Description of the illustration bpmag004.eps

The top of this illustration shows a box called Inbound client service request. Three boxes are connected to the bottom of this box. From left to right, they are named SSL (HTTP/S)*, J2EE Basic Authentication (HTTP)*, and BPEL Security Extensions. To the right of these boxes are the following words: Securing BPEL Processes: Transport Security and Authentication Methods. The box labeled SSL (HTTP/S)* has two arrows on the bottom that point below. The first arrow on the left points to a dashed box named Oracle Application Server. This arrow includes the following words: Certificate-based authentication with Oracle Wallet Manager. The second arrow on the left points to a dashed box named OC4J (inside the Oracle Application Server box). This arrow includes the following words: Certificate-based authentication with keytool. The box labeled J2EE Basic Authentication (HTTP)* has two arrows on the bottom that point below. The first arrow on the left points to a dashed box named Oracle Application Server. The second arrow on the left points to a dashed box named OC4J (inside the Oracle Application Server box). The box labeled BPEL Security Extensions has one arrow on the bottom that points below to boxes named, from left to right, Domain/Process Level Security, Java API, HTTP Binding, and SOAP over HTTP Binding. Each of these boxes are inside a box named Oracle BPEL Process Manager. The box named Oracle BPEL Process Manager is inside the box named OC4J, which itself is inside the box named Oracle Application Server.

The arrows that point below from SSL (HTTP/S)*, J2EE Basic Authentication (HTTP)*, and BPEL Security Extensions first pass through a fire wall before arriving at the destinations mentioned above. The asterisk (*) next to SSL (HTTP/S)* and J2EE Basic Authentication (HTTP)* is defined as follows at the bottom of the illustrations: With the Oracle BPEL Process Manager for OracleAS Middle Tier installation type, inbound client service requests that use SSL transport security and J2EE basic authentication are verified by Oracle Application Server. With the Oracle BPEL Process Manager for Developers installation type, inbound client service requests that use SSL transport security and J2EE basic authentication are verified by OC4J.