You are on page 1of 124

TIBCO BusinessConnect™ Concepts

Software Release 5.3 May 2009

Important Information
SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE. USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN LICENSE.PDF) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME. This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc. TIB, TIBCO, TIBCO Software, TIBCO Adapter, Predictive Business, Information Bus, The Power of Now, TIBCO BusinessConnect, TIBCO Runtime Agent, TIBCO ActiveMatrix BusinessWorks, TIBCO Administrator, TIBCO Designer, TIBCO Rendezvous, and TIBCO Enterprise Message Service are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries. EJB, J2EE, JMS and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only. THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. SEE THE README.TXT FILE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM. THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME. THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES. Copyright © 1999-2009 TIBCO Software Inc. ALL RIGHTS RESERVED. TIBCO Software Inc. Confidential Information

Contents iii

|

Contents

Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x TIBCO BusinessConnect Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x Other TIBCO Product Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x Typographical Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii How to Contact TIBCO Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv

Chapter 1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Product Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Deploying BusinessConnect and Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Chapter 2 BusinessConnect Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
TIBCO BusinessConnect Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 TIBCO BusinessConnect Server Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Private Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 TIBCO Rendezvous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 JMS Transport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Public Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Relationship Between Private and Public Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 BusinessConnect Participants and Business Agreements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Participants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Business Agreements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Business Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Schemas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 System Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Database Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Proxy Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Chapter 3 Server Management Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Using TIBCO Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

TIBCO BusinessConnect Concepts

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Chapter 4 TIBCO BusinessConnect User Management . . . . . . . . . . . . . . . . . . . . . . . . EZComm Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Overview . BusinessConnect Super User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 TIBCO BusinessConnect Concepts . . . . . . . . . . . . . 35 TIBCO BusinessConnect User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DMZ Servlet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Transports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . BusinessConnect Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EDI Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Interior Component . . . . . . . . . . . . . . . . . . . . DMZ Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 TIBCO Administrator User Management . . . . . . . . . . . . . . . . 60 60 61 63 Chapter 7 Smart Routing . . . . . . . . . . . . . . 57 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 53 54 54 55 56 Chapter 6 BusinessConnect Deployment Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 TIBCO Implementation of AS Standards . . . . . . . . . . . . . . . . . . . . Participants Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Dual Firewall DMZ Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 TIBCO Administrator Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . RosettaNet Overview . . . . . . . . . 29 Using TIBCO Designer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Overview . . . . . . . . . . 43 TIBCO BusinessConnect Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Chapter 5 TIBCO BusinessConnect Transports and Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 TIBCO Administrator User Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SOAP Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Private Process Smart Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Public Transports . . . . . . 37 37 38 38 39 40 TIBCO BusinessConnect Group Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 SSHFTP Implementation in TIBCO BusinessConnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Single Server Mode . . . . . . Default Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Business Agreements Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .iv | Contents Using TIBCO ActiveMatrix BusinessWorks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TIBCO BusinessConnect Remote Overview .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 SSHFTP Support in TIBCO BusinessConnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 70 70 72 73 74 Chapter 8 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Using Certificates with TIBCO BusinessConnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Defining Rules for Public Smart Routing . . . . . . . . . . . . . . . . . . . . . 77 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Cipher Suites . . . . . . . . . . 84 Digest Algorithms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Non-Repudiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Non-Repudiation Logging Scenarios in TIBCO BusinessConnect . . . . . . . . . . . . 81 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . Distributing Workloads Among Engines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 Digital Signatures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Server Groups and Clusters . . . . . . . . . . 67 Public Smart Routing . . . . . . . . . . . . . . . . . . . . . . . . . Processing of Inbound Documents. . . . . . . . . . . . . . . . . . 91 Selecting Algorithms and Methods during Tunnel Negotiation . . . . . . . . . . . . . . . . . 80 Digital Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Authentication methods for SSHFTP . . . . . . 105 TIBCO BusinessConnect Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Encryption Algorithms. . 84 Public and Private Keys . . . . . . . .Contents v | Configuring Private Process Smart Routing . . . Routing Messages to the Designated Clusters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

vi | Contents TIBCO BusinessConnect Concepts .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 TIBCO BusinessConnect Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 BusinessWorks Communicating with TIBCO BusinessConnect . . . . . . . . . . . . . . . . . . . . Application Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TIBCO BusinessConnect Console . . . 50 Dual Firewall DMZ Mode . 6 Secure JMS Transport Diagram. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 BusinessConnect. . . . . . . . 36 TIBCO BusinessConnect Super User . . . . . 48 SSHFTP Tunnels . . . . . . 75 TIBCO BusinessConnect Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Load Balancing and Fault Tolerance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 TIBCO Designer . . . . . . 26 TIBCO Administrator. . . . . . . . . . . . . . . . 68 Message Queues and Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Smart Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 TIBCO BusinessConnect Private and Public Processes . . System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Physical Location of Public Transports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Server Group Assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Figures vii | Figures Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Figure 11 Figure 12 Figure 13 Figure 14 Figure 15 Figure 16 Figure 17 Figure 18 Figure 19 TIBCO BusinessConnect Installed and Deployed on One Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Installing and Deploying a Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 TIBCO Administrator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 TIBCO Administrator Super User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

viii | Figures TIBCO BusinessConnect Concepts .

not all operating system platforms for a specific software version are released at the same time. page xii How to Contact TIBCO Customer Support. Please see the readme. page xv TIBCO BusinessConnect Concepts . page x Typographical Conventions.txt file for the availability of this software version on a specific operating system platform. TIBCO BusinessConnect™ software is a B2B (business-to-business) gateway that allows your company to engage in electronic commerce with your business partners. Topics • • • Related Documentation.| ix Preface This software may be available on multiple operating systems. However.

This document is supplied for each release and is available only in PDF format. deprecated features. and manage) the BusinessConnect server. TIBCO BusinessConnect Palette Reference: Read this guide to learn about the resources available in the TIBCO BusinessConnect Palette for TIBCO BusinessWorks. TIBCO BusinessConnect Documentation The following documents form the BusinessConnect documentation set: • • • • TIBCO BusinessConnect Concepts: Read this guide to learn about TIBCO BusinessConnect architecture. protocols. TIBCO BusinessConnect Release Notes: Read this document to learn about new features. TIBCO BusinessConnect EZComm Protocol User’s Guide: Read this guide to learn about using TIBCO BusinessConnect EZComm Protocol. deployment modes. which may be used or integrated with BusinessConnect: • TIBCO Administrator™ software: The software allows you to manage users. TIBCO BusinessConnect Server Administration: Read this guide in order to administer (install. and security. EZComm is installed with TIBCO BusinessConnect. • TIBCO BusinessConnect Scripting Deployment User’s Guide: Read this guide to configure and manage TIBCO BusinessConnect using the command line interface. • • Other TIBCO Product Documentation You may find it useful to read the documentation for the following TIBCO products. therefore no separate installation guide for this protocol is provided. which is a recommended reading for new TIBCO BusinessConnect users. The TIBCO BusinessConnect Concepts . changes in functionality. machines and applications defined in a TIBCO Administration Domain.x | Related Documentation Related Documentation This section lists documentation resources you may find useful. and closed issues for each release. This guide contains a detailed tutorial. known issues. operate. TIBCO BusinessConnect Trading Partner Administration: Read this guide to configure and manage trading partners.

TIBCO Enterprise Message Service ™ software: This software provides a message service that enables integration of applications within an enterprise based on the Java Message Service (JMS) specifications. • TIBCO ActiveMatrix BusinessWorks™ software: This software is a scalable. The EAR can then be used by TIBCO Administrator for deploying and running the application. • • • • TIBCO BusinessConnect Concepts . TIBCO BusinessWorks includes a graphical user interface (GUI) for defining business processes and an engine that executes the process. TIBCO Designer™ software: This graphical user interface is used for designing and creating integration project configurations and building an Enterprise Archive (EAR) for the project. and easy to use integration platform that allows you to develop integration projects. TIBCO Rendezvous®: This software enables programs running on many different kinds of computers on a network to communicate seamlessly. and TIBCO Rendezvous®. monitor. extensible. the software suite includes the third-party libraries used by other TIBCO products such as TIBCO Designer. and start and stop TIBCO applications. In addition to TIBCO Runtime Agent components. Java Runtime Environment (JRE). It includes two main components: the Rendezvous programming language interface (API) in several languages. and the Rendezvous daemon. TIBCO Runtime Agent™ software: This software suite is a prerequisite for other TIBCO software products. TIBCO Hawk®.Preface xi | TIBCO Administrator graphical user interface enables users to deploy.

For example: Use MyCommand to start the foo process. code examples. This directory is referenced in documentation as TIBCO_HOME. The directory into which such products are installed is referenced in documentation as ENV_HOME. Other TIBCO products are installed into an installation environment. Table 1 General Typographical Conventions Convention TIBCO_HOME ENV_HOME Use Many TIBCO products must be installed within the same home directory. For example: MyCommand PathName TIBCO BusinessConnect Concepts . the default value is C:\tibco. Portlets are mini-applications that run in a portal. To indicate a variable in a command or code syntax that you must replace.xii | Typographical Conventions Typographical Conventions The following typographical conventions are used in this manual. filenames. on Windows systems the default value is C:\tibco. The value of TIBCO_HOME depends on the operating system. to indicate the default parameter for a command. For example. In large code samples. For example: See TIBCO ActiveMatrix BusinessWorks Concepts. to indicate what a user types. and output displayed in a command window. pathnames. For example. To introduce new terms For example: A portal page may contain several portlets. The value of ENV_HOME depends on the operating system. on Windows systems. code font Code font identifies commands. to indicate the parts of the sample that are of particular interest. For example: Type admin. if no parameter is specified. bold code font Bold code font is used in the following ways: • • • In procedures. For example. Incompatible products and multiple instances of the same product are installed into different installation environments. MyCommand is enabled: MyCommand [enable | disable] italic font Italic font is used in the following ways: • • • To indicate a document title. In command syntax.

