3 General Guidelines for Implementing Security Policies

This section offers an overview of security requirements and policies for integrating third-party applications with Oracle Sales Cloud.


About Secured Integration Patterns for Third-Party Applications

This section will provide an overview of various integration patterns within the context of security implementation and requirements for third-party applications. Each of the integration patterns illustrated comprises a client, service provider, and an applicable security integration pattern. Details of integration design, such as scenarios involving on-premise applications and their integration with the Cloud, are outside the scope of this section.

Client Applications

Integration of a third-party application results in an application's interaction or a transaction between that application and an Oracle Cloud service. In such an interaction, a client is the initiator of that transaction, where the client consumes either data or a service. The client can be a third-party cloud-based application running in the third party's cloud environment and accessing an Oracle Cloud service, or vice versa. In this context, a client can also be a script (Java script) rendered to a user's browser by the third-party cloud application, and invoking either the third-party cloud application itself or an Oracle Cloud service.

Service Provider

A service provider is typically the REST or SOAP endpoint or web-based application endpoint that is accessed by a client.

Integration Patterns

Integration of third-party cloud applications fundamentally involves one or both of the following high-level building blocks:

  • Web service integration between two applications -- a client application and a web service. Oracle Sales Cloud as well as a third-party cloud application can both play either or both of those roles, depending on the type of third-party cloud application you are implementing.

  • User interface integration (usually a user interface mashup) to provide an integrated and seamless experience for a user.

An integration solution for a third-party cloud application involves both web service and user interface integration. While there are many technical options available to achieve these integrations, Oracle recommends and supports a common set of integration patterns for Oracle Sales Cloud. This set takes factors such as interoperability, security, and usability into account. When implementing a solution for your cloud application, you will likely employ a one or more integration patterns from this common set.

Security Considerations

The following table provides a summary of the security considerations relevant to certain integration patterns.

Integration Pattern Security Considerations
A third-party cloud application acts as a client and accesses Oracle Sales Cloud web services (most common pattern).
  • An Oracle Cloud service could be a SOAP or REST service.
  • A third-party cloud application client must support the security policy exposed by the Oracle Cloud service.

An Oracle Cloud service acts as a client and accesses a third-party cloud application web service.
  • An Oracle Cloud service could be a SOAP or REST service.
  • A third-party cloud application service must expose the security policy supported by an Oracle Cloud client.

iFrame user interface mashup with a user token:

A Fusion Applications cloud service page embeds a third-party application cloud application page in an iFrame. An Oracle Cloud service propagates a JWT user token as a URL parameter.

  • A third-party cloud application must enforce proper security measures to prevent a user from being exposed to hidden frame or click-jacking vulnerabilities.
  • A third-party cloud application must validate the user token (using Fusion Applications Cloud-provided APIs) and authenticate user credentials independently to prevent malicious use of a JWT user token. The implementation of a JWT user token is essentially a signed assertion that represents user credentials from Fusion Applications. See Security Policies for User Interface Integration (including iFrames)

Web single sign-on/identity federation with SAML identity provider and a third-party cloud application environment acting as a SAML service provider.