it is automatically unobfuscated so that B2B engine processes it.
Similarly, in the outbound direction, if payload obfuscation is required, then the payload is obfuscated before it is stored in the instance repository. If exchange-level encryption is specified, then the payload is encrypted using the encryption scheme specified before it is put on the wire.
Payload obfuscation can be configured in Oracle Enterprise Manager Fusion Middleware Control. See Oracle Fusion Middleware Administrator's Guide for Oracle SOA Suite and Oracle Business Process Management Suite and Appendix C, "Setting B2B Configuration Properties in Fusion Middleware Control," for more information.
When you enable payload obfuscation, consider the following:
Large payloads, as defined in the Large Payload Size parameter on the Configuration tab, are not obfuscated because they are stored in a directory (file system) rather than the instance repository. Storing a large payload in the file system is a security risk.
The obfuscated payload can be accessed in the Oracle B2B interface only by authorized users who have access to the document type. The payload is unobfuscated and displayed in the interface for these authorized users. Other users cannot access the document type at all. The users can be provisioned to access document types. See Section 1.4.2, "Restricting Access to Document Types," for information about document-type provisioning.
Obfuscation is available for payloads that use multibyte characters, and is available for non-Oracle databases.
If you migrate instance stores that contain obfuscated payloads, then you must ensure that you export the Credential Store Framework (CSF) as well, because the CSF has the key to unobfuscate those payloads (the same key is used for obfuscation and unobfuscation). If this is a new store, then no migration is required because the key is created (if not already present) the first time the payload is obfuscated.
A payload that was obfuscated and persisted in Oracle B2B is passed unobfuscated to other SOA components within a composite application, when using the Default or JMS integration types. Users viewing this unobfuscated payload in other SOA components are responsible for ensuring that the payload is obfuscated and persisted securely, and that users are authorized to view the payload.
Oracle B2B supports payload security by restricting access based on document type. The following user permissions for document-type access are available:
Admin permission for all document types
With this permission, the user can add, access, edit, and delete all document types. This user also has access to administrative functions such as import, export, and purge.
Admin permission for specified document types
With this permission, the user can access, edit, and delete the specified document types for which he has permission. The user is not allowed to access, edit, or delete the restricted document types. The user cannot add new document types or have access to any administrative functions such as import, export, and purge.
Monitor permission for all document types
With this permission, the user can access and view (but not edit or delete) all document types.
Monitor permission for specified document types
With this permission, the user can access and view (but not edit or delete) the specified document types. The user cannot access and view the restricted document types.
The default administrator user can restrict document-type access to other roles as follows:
The host administrator can be granted access to all document types, in which case this user can restrict document-type access to other host or remote administrators.
The host administrator can be granted access only to specified document types, in which case this user cannot restrict document-type access to other host or remote administrators.
The remote administrator can be granted access to specified document types only, or all document types pertaining to the remote trading partner. In either case, the remote trading partner administrator cannot create document types in the system, or provision users for that particular remote trading partner. Users can only be provisioned by a host trading partner administrator user.
The host monitor can be granted view-only access to all document types or to specified document types, but cannot restrict document-type access to other users.
The remote monitor can be granted view-only access to all document types pertaining to the remote trading partner or to specified document types pertaining to the remote trading partner, but cannot restrict document-type access to other users.
Admin users with access to all Administration tab functions lose admin privileges when permission for any or all document types is assigned, and the Administration tab is no longer available.
See Task 3, "Add Document Types That the User Has Permission to Access" in Section 5.3, "Adding Trading Partner Users," for how to specify document-type access in the Oracle B2B interface.
When access to specific document types is restricted, consider the following:
New document definitions for a restricted document type cannot be added.
No document types can be imported, exported, or purged.
No document types can be modified on the Partners > Documents tab, as shown in Figure 1-1.
Figure 1-1 Accessing a Restricted Document Type from the Documents Tab
The restricted document types are listed, but details cannot be viewed or accessed, on the following tabs:
Administration > Document tab
Agreements that include document definitions for restricted document types cannot be modified or exported.