Preface xiii | Table 1 General Typographical Conventions (Cont’d) Convention Key combinations Use Key name separated by a plus sign indicate keys pressed simultaneously. The tip icon indicates an idea that could be useful. you can select only one of the following parameters: MyCommand para1 | param2 | param3 TIBCO BusinessConnect Concepts . For example: Ctrl+C. for example. Ctrl+Q. Table 2 Syntax Typographical Conventions Convention [ ] Use An optional item in a command or code syntax. The note icon indicates information that is of special interest or importance. The warning icon indicates the potential for a damaging situation. For example. For example: MyCommand [optional_parameter] required_parameter | A logical OR that separates multiple items of which only one may be chosen. data loss or corruption if certain steps are taken or not taken. for example. For example: Esc. for example. Key names separated by a comma and space indicate keys pressed one after the other. an additional action required only in certain circumstances. a way to apply the information provided in the current section to achieve a specific result.

The first parameter must be param1.xiv | Typographical Conventions Table 2 Syntax Typographical Conventions Convention { } Use A logical group of items in a command. which can be either the pair param1 and param2. You can optionally include param2 as the second parameter. For example. the command requires two parameters. MyCommand param1 [param2] {param3 | param4} TIBCO BusinessConnect Concepts . the command can accept either two or three parameters. the following command requires two parameters. And the last parameter is either param3 or param4. or the pair param3 and param4. MyCommand {param1 param2} | {param3 param4} In the next example. Other syntax notations may appear within each logical group. The first parameter can be either param1 or param2 and the second can be either param3 or param4: MyCommand {param1 | param2} {param3 | param4} In the next example.

please contact TIBCO Support Services as follows.tibco. you can request one.tibco. and information about getting started with TIBCO Product Support. visit this site: http://www. • For an overview of TIBCO Support Services.Preface xv | How to Contact TIBCO Customer Support For comments or problems with this manual or the software it addresses.com/services/support • If you already have a valid maintenance or support contract. If you do not have a user name.com Entry to this site requires a user name and password. visit this site: https://support. TIBCO BusinessConnect Concepts .

xvi | How to Contact TIBCO Customer Support TIBCO BusinessConnect Concepts .

page 4 TIBCO BusinessConnect Concepts .|1 Chapter 1 Introduction This chapter provides a broad introduction to TIBCO BusinessConnect architecture. components. and various usage and deployment scenarios. page 2 Deploying BusinessConnect and Protocols. Topics • • Product Overview. It also explains the basic business and transport protocols used with TIBCO BusinessConnect.

and SOAP. Additionally you have the option of deploying the DMZ Component as a servlet which can run on a standard J2EE Web Application Server residing in your DMZ. TIBCO BusinessConnect supports multiple protocols (also called standards) for electronic commerce. TIBCO BusinessConnect includes these major features: • • BusinessConnect Server engine.1+ — WebLogic V10. • • • • TIBCO BusinessConnect Palette for TIBCO BusinessWorksTM Enhanced reporting. In Dual Firewall DMZ mode. RosettaNet.1+ — JBoss Enterprise Edition 4. It enables secure transmission of documents and messages between partners using disparate internal business systems.0. which handles transport. Trading partner management system and certificate store Non-repudiation database Audit log database Two deployment options: Single Server and Dual Firewall DMZ mode. making it especially familiar and easy-to-use for existing TIBCO customers.3. TIBCO BusinessConnect Concepts . a transport-oriented protocol • • • • BusinessConnect uses TIBCO AdministratorTM as its graphical user interface. and business message content User access control. where administrative users can set the access control permissions of other users. Access controls can be used to restrict which trading partner information a user can access in the administration interface. such as EDI. Supported web servers are: — WebSphere V6.2 | Chapter 1 Introduction Product Overview TIBCO BusinessConnect is a B2B (business-to-business) gateway that allows your company to engage in electronic commerce with your partners. TIBCO BusinessConnect can be deployed with a DMZ Component and an Interior Server component. using an export interface for repository log and audit data for use by the external reporting system Ability to receive emails from multiple email servers EZComm. messaging.

can be easily constructed with BusinessConnect. you will need to provide information about locations. For example. An operation is the sending or receiving of a business document. and security credentials. Local hosts and remote partners are both participants with very similar requirements in terms of identifying information and technical specifications. BusinessConnect gives you the flexibility to override individual aspects of an operation as needed for specific partners. HTTPS or email). It defines the transport method (for example. A business agreement defines the protocol (or protocols) you will use to exchange documents with your partner. BusinessConnect makes smart distinctions between the two in the user interface (for ease of use). When you set up operations at the system level for use with multiple partners. in configuring both types of participants. available protocols. an essential component of any B2B implementation. contacts. and the operations that each partner will be allowed to transact.Product Overview 3 | Business agreements. Each operation is associated with the type of document to be exchanged and the information needed to process the document or send and receive the document. TIBCO BusinessConnect Concepts .

deploy it using one of the deployment modes described in Deployment Modes on page 12. Figure 2 Installing and Deploying a Protocol Protocols (EDI. RN. it gets deployed through the TIBCO Administrator deployment screens. TIBCO BusinessConnect Concepts . Install TIBCO BusinessConnect on the machine where TIBCO Runtime Agent was previously installed. Installation of supported protocols is explained in the product documentation for each of these protocols. Figure 1 TIBCO BusinessConnect Installed and Deployed on One Machine TIBCO BusinessConnect Install TIBCO Runtime Agent Machine 1 System Administrator Deploy through TIBCO Administrator Deploys using underlying infrastructure TIBCO Administrator Machine 2 Once TIBCO BusinessConnect is properly configured. SOAP) TIBCO BusinessConnect TIBCO Runtime Agent Machine 1 System Administrator Deploy through TIBCO Administrator Deploys using underlying infrastructure TIBCO Administrator Machine 2 Install Once the protocol is installed.4 | Chapter 1 Introduction Deploying BusinessConnect and Protocols To install and deploy TIBCO BusinessConnect and protocols: 1. RosettaNet. 2. SOAP) on the machine where TIBCO BusinessConnect was previously installed. Install any of the supported protocols (EDI.

|5
Chapter 2

BusinessConnect Architecture

Topics
• • • • • • • TIBCO BusinessConnect Installation, page 6 TIBCO BusinessConnect Server Components, page 8 Private Processes, page 9 Public Processes, page 15 BusinessConnect Participants and Business Agreements, page 17 Operations, page 18 System Configuration, page 22

TIBCO BusinessConnect Concepts

6

| Chapter 2

BusinessConnect Architecture

TIBCO BusinessConnect Installation
Before starting the TIBCO BusinessConnect installation you need to understand the components comprising the TIBCO BusinessConnect architecture and how they interact. Figure 3 TIBCO BusinessConnect Components
Console in TIBCO Administrator

BusinessConnect Database

Configuration Store Audit Log Non-repudiation Log Runtime Store EZComm EDI Rosetta Net SOAP

BusinessConnect Server

BusinessWorks

In Figure 3, you can see three components: •
TIBCO BusinessConnect server This is a runtime engine that provides

services to the TIBCO BusinessConnect protocols. The protocols are responsible for the primary TIBCO BusinessConnect functionality, which is processing B2B transactions. The runnable version of the TIBCO BusinessConnect server is a BusinessWorks application and it is created when you deploy the TIBCO BusinessConnect application (see Deploying and Starting the BusinessConnect Application on page 48).

TIBCO BusinessConnect Concepts

TIBCO BusinessConnect Installation 7

|

TIBCO BusinessConnect database This database contains the following:

— Configuration information used by TIBCO BusinessConnect protocols The complete configuration information as well as guidelines are stored in the configuration store, TIBCO BusinessConnect database. In releases prior to 5.x, configuration information was stored locally in a repository file with an extension .dat. — Data log created by TIBCO BusinessConnect protocols — Runtime data used by the TIBCO BusinessConnect server and protocols TIBCO BusinessConnect database configuration and table creation are explained in TIBCO BusinessConnect Server Administration Guide, in section Set Up Database Information. •
TIBCO BusinessConnect console in TIBCO Administrator This console is used

by administrators to do the following: — Create the TIBCO BusinessConnect database — Configure participants and business agreements — View data logs created by TIBCO BusinessConnect protocols

TIBCO BusinessConnect Concepts

By placing a firewall between the DMZ and the rest of your system. There should be no data at rest in the DMZ. decryption. • Interior Engine This component performs the following tasks: — Handles all messaging level activities such as encryption. The servlet will operate using commercial web servers. see BusinessConnect Deployment Modes. you can protect against the threat of malicious communications. BusinessConnect shall provide a servlet which can act as the DMZ Component of a BusinessConnect implementation. To learn more about TIBCO BusinessConnect server components. The DMZ Servlet will need to stream data directly to the interior BC Server. Any deployment configuration change should trigger redeployment of both server components. such as document schema validation. TIBCO BusinessConnect Concepts . — Takes care of business level logic to be executed by an individual protocol. and digital signatures. The DMZ Component receives B2B communications directly from the Internet and performs SSL validation.8 | Chapter 2 BusinessConnect Architecture TIBCO BusinessConnect Server Components TIBCO BusinessConnect server is internally divided in two components: • DMZ (De-Militarized Zone) This component sits in the de-militarized zone and can have several restrictions on the networks it can access.

