Encrypting Data Flow in a Business Process Service

In addition to the native security support provided by the underlying transports, you can provide additional security to transports by encrypting data flowing to a business process service through the Encryption and Decryption operations.

Before encrypting your data flow, determine the following:

Use the encrypt/decrypt or xmlencrypt/xmldecrypt security operations to explicitly specify security profiles for each encryption/decryption operation in a business process.
Use encryptautoprofile/decryptautoprofile or xmlencryptautoprofile/xmldecryptautoprofile security operations to use the same implicit security profiles for all encryption/decryption operations within a business process.

To encrypt data flow in a business process service:

Create a business process service.
Expand the SecurityService category in the Service Explorer to display the supported security operations.
Drag and drop one of the following SecurityService Operations onto your business process service:
- encrypt/decrypt
- encryptautoprofile/decryptautoprofile
- xmlencrypt/xmldecrypt
- xmlencryptautoprofile/xmldecryptautoprofile
If you used an encryptautoprofile/decryptautoprofile or xmlencryptautoprofile/xmldecryptautoprofile security operation, do the following:
1. Create a local business process variable.
  1. In the Business Process Variable section, right-click Local Variable and select New variable from the context menu to create a new variable.
  2. Select the new variable to display the Properties view.
  3. Define variable properties. Select the Reply-To Address variable type.
2. Define the properties of each operation in your business process as having a Reply-To Address Variable. Select the operation on the design canvas, and then select the Reply-To Address variable that you just defined.
3. Save your business process.
Define the business process input and output variables for the security operations. Do the following:
1. Select the Service Interface tab, and click Add under the Operation Parameters section.
2. Define the input and output parameters for the security operation as required.
  See the security operation listed in the Service Explorer for the specific parameters.
3. Save your business process.
Create the Assign activities. Do the following:
1. Open the Tool Palette, and drag three Assign activities onto the business process directly before and after each security operation. Connect your activities
  For example, Assign > Encryption Operation > Assign > Decrpytion Operation > Assign.
2. Map the values for the pre and post operation Assigns.
3. Save your business process.
Developing a Sybase Services Package Profile.
The Services Package Profile editor opens.
If you used an encryptautoprofile/decryptautoprofile or xmlencryptautoprofile/xmldecryptautoprofile security operation, configure the security profile ID.
1. Select the Access Configuration tab.
2. Select the transport definition you want to configure in the Transports section, and click Properties to display the Properties dialog box.
3. Select Transport Security Details in the left pane, and enter the security profile name in the security profile ID field.
  See the Runtime Management Console online help for more information on creating security profiles in the Security Console.
4. Click OK.

Next: Developing a Deployment Profile