Working with Security 26-15 schemaLocation=http:[HOST:PORT]AIAComponentsEnterpriseObjectLibraryRelease2 CoreCommonV2Meta.xsd xsd:schema types message name=Request part name=Request element=xacml-context:Request message message name=EBMHeader part name=EBMHeader element=corecom:EBMHeader message portType name=TransformAppContext operation name=TransformToAppContext input message=EBMHeader name=EBMHeader output message=Request operation operation name=TransformToAppNeutralContext input message=Request name=Request output message=Request operation portType definitions This service is implemented for the participating application and meets any integration scenario using that application. AIA recommends using BPEL with co-location to implement this service. ABCS should call this service using a dynamic partner link so that you can plug in other implementations of this service. TransformAppContextService is the property used to load the service implementation from AIAConfig property file. By default this property is not configured and the default implementation is used. The default implementation of this service is based on DVM and cross-reference. Whenever a new application or integration scenario is added, new DVM values must be populated but the service does not need to be changed.

26.7.5 Understanding the Structure for Security Context

The XACML Request element is used as the parameter to the app context structure. This request element carries participating application information and calling service information in addition to authorization information. Figure 26–5 illustrates the structure of XACML Request. 26-16 Developers Guide for Oracle Application Integration Architecture Foundation Pack Figure 26–5 Structure of XACML Request Figure 26–6 illustrates the structure of XACML Subject. Figure 26–6 Structure of XACML Subject Figure 26–7 illustrates the structure of XACML Resource. Working with Security 26-17 Figure 26–7 Structure of XACML Resource Figure 26–8 illustrates the structure of XACML Action. Figure 26–8 Structure of XACML Action Figure 26–9 illustrates the structure of XACML Environment. 26-18 Developers Guide for Oracle Application Integration Architecture Foundation Pack Figure 26–9 Structure of XACML Environment Example 26–5 shows the SEBL AppContext information that is sent to the security service. Example 26–5 Example of SEBL AppContext information Sent to the Security Service AIAAppContext xmlns=http:www.oracle.comAIAAppContext ServiceInfo ServiceNameO2C2SeibelABCSServiceName ServiceInfo ParticipatingAppInfo NameSiebelName Version8.0Version ParticipatingAppInfo Request xmlns=urn:oasis:names:tc:xacml:2.0:context:schema:cd:04 xmlns:xsi=http:www.w3.org2001XMLSchema-instance xsi:schemaLocation= urn:oasis:names:tc:xacml:2.0:context:schema:cd:04 http:docs.oasis-open.orgxacmlaccess_ control-xacml-2.0-context-schema-cd-04.xsd Subject Attribute AttributeId=siebel:user DataType=xs:string AttributeValueSAdminAttributeValue Attribute Attribute AttributeId=siebel:org DataType=xs:string AttributeValuesiebl1AttributeValue Attribute Subject Resource Resource Action Action Environment Request AIAAppContext

26.7.6 Using Attribute Names

Use these guidelines for attribute names: ■ Service information attributes: AIA:Service:Name - Name of the service calling the transform service Working with Security 26-19 ■ Participating application information attributes: AIA:ParticipatingApp:Name - Name of the participating application AIA:ParticipatingApp:Version - Version of the participating application AIA:ParticipatingApp:SystemID - unique identifier of participating application ■ Application attributes: AIA recommends using this convention for naming the attributes for all the applications: Application name: attribute name. ■ Application neutral attributes: AIA recommends using AIA as prefix for all the application neutral attributes. These are the application neutral attributes identified so far: User : to represent user BusinessUnit : to represent organization or operating unit

26.7.7 Propagating Standard Security Context through EBS and EBF