and communicate using TIBCO Rendezvous® (Rendezvous Certified Messaging RVCM) or JMS.EZComm.standardID. This applies to interactions on both the Initiator and Responder side. TIBCO BusinessConnect Concepts .Private Processes 9 | Private Processes Private processes in TIBCO BusinessConnect are processes internal to your company.EDI-X12.BC-ACME.RESPONSE • Acknowledgment of receipt of asynchronous request/response message: Property name: ackToPPSubject=prefix. They send data to or receive data from the TIBCO BusinessConnect server.BC.REQUEST • Response to Initiator’s private process from the local TIBCO BusinessConnect: Property name: responseToPPSubject=prefix.RESPONSE • Request to a Responder’s private process from the local TIBCO BusinessConnect: Property name: requestToPPSubject=prefix.standardID.BC.BC-ACME.fixed Example: AX.BC-ACME.EDI-X12.BC-ACME.standardID.ERROR TIBCO Rendezvous publishes this message globally. but a private process can also listen to it.ACK • Error notification: Property name: errorNotifySubject=prefix.BC.installation.RESPONDER.BC-ACME.BC-ACME.REQUEST • Response from Responder’s private process to the local TIBCO BusinessConnect: Property name: responseFromPPSubject=prefix.fixed Example: AX.fixed Example: AX.INITIATOR.installation.standardID.EZComm. TIBCO Rendezvous TIBCO Rendezvous Subject Names All TIBCO Rendezvous messages have a unique subject name.installation.BC.standardID.BC.RESPONDER.fixed Example: AX.standardID.installation.fixed Example: AX.EZComm.EZComm.RESPONDER.installation.INITIATOR. The following are the subject name formats: • Request from Initiator’s private process to the local TIBCO BusinessConnect: Property name: requestFromPPSubject=prefix.installation.BC.fixed Example: AX.

standardID: The business protocol. and ^type^ message control block tags let these components do extra validation on messages. For more information on aeRvMsg.RESPONSE RESPONDER. and structure. Refer to the individual protocols guide for the detail set of supported subjects.RESPONSE INITIATOR.REQUEST RESPONDER. the data is packaged in an envelope called the message control block. This refers to TIBCO BusinessConnect (BC) on TIBCO ActiveExchange (AX). Example: EZComm.10 | Chapter 2 BusinessConnect Architecture Not all of these subjects are available with all protocols. This appears in the Installation Name field in the BusinessConnect>System Settings > General Settings area. The ^pfmt^. This appears in the Installation Name field in the TIBCO BusinessConnect > System Settings > General Settings area. TIBCO BusinessConnect Concepts . see the TIBCO Adapter SDK Concepts manual.BC.REQUEST RESPONDER. • installation: The installation name. The following are the only possible values: — — — — — — INITIATOR. explanations. The following is a key to the italicized terms above: • prefix: The product or domain name. This section provides a brief overview of aeRvMsg. ^ver^. for example. The aeRvMsg message format is the TIBCO BusinessConnect standard message format. fixed: TIBCO BusinessConnect determines this internally depending on the type of message.BC. Example: BC-ACME.ACK ERROR • • aeRvMsg Message Format Messaging between private processes and TIBCO BusinessConnect uses the format. AX. The default is AX. aeRvmsg When a private process or TIBCO BusinessConnect uses the aeRvMsg format to package data before sending the data to each other. The installation and the prefix uniquely identify messages exchanged between an external private process and TIBCO BusinessConnect.

version 3. TIBCO BusinessConnect Concepts . the actual data is carried in the request or response field. such as an ERP system. it is the job of the private process to send a message in a proper format so that the server can process it. The value 1 is reserved for “AE wire format” with nested TIBCO Rendezvous messages. Value Constant value: 10 Constant value: 30 Constant value: 1 TIBRVMSG_INT ^type^ TIBRVMSG_RVMSG ^data^ In this message format.0 is needed (value=30). acceptance. or notify). Therefore. generates a document (request. and ^type^ tags precede the message. in which the data is an XML string. Specifies how the payload in the ^data^ tag is packed. the server expects it to conform to a certain structure. Once the message is received. The message that the private process or TIBCO BusinessConnect is packaging and sending. waits for any RVCM message that will arrive on the subject name on which it is listening. it is also the job of the private process to receive a RVCM message from the server and process it accordingly. within the ^data^ tag. in active state and running. the private process translates the raw Rendezvous message in an appropriate format and forwards it to the TIBCO BusinessConnect server. please refer to the TIBCO Rendezvous documentation about Distributed Queues and Certified Messaging. In turn. ^ver^. which is carried in the ^data^ tag. For more information about RVCM.Private Processes 11 | The aeRvMsg format is shown in Table 1: Table 1 The aeRvMsg Format Type TIBRVMSG_INT TIBRVMSG_INT Control Data Tag Name ^pfmt^ ^ver^ Description Package format Version of the TIBCO ActiveExchange message format. the ^pfmt^. The TIBCO BusinessConnect server. Payload. Rendezvous Certified Messaging (RVCM) When an internal application. In this case. The value 10 is reserved for XML.

12 | Chapter 2 BusinessConnect Architecture JMS Transport JMS Message Format The JMS messages consist of several properties and header fields. Regarding several different types of miscellaneous messages. such as the AE message. — operationID Mandatory.REQUEST Notice the following differences compared to TIBCO Rendezvous: • Subject names JMS destinations are not accompanied with the business protocol name.MYSERVER. This is the operation name of the business message.BC.INSTALLATION. or the correlationID from the published Responder request message that was expecting a synchronous response. This instance carries the names of the AE message fields in its key and the corresponding values in their values.jms. It is either global. AX. the smartID value is the Smart Routing ID that has been determined by the BusinessConnect server during the message processing through the Private Process Smart Routing. The header and property fields are as follows: — JMSType Mandatory.RESPONDER. such as BC/1. which helps the processing agent. • The payload (JMS message body). The suffixes are identical to the corresponding TIBCO Rendezvous message suffixes. to dispatch the messages to the corresponding listeners.Object Message. The type of the JMS-encoded messages is javax. is transferred as a serialized java. — JMSCorrelationID Mandatory. It exists only in messages sent from the BusinessConnect server towards the private process. If Smart Routing is configured and the incoming message is smart routed.0/Notify. the documentation of the individual business protocols can provide more details. It is defined as standardID in the AE messages encoded by TIBCO Rendezvous. The format is <the name of the business protocol>.HashMap instance. such as BusinessConnect Palette.util. For example.MESSAGETYPE_SPECIFIC_SUFFIX . The destination of the messages is: PREFIX. — smartID Optional. • TIBCO BusinessConnect Concepts .

.Private Processes 13 | JMS Transport Types Used for Various Messages Messages use the following JMS transport types: • Messages that carry either notifications.REQUEST. INITIATOR. TIBCO BusinessConnect Concepts .3 5. Secure JMS Transport Figure 4 Secure JMS Transport Diagram Private Private Process Process SSL BC BC 5.2. RESPONDER. such as error advisories with the suffix ERROR.0 EMSEMS TIBCO SSL Always act as SSL clients Legend EMS = TIBCO Enterprise Message Service BC = TIBCO BusinessConnect The secure JMS transport is closely integrated with the existing JMS transport on both the TIBCO BusinessConnect server and the private process side. Generally.ACK advisory which uses a JMS queue transport type. the explained behavior should be assumed. the capabilities are considered identical to those offered by TIBCO Enterprise Message Service. • Miscellaneous messages. This behavior may be overridden by individual business protocols. except for the RESPONDER. See messages sent on destinations with suffixes INITIATOR.REQUEST. use a JMS topic transport type.RESPONSE. and RESPONDER. if it is not specifically mentioned. or responses use the JMS queue transport type. requests.RESPONSE.

In addition to these sources. and confidentiality) to the business layer. Using the SSL Protocol. Secure JMS transport can only be used with TIBCO Enterprise Message Service as the JMS provider. refer to TIBCO Enterprise Message Service User's Guide. To configure the secure JMS transport for TIBCO BusinessConnect. integrity. see TIBCO BusinessConnect Trading Partner Administration Guide. It is assumed that the secure transport configuration on the TIBCO Enterprise Message Service provider has been done prior to using the server and the palette where the secure JMS transport is configured. For more guidelines on configuring secure JMS on TIBCO Enterprise Message Service. JMS Transport. JMS Palette.14 | Chapter 2 BusinessConnect Architecture The transport utilizes the SSL transport to provide security services (two-way authentication. TIBCO BusinessConnect Concepts . details on the client side configuration concepts are available in TIBCO BusinessWorks Palette Reference.

File Transport TIBCO BusinessConnect Concepts . Email Transport Chapter 14.Public Processes 15 | Public Processes Public processes involve exchanges of documents across the Internet using protocols such as HTTP/S. AS1 Transport Chapter 13. HTTPS. and SMTP. and HTTPSCA Transports Chapter 12. FTP/S. TIBCO BusinessConnect transport protocols and their implementation are explained in TIBCO BusinessConnect Trading Partner Administration Guide: • • • • • • • Chapter 6. Public Process Configuration Chapter 10. SSHFTP Transport Chapter 16. FTP and FTPS Transports Chapter 15. HTTP. These processes can start when the TIBCO BusinessConnect server receives a message in a proper format from the private process.

16

| Chapter 2

BusinessConnect Architecture

Relationship Between Private and Public Processes
Figure 5 shows a diagram that explains the relationship between public and private processes in a company using a TIBCO BusinessConnect server. Figure 5 TIBCO BusinessConnect Private and Public Processes
Company A Private Process Incoming Private Process BC Server RV/JMS Outgoing Private Process

Enterprise Systems

Internet

HTTP, HTTPS, SMTP, or FTP

Company B

Private Process Incoming Private Process

BC Server

RV/JMS Outgoing Private Process

Enterprise Systems

Legend RV = TIBCO Rendezvous BC = TIBCO BusinessConnect

You can use BusinessWorks to build these private processes, specifically using the tool TIBCO Designer, which is installed with TIBCO Runtime Agent. To learn more about working with this tool, Using TIBCO Designer.

TIBCO BusinessConnect Concepts

BusinessConnect Participants and Business Agreements 17

|

BusinessConnect Participants and Business Agreements

Participants
Participants store a variety of information about trading partners—from the very general, for example, the location of the company headquarters; to the detailed, for example, security credentials and available protocols. A participant profile details the basic identifying information for a host or partner as well as the required technical and security-related information. Participant profiles include information about business agreements; participant type (host or partner); business locations including contacts; security credentials; and business protocols. For more in formation on how to manage participants in BusinessConnect, see TIBCO BusinessConnect Trading Partner Administration Guide, Chapter 1, TIBCO BusinessConnect Participants.

