Why XML encryption is important ?
In this blog I would like to discuss on XML encryption in a business scenario that uses web services. Have you ever thought of how a business that uses Web services to conduct online credit card transactions takes measures to ensure that the credit card numbers and other key information does not end up in the wrong hands ? Well it has been possible through the user name/password XML signature which enables you to sign a Web service message to ensure authenticity, data integrity and non-repudiation. This means that only the password will be secured with XML encryption, but not the full message content. So here is the first SAP solution provided by SAP NetWeaver Exchange Infrastructure to enable XML Encryption. Now, customers can ensure authenticity and confidentiality as they can encrypt entire Web service message payloads during the transport. By taking advantage of SAP NetWeaver XIâ€™s mapping capabilities and using them along with adapters, an SAP system can act as a Web services sender or receiver with non-Web services based interfaces. Thus, companies can map to multiple interfaces and route to multiple partners.
An Example on XML Encryption.
Suppose there are two business partners X and Y. Now business partner X wants to consume a web service from business partner Y but he does have an interface for that and also he does not want to develop one. In this case he can use SAP NetWeaver Exchange Infrastructure to access an existing interface without coding a web service client. The interface in this case can be an RFC enabled function module. Instead of calling another application business partner X will execute a call to SAP NetWeaver XI RFC adapter. As soon as the call is executed the RFC message is converted to XML by the RFC adapter and is passed to the integration server. This integration server maps the XML structure of the RFC message with the web service interface document structure. The SOAP adapter is used to encrypt the message leveraging the Web Services Security standard. Both SOAP and SAP NetWeaver XI protocols are supported by this standard. There are two keys : Public and Private. Public key in system Yâ€™s certificate is used by the SOAP adapter of system X to encrypt the message. This message when reaches system Y, it decrypts using its private key which is unique and known only to him. We should remember one thing that both system X and Y should be first configured to enable XML encryption.
Following are few brief steps for configuring XML encryption:
1.You need to deploy IAIK cryptographic library on the J2EE server of the adapter engine. It can also be downloaded from the SAP service marketplace at http://service.sap.com/sw-center .
2.Deploy Java Cryptographic Extension (JCE) to the Java Runtime Environment (JRE). Get the correct version (1.4) when you download JCE policy files. Check that the each file is about 5kb and if it is around 3kb then that means wrong version has been downloaded.
3.Create public and private key certificates for encryption and decryption. For creating a public key certificate the SAP J2EE Visual Administration toolâ€™s Key Storage service is used by the receiver.
4.Configure XML encryption or decryption in SOAP adapter communication channel.
For complete explanation on how to configure SAP NetWeaver XI adapter, and for the Partner Connectivity Kit for Web Services Security, please see the guide â€˜â€˜How To Configure Message Level Security in SAP XI 3.0,â€™â€™ available at http://service.sap.com/nw-howtoguides :- Exchange Infrastructure.
XML encryption comes as a part of SAP NetWeaver Exchange Infrastructure after the release of SAP NetWeaver 2004s and Support Package Stack (SPS) 15 of SAP NetWeaver 2004. The sap system supports synchronous scenarios for SAP NetWeaver Exchange Infrastructure SPS 19, or SAP NetWeaver 2004s Process Integration SPS 10 so these directions can be used to encrypt request as well as response messages.
So this was a brief overview of the use of XML encryption in a web service based scenario. I hope through this blog I am able to provide some useful information which might help you in some or the other way.
Updated SAP PI Blog News