Skip Headers

Oracle Workflow Administrator's Guide
Release 2.6.3

Part Number B10283-02
Previous Next       Contents Index Glossary
         Previous  Next          Contents  Index  Glossary

E-mail Notification Security

Each individual e-mail notification message sent by a notification mailer includes a line containing a notification ID (NID), access key, and node identifier, which are used to authenticate responses to the notification.

The format of the NID line is as follows:


Responses by E-mail When a user responds to a notification by e-mail, the response message must include the NID line from the original notification message. A notification mailer accepts the response only if the correct NID and access key combination is included in the response. Users can ensure that the response message contains the NID and access key either by including the entire original message when replying or by using a response template that includes the NID line.

Note: Some mail clients, notably early releases of Microsoft Outlook Express, may not copy the NID line properly in a reply message. When responding to a notification, users should verify that the NID line is included in full and contains the prefix NID and all the details between the square brackets.

A user who receives an e-mail notification message may forward the message to another user through the e-mail application. When you configure a notification mailer, you can choose whether to allow a user to respond by e-mail to an e-mail notification that has been forwarded from another role.

Warning: Note that there are limitations when you deselect the Allow Forwarded Response parameter. For example, suppose a notification is sent to a distribution list mail alias that does not have a user/role relationship in the Oracle Workflow directory service. If any user from the distribution list responds to the notification, the notification mailer will always treat their notification response as unsolicited mail, because the "From:" e-mail address, which is an individual user's e-mail address, will never match the distribution list mail alias.

Responses through the Notification Detail Link Attachment HTML-formatted e-mail notifications with attachments and plain text e-mail notifications with HTML attachments include an attachment called Notification Detail Link. When this link is clicked, it displays the notification in the Notification Details web page. A user who receives a notification with a Notification Detail Link attachment can use this web page to respond directly to the notification, instead of sending an e-mail response message to be processed by a notification mailer.

In Oracle Applications, users must always log in before they can access the Oracle Applications Framework-based Notification Details page from the Notification Detail Link attachment.

In the standalone version of Oracle Workflow, when you configure a notification mailer, you can choose whether to require users to log in before they can access the Notification Details web page for a notification through the Notification Detail Link.

Allowing Responses Only through the Notifications Worklist

Ultimately, the security of e-mail notifications depends on the security of your e-mail application. If you do not want to allow responses based on e-mail, you can choose not to send e-mail notifications that enable responses. That is, do not allow users to choose MAILTEXT, MAILATTH, MAILHTML, or MAILHTM2 as their notification preference.

You can still choose to send e-mail summaries to users listing all their open notifications. To do so, schedule a Launch Summary Notifications event for a notification mailer. For the seeded Workflow Notification Mailer, the Launch Summary Notifications event is scheduled to send e-mail summary notificationis once a day by default. Users can indicate that they want to receive e-mail summaries by choosing SUMMARY as their notification preference. An e-mail summary message does not enable any direct response through e-mail to the notifications it lists. Instead, to respond to the individual notifications in a summary, users must log on to Oracle Workflow and access the notifications through the Notifications Worklist web page.

You can also optionally choose not to run any notification mailers at all. In this case users must always log on to Oracle Workflow and access the Notifications Worklist web page to view and respond to their notifications.

See: Implementing Notification Mailers

See: Notification Preferences

See: Plain Text E-mail

See: HTML-Formatted E-mail with Attachments

See: HTML-Formatted E-mail

See: Plain Text E-mail with an HTML Attachment

See: Setting Up Notification Mailers

See: Inbound Notification Mailer Processing

See: Overview of Notification Handling, Oracle Workflow User's Guide

         Previous  Next          Contents  Index  Glossary

Oracle Logo
Copyright © 2003 Oracle Corporation.

All rights reserved.