Business Agreements
A business agreement details all of the information on which you and your partner must agree before you can exchange business documents with each other. Agreements revolve in large part around the chosen protocols. Each participant lists the protocols that are available for use by that participant. TIBCO BusinessConnect determines for you which protocols two participants have in common. For each protocol enabled for document exchange between the two participants, the following protocol-specific information is required: transport method, valid operations, and security. For more information on how to manage business agreements in BusinessConnect, see TIBCO BusinessConnect Trading Partner Administration Guide, Chapter 2, Business Agreements.

TIBCO BusinessConnect Concepts

18

| Chapter 2

BusinessConnect Architecture

Operations
An operation (also called transaction, transmission, message, or message type) is the submitting of an electronic document to a partner. An important part of preparing BusinessConnect for deployment is to define all operations that are valid for this B2B gateway. For example, a typical B2B implementation would allow purchase order, invoice, and receipt operations. Operations require detailed definitions. An operation definition is comprised of the following information: • • •
Name A name for the operation. Protocol The business protocol to be used to create the schema and carry out

the transaction. For more information about protocols, see Business Protocols.
Schema Defines what BusinessConnect can expect and what it should do with

the information it receives. For more information on schema validation, see Schemas.

Business Protocols
Business protocols provide a set of standards for use in defining both the content of electronic business documents and the operations — or technical tasks — required to carry out the transaction. Both parties to a transaction must use the same business protocol; otherwise, the recipient of the document will not be able to process it electronically. Participants identify which business protocols are available for use by that participant. When you create a business agreement, TIBCO BusinessConnect presents a list of business protocols that are common to both parties. A business protocol defines a set of behaviors and rules that trading partners agree on before exchanging business documents over the Internet. Through the sharing of a common protocol beforehand, trading partners can simplify their e-commerce transactions. The following is the anatomy of a business protocol: •
Process Definition of a high-level business process. This is the business logic

for message sequence, decisions, and roles for each trading partner in a transaction. Technical details are not addressed. •
Vocabulary and Data Dictionary The technical aspects of creating a business

message involve using vocabulary and data dictionary standards. — The vocabulary describes the structure and lists the elements in a message. This enables recipients to parse and validate XML and other types of message content. A vocabulary can be defined in a .dtd or .xsd file.

TIBCO BusinessConnect Concepts

the data dictionary lists the WidgetQuoteRequest element and defines the string data format for the type element.org/2000/10/XML"> <xsd:element name = "WidgetQuoteRequest"> <xsd:complexType> <xsd:sequence> <xsd:element ref = "widgetName"/> </xsd:sequence> </xsd:complexType> </xsd:element> <xsd:element name = "widgetName" type = "xsd:string"/> </xsd:> In this example.w3. and validation rules. Depending on the business protocol.0" encoding = "UTF-8"?> <!--Generated by XML Authority. Conforms to w3c http://www.w3. For example. This core defines the technical details of how trading partners exchange information. message structure. Elements in the data dictionary refer to fields like name: <?xml version = "1. However. retries. • Implementation Framework Core The vocabulary and data dictionary standards are in turn built on packaging the message and transferring it to a trading partner using an implementation framework core. this core includes areas like the transport protocols that partners agree to use. data formats for elements. and exception handling.org/2000/10/XML--> <xsd: xmlns:xsd = "http://www. The following is the structure of an implementation framework core: Partner Agreement Conversation Message Envelope Transport Protocol • Partner Agreement This is a specific agreement between partners. and security attributes that partners choose for their communications. these may include transaction types like notify and synchronous or asynchronous request-response. This is the key to interoperability.xsd file.Operations 19 | — Like a vocabulary. as well as options like time-outs. It refers to Security the particular conversation. For example. A data dictionary can be defined in an . • Conversation This includes certain communication options. TIBCO BusinessConnect Concepts . the data dictionary below provides the structure and elements in a quote request. a data dictionary can also define valid values for certain elements. Depending on the business protocol. any constraints. a data dictionary defines the structure and lists the elements in a message. transport protocol. this may also include technical details like the certificates file and the URL for HTTPS transport.

This envelope and message are then wrapped in an envelope provided by the transport protocol. and encryption. this may include HTTP. Schemas An XML Schema describes the vocabulary and structures that may appear within an XML instance document conforming to that schema. Schema Validation in BusinessConnect In BusinessConnect. this may include authentication. Also. XML. the documents may have markedly different contents. this may include MIME. By providing a common formal vocabulary for describing the terms on which information will be exchanged. non-repudiation. Security Depending on the business protocol. Schemas use their own formal grammars to express document structures and vocabulary. The following protocols are available for use with TIBCO BusinessConnect: • • • EDI (Electronic Data Interchange) SOAP RosettaNet More protocols may be available as you read this. or SMTP. If a set of documents uses the same schema. Contact TIBCO sales for more information. FTP. TIBCO BusinessConnect Concepts . Applications check documents against the schema. TIBCO BusinessConnect recognizes installed protocols and makes them available in dropdown lists as appropriate. but can share common processing. nested schema closures can be referenced with either relative or absolute paths. or CSV. • • Transport Protocol Depending on the business protocol. Each business protocol must provide a message envelope to carry the message body. access control.20 | Chapter 2 BusinessConnect Architecture • Message Envelope Depending on the business protocol. S/MIME. HTTPS. with the exception of the SOAP protocol where interfaces that use these nested schemas have been imported using the WSDL import tool. nested schemas of unlimited depth are supported for validation. and process them only if the document passes inspection (more commonly called validation). see documentation for the products TIBCO Designer and TIBCO BusinessWorks. File Specification Dialog for details) including the root schema. For the detailed information about schemas. schemas act as an easily enforced contract between senders and receivers (and creators and consumers) of information. They should be configured as file references (see TIBCO BusinessConnect Trading Partner Administration Guide.

the valid URI is as follows: • file:///<drive>:/dir1/dir2/<schema. there will be no further correlation between the original schema file resources and the imported schemas as long as the operations are not updated. TIBCO BusinessConnect Concepts . their location should not change compared to the configured location in the operations editor.xsd> if the file system is available on a different host. In addition. After the update on the palette-based project is completed.Operations 21 | It is recommended to use relative paths for closure references. In case a full path is preferred and the references are of type file. if the BusinessConnect palette-based private process imports operations that have been configured with such referenced schemas. This is because the content of the schema components are loaded into the BusinessConnect schema cache on demand from the specified location.xsd> for a mapped drive location • file://<host>/dir1/dir2/<schema. See the manual of the operating system for details on mapping or accessing remote/local file systems. If nested schemas are configured as file references. the original location — with the same path — must be accessible from the importing project (only) for the duration of the update.

The default database connection. See Security Credentials on page 37 for information about digital signatures. Data Stores TIBCO BusinessConnect uses two types of data stores: • • Runtime data store Configuration store • TIBCO BusinessConnect Concepts . Logging By default. received. along with the relevant digital signatures and a timestamp of when the transaction took place. which is accessible from the main TIBCO BusinessConnect console screen. Both tasks are performed in the JDBC Configuration area accessed from the System Settings link. recording when messages were sent. Database Connections TIBCO BusinessConnect requires a database to function: it uses databases for logging and data stores. You can configure TIBCO BusinessConnect to use different databases for different functionality if desired. See Assigning Logs/Stores to a Database on page 85 for details. For procedural information. or non-repudiation. Details of the transactions are stored by both partners’ databases. see Adding Database Connections on page 84. • Audit Logging Audit logs allow you to retrace the path of a transaction. and saved. for example. as well as any additional database connections. Non-Repudiation Logging Non-repudiation logs allow you to confirm the legitimacy of a transaction. For information about adding a database connection to TIBCO BusinessConnect. on page 75. TIBCO BusinessConnect logs audit and non-repudiation data to the default database. You can turn logging off if desired and you can assign logging to a different database. see Chapter 8. is important because a trading partner cannot deny a valid transaction later. Non-denial. can be configured using the Manage Installation feature. TIBCO BusinessConnect can log messages from the private process and the trading partner.22 | Chapter 2 BusinessConnect Architecture System Configuration This section provides conceptual information about configurable aspects of TIBCO BusinessConnect. System Settings. decrypted.

resend. Support for the outbound FTP transport protocols over the HTTP proxy server is limited. is for use by the TIBCO BusinessConnect engine itself. TIBCO BusinessConnect cannot function without a valid runtime database. For example. Different proxy server types are supported to provide for different types of outbound transports protocols: • • • HTTP Proxy and SOCKS4/ SOCKS5 For outbound HTTP transport protocols SMTP Server For outbound EMAIL transport protocols HTTP Proxy. Configuration Store The configuration store records all the information that you provide to TIBCO BusinessConnect. recording the same information that can be recorded in audit and non-repudiation logs plus information about hibernation.System Configuration 23 | By default. it stores information about business partners. configuration parameters. and alert messages. They can also provide additional security and cache resources. the data stores use the default database connection. Runtime Data Store The runtime data store tracks the information flowing through the engine. You can also assign proxy servers at partner participant level. TIBCO BusinessConnect Concepts . see TIBCO BusinessConnect Trading Partner Administration Guide. Proxy Servers Proxy servers allow users to connect to resources that might otherwise be unavailable. see TIBCO BusinessConnect Trading Partner Administration Guide. serving as a memory of what tasks it has already performed. You can configure TIBCO BusinessConnect to use a proxy server by identifying its location and the connection information. FTP Proxy and SOCK4 / SOCKS5 Proxy Servers For outbound FTP transport protocols. This information. You can assign a different database to the data stores using the window System Settings > JDBC Connections. however. database locking. Chapter 14. For information about how to assign proxy servers. allowing frequently accessed resources to be served more rapidly. Outbound Proxy Settings. For more information. and transport settings. FTP and FTPS Transports.