In a SOA composite with a B2B binding component, restrictions on document types are not in effect. All document types are available to any user in the B2B Configuration Wizard of Oracle JDeveloper.
As a business-to-business gateway, Oracle B2B is used to extend business processes to trading partners. When Oracle B2B is used in a SOA composite application, you can model an end-to-end business process integration.
Oracle SOA Suite provides a complete set of service infrastructure components for designing, deploying, and managing composite applications. The multiple technology components of a composite application share common capabilities, including a single deployment and management model and tooling, end-to-end security, and unified metadata management. See Oracle Fusion Middleware Developer's Guide for Oracle SOA Suite for more information.
In addition to messages, Oracle B2B can also send attachments and large payloads in a SOA implementation. See Appendix A, "Handling Large Payloads," for information about handling large payloads.
With the integration of Oracle B2B, Mediator, and BPEL components within Oracle SOA Suite, the XML Gateway Internal Delivery channels are not needed in Oracle B2B 11g to communicate with Oracle E-Business Suite. This can be achieved by using the Oracle Application Adapter available in Oracle SOA Suite.
The following example describes how the components of a SOA composite application are used to send a purchase order that originates from Oracle E-Business Suite, as shown in Figure 1-2.
Figure 1-2 An Outbound Purchase Order in a SOA Composite Application
The outbound purchase order (P. O.) is an XML document that participates in an end-to-end business process as follows:
An application, for example, Oracle E-Business Suite, initiates the P. O. process. The P. O. document uses the application-generated XML.
Oracle Mediator receives the P. O. from Oracle E-Business Suite. The P. O. is translated to canonical XML through XSLT Mapper, and is validated by using the schema obtained when the composite application was validated. Oracle Mediator routes the message to Oracle BPEL Process Manager.
Oracle BPEL Process Manager receives the P. O. from Oracle Mediator. Business processes such as human workflow, business rules, and error handling can apply before Oracle BPEL Process Manager sends the P. O. back to Oracle Mediator.
Oracle B2B receives the P. O. from Mediator, translates the P. O. to EDI native format, for example, and manages the interaction with the trading partner.
See the following for more information:
Section 2.5, "Using Oracle B2B in the Oracle JDeveloper Environment," for how to include a B2B binding component in a SOA composite application
Oracle Fusion Middleware Developer's Guide for Oracle SOA Suite for information about Oracle SOA Suite and SOA composite applications
The Oracle B2B samples guide you through the steps to create guideline files, design Oracle B2B transactions, deploy and monitor trading partner agreements, and create and deploy SOA composite applications. The composite applications include an Oracle B2B binding component and use the document definitions that you create in Oracle B2B.
Samples are available for the following document types:
These end-to-end samples are based on a scenario in which two trading partners, Acme and GlobalChips, participate in a transaction. Acme is the initiator (the buyer, in the case of a purchase order scenario) and GlobalChips is the responder (the seller in a purchase order scenario). In the HL7 sample, Acme (initiator) sends an ADT_A01 admit patient message and receives an ACK_A01 acknowledgment from GlobalChips.
The samples include instructions and sample document definition files for you to create all the documents, agreements, and SOA composites you need to run the samples. The completed SOA composite application is also provided for each sample.
You can download the samples from the Oracle SOA Suite samples.
The Oracle B2B cookbooks provide detailed information on the implementation of ebXML, EDI (EDIFACT and X12), and HL7 in Oracle B2B. The cookbooks include configuration steps, performance best practices, discussions of typical errors, and FAQs. To download the cookbooks, go to
See Section 2.1, "What You Need to Get Started with Oracle B2B," for the components required to use the samples and cookbooks.
The following components provide monitoring, configuration, and performance tuning capabilities for Oracle B2B:
See "Oracle B2B Performance Tuning" in Oracle Fusion Middleware Performance Guide for more information.
See "Oracle B2B Performance Tuning" in Oracle Fusion Middleware Performance Guide for more information.
See the following for more information:
Within the Oracle B2B interface, use the following for monitoring and configuration: