Description of the illustration bpmag002.eps

The top of this illustration shows a box called Inbound client service request. Three boxes are connected to the bottom of this box. From left to right, they are named SSL (HTTP/S)*, J2EE Basic Authentication (HTTP)*, and BPEL Security Extensions. To the right of these boxes are the following words: Securing BPEL Processes: Transport Security and Authentication Methods. The box labeled SSL (HTTP/S)* has two arrows on the bottom that point below. The first arrow on the left points to a dashed box named Oracle Application Server. The second arrow on the left points to a dashed box named OC4J (inside the Oracle Application Server box). The box labeled J2EE Basic Authentication (HTTP)* has two arrows on the bottom that point below. The first arrow on the left points to a dashed box named Oracle Application Server. The second arrow on the left points to a dashed box named OC4J (inside the Oracle Application Server box). The box labeled BPEL Security Extensions has one arrow on the bottom that points below to boxes named, from left to right, Domain/Process Level Security, Java API, HTTP Binding, and SOAP over HTTP Binding. Each of these boxes are inside a box named Oracle BPEL Process Manager. The box named Oracle BPEL Process Manager is inside the box named OC4J, which itself is inside the box named Oracle Application Server.

The arrows that point below from SSL (HTTP/S)*, J2EE Basic Authentication (HTTP)*, and BPEL Security Extensions first pass through a fire wall before arriving at the destinations mentioned above. The asterisk (*) next to SSL (HTTP/S)* and J2EE Basic Authentication (HTTP)* is defined as follows at the bottom of the illustrations: With the Oracle BPEL Process Manager for OracleAS Middle Tier installation type, inbound client service requests that use SSL transport security and J2EE basic authentication are verified by Oracle Application Server. With the Oracle BPEL Process Manager for Developers installation type, inbound client service requests that use SSL transport security and J2EE basic authentication are verified by OC4J.

Inside the box labeled Oracle BPEL Process Manager is a box named WSIF layer. The box has four arrows at the bottom that point to a box outside labeled Server on which partner link web service is running. These arrows are labeled, from left to right, WS-Security Compliant Services (SOAP Binding), Axis Services, J2EE Basic Authentication (HTTP), and Java and EJB Binding. To the left of these four arrows is an arrow connected to the bottom of the box labeled OC4J. This arrow also points down to the box labeled Server on which partner link web service is running. All five of these arrows are labeled Outbound Oracle BPEL Server client request, and all pass through a fire wall. To the right of these five arrows are the following words: Invoking Secured Processes: Transport Security and Authentication Methods.