24 | Chapter 2 BusinessConnect Architecture TIBCO BusinessConnect Concepts .

page 29 Using TIBCO Designer. page 31 TIBCO BusinessConnect Concepts .| 25 Chapter 3 Server Management Overview Topics • • • Using TIBCO Administrator. page 26 Using TIBCO ActiveMatrix BusinessWorks.

configure process transports and TIBCO BusinessConnect components. or through the management screens (User. provides access to all of the top-level screens associated with the TIBCO BusinessConnect application and TIBCO BusinessConnect server configuration. Application.26 | Chapter 3 Server Management Overview Using TIBCO Administrator TIBCO Administrator is used to deploy and undeploy TIBCO BusinessConnect applications. Application Management Console Application Management The application management panel. and start and stop the TIBCO BusinessConnect server. You can access the necessary links and buttons through the application management node in the left panel. Figure 6 TIBCO Administrator. TIBCO BusinessConnect Concepts . Figure 6. and TIBCO BusinessConnect management) in the right panel). Resource.

TIBCO BusinessConnect Participants. exporting. see TIBCO BusinessConnect Trading Partner Administration. see TIBCO BusinessConnect Trading Partner Administration.Using TIBCO Administrator 27 | BusinessConnect The TIBCO BusinessConnect console. Figure 7 TIBCO Administrator. copying. and deleting operations. see TIBCO BusinessConnect Trading Partner Administration. Logs. Chapter 1. non-repudiation. exporting. adding new. TIBCO BusinessConnect Concepts . Chapter 4. Chapter 8. and resend logs. To manage business agreements. To manage participants. adding new. To manage operations. is one of the management consoles that opens in the right panel. Chapter 2. To manage logs. • and deleting participants. Figure 7. Participants This link is used for importing. Business Agreements. Log Viewer Operations Editor • This link is used for importing. Operations Editor. • This link is used for managing audit. such as: • Business Agreements This link is used for adding and deleting business agreements. see TIBCO BusinessConnect Trading Partner Administration. TIBCO BusinessConnect Console This console is used to manage all aspects of the TIBCO BusinessConnect application.

System Settings. Chapter 8. Logs. • System Settings This console lets you manage the following functions of your TIBCO BusinessConnect server. To generate reports.28 | Chapter 3 Server Management Overview • Reporting This link is used for generating reports for inbound and outbound transactions per protocol. Figure 8 BusinessConnect. TIBCO BusinessConnect Concepts . see TIBCO BusinessConnect Trading Partner Administration. System Settings — General Settings — Certificate Store — Outbound Proxy Settings — JDBC Configuration — Installed Protocols — Deployment Configuration — Metadata Configuration — Smart Routing Configuration — Credential Alerter — Utilities All functions that you can reach using the System Settings console are explained in TIBCO BusinessConnect Trading Partner Administration Guide. Chapter 5.

Figure 9 BusinessWorks Communicating with TIBCO BusinessConnect Company A Private Process Outbound Request (RV / JMS) BW Send RequestBC Response/ RV Notification HTTP/ HTTPS Internet Private Process Private Process (RV / JMS) Inbound Inbound RequestRequest HTTP/ HTTP/ HTTPS HTTPS Legend Request Reply RV = TIBCO Rendezvous BW = TIBCO BusinessWorks BC = TIBCO BusinessConnect BC BC RV BW Receive Request/ Notification RV Send Response BW Company B In Figure 9. BusinessWorks can either send requests to a TIBCO BusinessConnect server or receive replies from a TIBCO BusinessConnect server. you can create process definitions that serve as private processes for a TIBCO BusinessConnect installation. which has a process definition with the Receive Request/ Notification process starter. Company A implements a private process in BusinessWorks and uses the Send Request/Notification activity to invoke a pre-configured B2B operation on a TIBCO BusinessConnect server. Figure 9 illustrates BusinessWorks operating in conjunction with TIBCO BusinessConnect. TIBCO BusinessConnect in Company A sends the request to TIBCO BusinessConnect server at Company B.Using TIBCO ActiveMatrix BusinessWorks 29 | Using TIBCO ActiveMatrix BusinessWorks With the BusinessConnect Palette and BusinessWorks. TIBCO BusinessConnect Concepts .

and sends a response back to the TIBCO BusinessConnect server using the Send Response activity. It is not necessary for BusinessWorks to be used to implement the private process at both Company A and Company B. necessary for TIBCO BusinessConnect to be used at any site where BusinessWorks is used to send or receive TIBCO BusinessConnect messages. TIBCO BusinessConnect then routes the reply back to the original requestor.30 | Chapter 3 Server Management Overview This process definition receives the incoming request. TIBCO BusinessConnect Concepts . processes it. A different application can be used to send the request or receive the request. It is however.

designing. you will use TIBCO Designer as a modeling tool to design business processes as a part of your business-to-business integration. and testing BusinessWorks projects. It provides an integrated development environment including these components: • • • • Project directory Project resources Process design Activity configuration As shown in Figure 10.Using TIBCO Designer 31 | Using TIBCO Designer TIBCO Designer is an easy-to-use GUI for configuring. Figure 10 TIBCO Designer TIBCO BusinessConnect Concepts .

including the TIBCO BusinessConnect palette.32 | Chapter 3 Server Management Overview TIBCO Designer is used in the design time environment for designing and testing business processes and to prepare documents for secure transmission over the Internet. TIBCO BusinessConnect Concepts . To learn more about these palettes and how to work with the application. please refer to TIBCO Designer User’s Guide. It contains a number of native palettes.

page 35 TIBCO BusinessConnect User Management. page 34 TIBCO Administrator User Management. page 37 TIBCO BusinessConnect Group Management. page 43 TIBCO BusinessConnect Concepts .| 33 Chapter 4 TIBCO BusinessConnect User Management Topics • • • • Overview.

access restrictions can be narrowed for: • • • Trading Partner Configurations Business Agreement Configurations Logs and Reports The TIBCO BusinessConnect User Management feature has been designed with backward compatibility in mind. the user had read and write access to all BusinessConnect trading partner configurations. user access will remain the same as for previous versions of TIBCO BusinessConnect where user access rights to BusinessConnect were configured using only TIBCO Administrator User Management. Now.34 | Chapter 4 TIBCO BusinessConnect User Management Overview The User Management feature of TIBCO BusinessConnect expands upon the user management capabilities provided with TIBCO Administrator. with TIBCO BusinessConnect User Management. TIBCO BusinessConnect User Management provides the ability to manage access restrictions on users of the BusinessConnect administration console. User Access Audit Trail. see TIBCO BusinessConnect Trading Partner Administration Guide. a user can be further restricted to only have read and write access to particular trading partner configurations. If you don't use the BusinessConnect User Management feature. For example. TIBCO BusinessConnect User Management provides the ability to view an audit trail of a user's activities while using BusinessConnect. To learn how to audit all the activities that users perform on trading partners. previously when TIBCO Administrator User Management was used to give a user read and write access to BusinessConnect trading partner configurations. With TIBCO BusinessConnect User Management. TIBCO BusinessConnect Concepts .

• • • Read Access A user with read access to a resource can view that resource. The domain administrator automatically has Super User Access privileges. This access gives automatically the Read access. A user with write access to a resource can modify that resource. A Super User can: — manage all parts of a domain — add a machine to a domain — reset another user's password — add other users to the list of super users TIBCO BusinessConnect Concepts . Write access to a resource implies read access. See Figure 11 to review the permissions granted to the TIBCO Administrator Super User. The following is a summary of the access rights which can be assigned to resources managed through TIBCO Administrator. TIBCO Administrator User Access Rights To understand how BusinessConnect User Management access rights work in conjunction with TIBCO Administrator. it is important to understand how TIBCO Administrator user access rights work. Administer Access Super User Access A Super User has Read.TIBCO Administrator User Management 35 | TIBCO Administrator User Management TIBCO Administrator User Management allows you to create users and roles and assign them access rights to resources available in the administration domain. while the Write access can be added if desired. Write Access A user with administrator access to a resource can assign permission to other users and roles to access that resource. Write and Administer • permissions to all resources in the administration domain without explicitly having been granted those permissions.

see TIBCO BusinessConnect Trading Partner Administration Guide.36 | Chapter 4 TIBCO BusinessConnect User Management Figure 11 TIBCO Administrator Super User For more details about TIBCO Administrator user management. Using TIBCO Administrator User Management. TIBCO BusinessConnect Concepts . User Access Management. Set BusinessConnect Access Rights for a User. Managing Users and Roles. Chapter 3. BusinessConnect Component User Access Using TIBCO Administrator User Management. see TIBCO Administrator User’s Guide. Write or Administer access to the following components of BusinessConnect: • • • • • • • • BusinessConnect Participants Business Agreements Operations Editor Log Viewer Reporting System Settings User Management To set the BusinessConnect access rights for a user under TIBCO Administrator User Management. users can be given Read. Chapter 4.

if TIBCO Administrator User Management is used to give a user read but not write access to the BusinessConnect->Participants component. Once a user is created and given access rights to one or more components of BusinessConnect using TIBCO Administrator User Management. Delete Access (implies Read Access) A user with delete access to a participant has the ability to delete the participant's configuration from BusinessConnect. • Logs and Reports This setting is used to further restrict the user access rights for Log Viewer or Reporting. Read and write access rights to the Log Viewer and Reporting are controlled using TIBCO Administrator User Management. By default these access rights apply to all participants. This setting does not control the read and write access rights to the Log Viewer or Reporting. the access rights of a user can be reduced but never increased. users can be assigned access rights to all participants or to particular participants.TIBCO BusinessConnect User Management 37 | TIBCO BusinessConnect User Management The user management capabilities of BusinessConnect are integrated with the user management capabilities of TIBCO Administrator. that user can be added to BusinessConnect User Management and can have its access rights fine tuned with respect to trading partner. The following is a summary of the access rights users can be assigned to allow access to participant configurations under the BusinessConnect->Participants tab: • • Read Access A user with read access to a participant can view that participant's configuration information. • • Update Access (implies Read Access) A user with update access to a participant can modify the configuration settings of an existing participant. and reports access. For participants (Host or Trading Partner). business agreement. to apply to particular participants. granted using TIBCO Administrator User Management. Participants Access Rights Using TIBCO BusinessConnect User Management. The create access privilege can only be enabled for all participants. Create Access (implies Read Access) A user with create access can create new participants. With BusinessConnect User Management. you cannot use BusinessConnect User Management to grant the user Update Access for a participant. log viewer. TIBCO BusinessConnect Concepts . For example. the access rights of users can be further restricted by participant and business agreement.

Business Agreements. The create access privilege can only be enabled for all business agreements. • Delete Access (implies Read Access) A user with delete access to a business agreement has the ability to delete the business agreement's configuration from BusinessConnect. Delete Access All Business Agreements Read Access All Business Agreements Read. users can be assigned access rights to all Business Agreements or to particular Business Agreements. Log Viewer or Reporting. Default Access Rights When TIBCO Administrator User Management is used to give a user access rights to BusinessConnect Participants. Update and Delete Access All Participants Logs and Reports Access (user has Log Viewer read access for all participants) TIBCO BusinessConnect Concepts .38 | Chapter 4 TIBCO BusinessConnect User Management Business Agreements Access Rights For Business Agreements. Update. Create. • Update Access (implies Read Access) A user with update access to a business agreement can modify the configuration settings of an existing business agreement. the following describes the default mapping of those access rights under BusinessConnect User Management: Table 2 Access Right Mapping for BusinessConnect User Management Administrator Access Right Participants Read Access Participants Write Access Business Agreements Read Access Business Agreements Write Access Log Viewer Read Access BusinessConnect Access Right All Participants Read Access All Participants Read. The following is a summary of the access rights users can be assigned to allow access to Business Agreement configurations under the BusinessConnect->Business Agreements tab: • • Read Access A user with read access to a business agreement can view that business agreements's configuration. Create. Create Access (implies Read Access) A user with create access can create new business agreements.

csx file. Migration. TIBCO BusinessConnect Concepts . the TIBCO Administrator domain users must be imported first.TIBCO BusinessConnect User Management 39 | Table 2 Access Right Mapping for BusinessConnect User Management Administrator Access Right Log Viewer Write Access Reporting Read Access Reporting Write Access BusinessConnect Access Right All Participants Logs and Reports Access (user has Log Viewer read and write access for all participants) All Participants Logs and Reports Access (user has Reporting read access for all participants) All Participants Logs and Reports Access (user has Reporting read and write access for all participants) BusinessConnect Users When a TIBCO Administrator user is defined with access rights to TIBCO BusinessConnect and its components. The new BusinessConnect user will have its corresponding access rights for BusinessConnect User Management automatically set as described in the section Default Access Rights on page 38. When performing a full configuration data import from the TIBCO BusinessConnect 5. Chapter 5.3. as explained in TIBCO BusinessConnect Server Administrator’s Guide. If the TIBCO Administrator domain users are not available and the file .csx contains users.0 . that user can be manually added to BusinessConnect User Management or the user will be automatically added once the user logs on. these users will be automatically dropped from the migration.

A BusinessConnect Super User can assign super user privileges to other TIBCO Administrator users who are TIBCO Administrator Super Users or TIBCO Administrator users with read and write access privileges to all of the BusinessConnect components. The BusinessConnect Super User access rights are depicted in Table 3. To create a BusinessConnect installation. a user must be one of the following: • • • A BusinessConnect Super User A TIBCO Administrator Super User A TIBCO Administrator user who has been granted read and write access privileges to all of the BusinessConnect components under TIBCO Administrator User Management.40 | Chapter 4 TIBCO BusinessConnect User Management BusinessConnect Super User In addition to the TIBCO Administrator Super User. TIBCO BusinessConnect Concepts . Table 3 TIBCO Administrator User Role Assignments TIBCO Administrator User Super User who created the BusinessConnect installation Super User who did not create the BusinessConnect installation Regular user with Read/Write access to all BusinessConnect links Regular user with Read/Write access to only a few BusinessConnect links Regular user with Read access to all BusinessConnect links Could be assigned to a BusinessConnect Super User role Gains automatic access Yes Yes No No Has automatic BusinessConnect user management access Gains automatic access Yes No No No The TIBCO Administrator user who creates the BusinessConnect installation is automatically the BusinessConnect Super User. a TIBCO BusinessConnect Super User can use TIBCO BusinessConnect User Management to add other TIBCO Administrator Users to BusinessConnect and manage the access rights of those users. There must always be at least one BusinessConnect Super User.

If the users are removed from the TIBCO Administrator User Management by the TIBCO Administrator Super User. If the user permissions set in TIBCO Administrator for BusinessConnect> (Participants. a warning is shown about the inconsistent permissions. Update or Delete) for Participants. To delete a BusinessConnect Super User from BusinessConnect User Management. but the permissions set at BusinessConnect User Management are higher (such as Create. BusinessConnect Users will be automatically removed from the BusinessConnect User Access Control as part of the synchronization. you must first remove the BusinessConnect super user access right for this user. TIBCO BusinessConnect Concepts . or unless it has been explicitly assigned to be a BusinessConnect Super User. However. Read. Business Agreements or Logs and Reports. Users are still allowed to save after this warning. A trace is added about the removal of the user from the BusinessConnect User Management.TIBCO BusinessConnect User Management 41 | Figure 12 TIBCO BusinessConnect Super User A TIBCO Administrator Super User will always be allowed full access to the configuration information of TIBCO BusinessConnect. the TIBCO Administrator Super User will not be automatically assigned to be a BusinessConnect Super User unless it is the user who created the BusinessConnect installation. Business Agreements or Logs and Reports) are either Read or no permissions.

42 | Chapter 4 TIBCO BusinessConnect User Management TIBCO BusinessConnect Concepts .

Write Read. so the complete set of access rights for the user consists of those access rights assigned to the individual user plus those access rights allowed for each of the roles a user belongs to. User access rights can be easier to manage when roles or groups are used. Write Read. and has membership in roleA and roleB. Table 4 User Access For a User Belonging to Two Roles User Business Connect Participants Business Agreements Log Viewer Reporting Read Read Read roleA roleB Total Access Rights Read Read Read Read. TIBCO Administrator User Management uses the term Role instead of group. The access rights of a user belonging to a role include the access rights specifically assigned to the user. Write Read. as shown in Table 4. TIBCO Administrator Roles In TIBCO Administrator User Management.TIBCO BusinessConnect Group Management 43 | TIBCO BusinessConnect Group Management Both TIBCO Administrator User Management and BusinessConnect User Management have support for group access rights. Write Read. The following sections describe using TIBCO Administrator roles and BusinessConnect groups to assign access rights to a user. For example. plus the access rights of the role. you can define roles that have particular access rights. Write Read. Write TIBCO BusinessConnect Concepts . Write Read. There is no concept of being able to use a role to take away a user's access rights. and users can be assigned to one or more roles. Write Read. imagine you have a user named 'user' who has specific access rights for BusinessConnect.

Logs and Reports TIBCO BusinessConnect Concepts . Update. tpA.Read.44 | Chapter 4 TIBCO BusinessConnect User Management TIBCO BusinessConnect Groups In TIBCO BusinessConnect User Management. you can define groups that have particular access rights and users can be assigned to one or more groups. Table 5 User with Default Access Rights Default Access Rights of userA All Participants All Business Agreements Read.Read. Delete. Create.Read. The access rights of a user belonging to a group include the access rights specifically assigned to the user plus the access rights of the group. tpA access rights set to Read. suppose that userA is defined in TIBCO Administrator User Management to have the total set of access rights as follows: • • • • • BusinessConnect . Write These permissions map to the following default access rights for userA in BusinessConnect User Management which allow userA to have full access to all participants and all business agreements. Delete Suppose there is also a group defined in BusinessConnect User Management to provide read and write access to a particular trading partner. Update. and its associated Business Agreement as follows: • • Group Name: tpA Participant Permission: All participants access rights cleared. Group Access Right Examples For example. Create.Read. Update. BusinessConnect groups are the equivalent of TIBCO Administrator roles and behave similarly but use the access rights which are specific to TIBCO BusinessConnect.Read Log Viewer . Write Reporting . Write Participants . Write Business Agreements . Delete. so the complete set of access rights for the user consists of those access rights assigned to the individual user plus those access rights allowed for each of the groups a user belongs to. There is no concept of being able to use a group to take away a user's access rights. Logs&Reports Read.

TIBCO BusinessConnect Concepts . this would result in userA having Read permissions for participant tpA and the business agreement associated with tpA. However that would not solve the problem as userA would still have access rights to all participants and business agreements because of the logical ORing of userA's default access rights and the access rights of group 'tpA'. the access rights given to a user using BusinessConnect User Management are logically ORed with the access rights for any groups the user is assigned to.Read If userA is configured with BusinessConnect User Management so that the default access rights for Participants and Business Agreements are cleared and userA is configured to belong to group 'tpA'. suppose we have userA with TIBCO Administrator access rights for BusinessConnect as follows: • • • • • BusinessConnect . The total BusinessConnect access rights for the user are then logically ANDed with the total Administrator access rights for the user to determine the overall access rights for the user.TIBCO BusinessConnect Group Management 45 | • Business Agreement Permission: All agreements access rights cleared. you could try to assign userA to group 'tpA'. This will result in userA only having access rights to tpA as defined by group 'tpA'. you would need to clear the access rights for userA under Participant Permission->ALL and under Business Agreements Permission->ALL and then add Group Membership to group 'tpA' for userA. In other words. Write Reporting . To configure userA so that it only had access rights to tpA.Read Participants .Read Log Viewer . Write Business Agreements . As one last example of how TIBCO Administrator access rights work with BusinessConnect access rights. Business Agreement for tpA access rights set to Read. The userA would not get Update or Delete permissions because userA was only granted Read access for Participants and Business Agreements in its TIBCO Administrator User Management settings.Read. Delete If you wanted to restrict the access rights of userA so that userA would only have access rights for tpA instead of for all participants. Update.Read.

46 | Chapter 4 TIBCO BusinessConnect User Management TIBCO BusinessConnect Concepts .

page 53 TIBCO BusinessConnect Concepts . page 52 Protocols. page 48 SSHFTP Implementation in TIBCO BusinessConnect. page 50 TIBCO Implementation of AS Standards.| 47 Chapter 5 TIBCO BusinessConnect Transports and Protocols Topics • • • • Transports.

see TIBCO BusinessConnect Trading Partner Administration Guide. TIBCO BusinessConnect Concepts . For the physical transport location. HTTP.48 | Chapter 5 TIBCO BusinessConnect Transports and Protocols Transports Transports provide a set of standards for use in moving information across the Internet. see Figure 13. Chapter 10. and HTTPSCA Transports. Figure 13 Physical Location of Public Transports The following public transports are supported in TIBCO BusinessConnect: — HTTP. such as: • • • Within server components: TIBCO Rendezvous Between BusinessConnect and private processes: TIBCO Rendezvous or JMS Between TIBCO BusinessConnect and the Internet: public or private transports Public Transports Public transports can be used in TIBCO BusinessConnect as inbound or outbound. HTTPS. HTTPS. Different transports are used in the different parts of the process. and HTTPS (Client Authentication) For information about configuring this transport.

Chapter 13. Chapter 14. Chapter 15. see TIBCO BusinessConnect Trading Partner Administration Guide. see TIBCO BusinessConnect Trading Partner Administration Guide. Chapter 16. it can only save a file locally. FTP and FTPS Transports. see TIBCO BusinessConnect Trading Partner Administration Guide. see TIBCO BusinessConnect Trading Partner Administration Guide. — FTP and FTPS For information about configuring this transport. The File transport cannot transport documents across the Internet. SSHFTP Transport.Transports 49 | — POP3/SMTP (Email) For information about configuring this transport. TIBCO BusinessConnect Concepts . you can use scripts in conjunction with the File transport to transport documents from the local server to a remote server using any transport protocol available to you. File Transport. — SSHFTP (SFTP) For information about configuring this transport. However. Email Transport. — File For information about configuring this transport.

as described in RFC 4250 .ietf. if inactive.txt?number=4250 Only the SSH2 standard is supported: no SSH connections can be established with a server that is limited to using only SSH1.ietf.50 | Chapter 5 TIBCO BusinessConnect Transports and Protocols SSHFTP Implementation in TIBCO BusinessConnect The SSHFTP (SFTP) transport is one of the public transports used for TIBCO BusinessConnect and is introduced in version 5.0. will be removed by TIBCO BusinessConnect. Cache Timeout The cache timeout is time after which a tunnel will be removed if it is not in use (default is 2 hours).org/html/draft-ietf-secsh-filexfer-03. • SFTP BusinessConnect is compliant with the SFTP specification available at http://tools. The established secure tunnels. TIBCO BusinessConnect Concepts .2 3rd party SSH server implementation 1 tunnel / TP / transport (direction) 1 or 2 tunnels between any host and trading partner (1 tunnel if the inbound and outbound transport configuration is identical. It is used to establish multiple tunnels for secure communication between two participants. Figure 14 SSHFTP Tunnels SFTP subsystem enabled Trading TP Partner Host BusinessConnect 5.2.4254: http://www.org/rfc/rfc4250. 2 tunnels otherwise) Implementation of the SSHFTP transport is based on the following: • SSH The Secure Shell (SSH) standard is available in the public domain.

are explained in the TIBCO BusinessConnect Trading Partner Administration Guide. Chapter 15. as well as configuring of the cache timeout. SSHFTP Transport.SSHFTP Implementation in TIBCO BusinessConnect 51 | Properties for configuring the cache timeout are available on the server side. keep in mind that any new or pending transactions will use the tunnel that has been open after the configuration was changed. TIBCO BusinessConnect Concepts . All configuration steps for setting up trading partners for SSHFTP. When changing the cache timeout configuration.

2. AS1 Transport Overview. see TIBCO BusinessConnect Trading Partner Administration Guide. TIBCO BusinessConnect AS2 Transport 5. TIBCO BusinessConnect Concepts . see TIBCO BusinessConnect Trading Partner Administration Guide.2 Vendor applications can use this TIBCO implementation of the AS2 standard to exchange EDI documents over the Internet using S/MIME and HTTP/S.52 | Chapter 5 TIBCO BusinessConnect Transports and Protocols TIBCO Implementation of AS Standards TIBCO BusinessConnect uses the following implementations of the AS1 and AS2 standards for exchanging documents over the Internet: TIBCO BusinessConnect AS1 Transport 5. For more information. AS2 Transport Overview.2. For more information.2 Vendor applications can use this TIBCO implementation of the AS1 standard to exchange EDI documents over the Internet using S/MIME and SMTP.

see: http://www. Valid message structure is defined centrally. SOAP (Simple Object Access Protocol) is a lightweight XML-based messaging protocol for exchanging structured data. TIBCO BusinessConnect supports X12.ediinformation. and is considered complete when it reaches the receiving company. For more information.php TIBCO BusinessConnect Concepts .com/edi/edi. Unlike XML. Structured data is used to represent the data content of a document. Of the existing EDI standards. TRADACOMS. according to agreed message standards. in a standard way. EDI messages have a specialized structure and content. EZComm. by national or international committees. and Gateway. An EDI transaction is a one-way transaction. RosettaNet is a set of standards developed by a consortium of more than 400 companies.Protocols 53 | Protocols The TIBCO BusinessConnect platform supports the following protocols: • • • • • EDI (Electronic Data Interchange) allows companies to exchange structured data electronically. an easy-to-use data transfer protocol that allows you to securely exchange data over the Internet. EDI standards define how business documents should be encoded so documents can be interpreted at the receiving company. specialized software is required to encode and decode EDI messages. TEXT. EDIFACT. BusinessConnect Remote Client Service allows the light-weight BusinessConnect Remote software to operate with a BusinessConnect server that exchanges startup configurations for BC Remote to perform secure document exchanges with BusinessConnect server over AS2 EDI Overview EDI (Electronic Data Interchange) allows companies to exchange structured data according to agreed message standards. order or any other document type. such as an invoice. by electronic means.

XML is used to represent message data in a platform-neutral format.org SOAP Overview SOAP (Simple Object Access Protocol) is a network protocol developed by Microsoft and other contributors. which consists of an optional header and a body. offers encoding guidelines for data used in applications that exchange these messages.rosettanet.org/2000/xp/Group/ TIBCO BusinessConnect Concepts . or proper handling by the recipient. most of which correspond to hardcopy documents traditionally used in business. and support for serialized object references. SOAP provides a format for exchanging request/response messages over HTTP or HTTPS. The RosettaNet business protocol was designed to allow buyers. see: http://www. The RosettaNet Implementation Framework specifies information exchange between trading partner servers using XML. serves as the first element in the document and identifies it as a SOAP message. and provides rules for representing remote procedure calls (RPCs). The various forms of product data representation that exist in internal systems must be converted by internal company processes into a common RosettaNet compliant e-business document. The body contains the information sent to the receiver. RosettaNet Partner Interface Processes (PIPs) define business message schemas and process specifications. HTTP or HTTPS serves as the transport protocol. and intermediaries to conduct transactions over the Internet. The SOAP envelope. RosettaNet transactions involve the exchange of documents. sellers. routing. packaging. and trading partner agreement. For more information.w3. signals. The header allows the sender to add management or control information that can be used for routing. security. Partners can then interact without altering their internal systems. connection management. providing framing. For more information. see: http://www. transport. aggregators. SOAP defines the message package. SOAP messages are XML documents defined in a mandatory SOAP envelope. security. Data is represented differently in every company’s internal enterprise system.54 | Chapter 5 TIBCO BusinessConnect Transports and Protocols RosettaNet Overview RosettaNet is an international organization that has created a standardized XML-based business protocol for conducting electronic business transactions.

Protocols 55 | EZComm Overview EZComm is an easy-to-use data transfer protocol that allows you to securely exchange data over the Internet. TIBCO BusinessConnect Concepts . cancel transactions. including AS1. SSHFTP. and Asynchronous Request Response Supports electronic signing and message encryption/decryption Supports audit logging of all messages Enables interoperability with the legacy protocol tibXML Supports duplicate message detection. and binary data blobs Supports the following operations: Notify. plain text. AS2. HTTP/S. plain text. exchange of notices with trading partners. EZComm includes these features: • • • • • • • • • • Installs automatically with TIBCO BusinessConnect Supports most common transports. as well as XML. SMTP. FTP/S. and File Supports TIBCO Rendezvous and secure JMS Allows exchange of notices with trading partners Supports XML. and binary data blobs TIBCO BusinessConnect EZComm Protocol is explained in detail in the TIBCO BusinessConnect EZComm Protocol User’s Guide. Synchronous Request Response.

Appendix C. and at relatively at low cost. see TIBCO BusinessConnect™ Remote User’s Guide. For the complete information about this application. For more information about the audit log. see TIBCO BusinessConnect Trading Partner Administration Guide. The configuration data includes exchange of certificate credentials for encryption and digital authentication between the BusinessConnect Remote client service and the Business Connect server as well as the AS2 transport parameters. It allows large enterprises to enable their small partners to start performing E-commerce transactions rapidly. TIBCO BusinessConnect Concepts . The audit log viewer for the BusinessConnect Remote client service captures the audit trail of the startup request initiated by each BusinessConnect Remote client. TIBCO BusinessConnect Remote client service is a protocol that enables the BusinessConnect Remote client to download the configuration data from a BusinessConnect server in preparation for a secure document exchanges upon startup. with minimal setup.56 | Chapter 5 TIBCO BusinessConnect Transports and Protocols TIBCO BusinessConnect Remote Overview TIBCO BusinessConnect Remote is a light-weight software application designed to exchange business documents exclusively with a BusinessConnect server over the Internet using the AS2 transport. BusinessConnect Remote Client Service Audit Log.

Single Server mode and Dual Firewall DMZ mode. page 59 Dual Firewall DMZ Mode. Topics • • • Overview. page 60 TIBCO BusinessConnect Concepts . page 58 Single Server Mode. and their support for fault tolerance and load balancing.| 57 Chapter 6 BusinessConnect Deployment Modes This chapter explains two deployment modes.

Both deployment modes are described in detail in this chapter. but it does not support load balancing. Fault tolerance for a server running TIBCO BusinessConnect is achieved when one engine acts as active or passive backup to another engine. this mode supports fault tolerance. the backup engine starts and takes over the jobs that the first engine was processing. this mode supports both fault tolerance and load balancing. Load balancing among servers running TIBCO BusinessConnect components is achieved when more than one component shares reception of incoming messages.58 | Chapter 6 BusinessConnect Deployment Modes Overview BusinessConnect can be deployed in following two modes: • Single Server Mode Deployed on a single server. • Dual Firewall DMZ Mode Deployed on one internal server and one server outside the firewall running the DMZ Component . BusinessConnect allows you to add multiple engines to share load. If the first engine stops for any reason. TIBCO BusinessConnect Concepts .

use DMZ mode instead and follow the instructions provided in Dual Firewall DMZ Mode. Daemon Host. Network. must be set to support fault tolerance. Load Balancing in Single Server Mode Load balancing among multiple machines running in the Single Server mode is not supported. Daemon Port. such as Service. Assign Single_Server. they will automatically belong to the same group called Default. These parameters are set during deployment. Current implementation does not support multiple Single Server engines deployed on the same machine. you can deploy all components in the Single Server mode. No additional re-assignment of machines is needed. Activation Interval. TIBCO BusinessConnect Concepts . Fault Tolerance in Single Server Mode It is possible to install more than one machine in the Single Server mode in order to achieve fault tolerance. and Activation Delay. For more details.par.Single Server Mode 59 | Single Server Mode If your security needs are minimal. If you need to use load balancing. see TIBCO BusinessConnect Server Administration Guide. Heartbeat Interval. The Single Server component parameters. When you add machines for a server in the Single Server mode.

Multiple machines for the DMZ Component are usually set by users before TIBCO BusinessConnect is installed. and by configuring the DMZ Component with this hardware de-multiplexer. Figure 15 Dual Firewall DMZ Mode Machine 1 Machine 2 Interior Component DMZ Component DMZ Interior Inbound Queue Private Process Interior Outbound Queue Machine 3 Internet Private Process DMZ Component The DMZ Component can be installed to provide load balancing. TIBCO BusinessConnect Concepts . This is achieved by installing an external hardware de-multiplexer. This deployment mode handles the DMZ Component and the Interior component in a different way to achieve both fault tolerance and load balancing.60 | Chapter 6 BusinessConnect Deployment Modes Dual Firewall DMZ Mode The Dual Firewall DMZ mode provides stronger security by placing the DMZ Component on one machine behind your external firewall but in front of a second firewall that separates the DMZ Component from the Interior Server.

You will hen use the command -exportDmzServlet of the BusinessConnect Scripting Deployment tool to export the DMZ Component as a servlet. Because it resides in an Application Server. Unlike the DMZ Component. and for the DMZ Servlet this authentication is handled by the Application Server. FTP/S. FILE. Email. you first need to configure and deploy TIBCO BusinessConnect in Dual Firewall DMZ Mode. the DMZ Servlet represents a standalone DMZ engine which is separate from your BusinessConnect deployment. the HTTP Content-Length header is updated with the size of the uncompressed payload. Original-Content-Length. Inbound HTTP compression Inbound compressed messages that contain an HTTP Content-Encoding header with a value of gzip will have their contents automatically decompressed by the DMZ Servlet.war file that can be deployed in a standard J2EE Web Application Server. Creating a DMZ Servlet To create a DMZ Servlet. A custom header. This results in a . The uncompressed message is then sent to the Interior Server. TIBCO BusinessConnect Concepts . One advantage of using the DMZ Servlet is that it will stream inbound data directly to your interior BusinessConnect server engines without storing the data in the DMZ.Dual Firewall DMZ Mode 61 | DMZ Servlet The DMZ Servlet is different from the DMZ Component as it is meant to be deployed on a standard J2EE Web Application Server residing in your DMZ. SSHFTP transports are not supported. the HTTPS/CA authentication is handled inside that component. the CA certificate and server keys or certificates for the HTTPS/CA transports for the DMZ Servlet should be manually configured in the Web Application Server. For the DMZ Component. To make the decompression of the inbound message transparent to the Interior Server. The DMZ Component configuration is used to create the DMZ Servlet. HTTPS and HTTPSCA inbound transports only. Supported transports The DMZ Servlet supports HTTP. is added to the inbound message in case the original content size is needed by a business protocol.

The DMZ Servlet supports trace log files rotation. The max file size and max file number are configurable. The DMZ Servlet supports public smart routing for the public transport types HTTP and HTTPS/CA. the file DMZ.1+ — JBoss Enterprise Edition 4. HTTPS. It also supports routing for the AS2 transport’s AS2-To and AS2-From headers. Configuration File dmz. the DMZ Servelet is a standard J2EE Web Application and it works in any J2EE Web container. TIBCO BusinessConnect Concepts . Public smart routing for the DMZ Servlet functions the same as for the TIBCO BusinessConnect DMZ Component. HTTPS. At runtime. It is certified to work with the following popular Application Servers: — IBM WebSphere V6. In general. HTTPS. the DMZ Servlet doesn't need to access the configuration store database or TIBCO BusinessConnect engines any more. and HTTPSCA transports are not used by the DMZ Servlet Allowed inbound HTTP.dat After exporting.1+ — BEA WebLogic 10.62 | Chapter 6 BusinessConnect Deployment Modes Other Facts About the DMZ Servlet • The Configuration Store configurations about DMZ are loaded from a file and stored into a database during startup.dat.war contains the configuration file dmz. or HTTPSCA transports for partners located in the business agreement should be enabled for the interior engine to process messages received from the DMZ Servlet. You can configure the parameters of this file as follows: [Logger] loggerFileLocation=/home/bc/dmzlogs loggerLevel=INFO numberOfLogFile=99 maxSizeOfLogFile=2MB • • Large file location for HTTP.3.0 • • • The trace log level is configurable. HTTPSCA. • • The DMZ Servlet supports the following transports: HTTP.

the second server installed in the same group takes its role. Servers have no primary or secondary functions and the order in which they provide fault tolerance is based on the order in which they were started. There can be multiple groups. where servers are grouped as follows: • • • Servers 1 and 2 are in the fault tolerant group A Servers 3 and 4 are in the fault tolerant group B Servers 5 and 6 are in the fault tolerant group C Fault Tolerance for the Interior Component (DMZ Mode) Fault tolerance is achieved since each server in a group acts as a backup for the other server in the same group. 3. 5 Fault Tolerant Group A Interior Server 1 Interior Server 2 Fault Tolerant Group B Interior Server 3 Interior Server 4 Fault Tolerant Group C Interior Server 5 Interior Server 6 Figure 16 shows a configuration with three fault tolerant groups. Upon the first server’s failure.Dual Firewall DMZ Mode 63 | Interior Component Interior component can be deployed to provide both for fault tolerance and load balancing. servers are started in a sequence so that the server that starts first works until it fails. Engines 1. TIBCO BusinessConnect Concepts . and so on. In each of these groups. Figure 16 Load Balancing and Fault Tolerance Load Balancing. each containing two or more servers. while machines in different groups provide for load balancing among these groups. Machines that belong to one group provide for fault tolerance within that group.

• All required parameters The Interior component parameters. A rule-based routing mechanism makes decisions. Network. Heartbeat Interval. For more details. To learn more about public Smart Routing. see the following: • • TIBCO BusinessConnect Trading Partner Administration Guide. Daemon Port. must be set to support fault tolerance. These parameters are set during deployment.64 | Chapter 6 BusinessConnect Deployment Modes Load Balancing and Public Smart Routing for the Interior Component (DMZ Mode) Load balancing for the Internal component is achieved by adding multiple fault tolerant groups. such as Service. in case of the machine’s failure. Assign Interior_Server. see TIBCO BusinessConnect Server Administration Guide.par. Activation Interval. based on a combination of configurable conditions and dispatches workloads to the best fitting cluster for processing. you can distribute the workloads and alleviate the likelihood of bottlenecks by using multiple server cluster based on preset rules (predefined set of criteria). and Activation Delay. TIBCO BusinessConnect Concepts . these saved transaction records are transferred from the disabled machine to the one that takes over its function. You can modify the configuration of the Checkpoint database and any other databases by clicking on the connection alias. This way. Public Smart Routing Tab Public Smart Routing Configuring the Interior Component The Interior component running in the Dual Firewall DMZ mode must be configured with the following: • Checkpoint Database This database contains all checkpoints (transaction execution records) from an Interior component. Daemon Host. the connection for the Checkpoint Database is set and is named bc-check-point-db by default. Using public Smart Routing feature. When you initially set up TIBCO BusinessConnect.

page 69 TIBCO BusinessConnect Concepts . Topics • • • Overview.| 65 Chapter 7 Smart Routing This chapter explains the concept of Private Process Smart Routing and Public Smart Routing in TIBCO BusinessConnect. page 67 Public Smart Routing. page 66 Private Process Smart Routing.

66

| Chapter 7

Smart Routing

Overview
Messages that are routed in BusinessConnect fall into these categories: •
Messages received from trading partners These messages are commonly

referred as inbound messages from trading partners. These messages are processed using Public Smart Routing. •
Messages routed to the private processes

These messages are processed

using Private Process Smart Routing. Private Process Smart Routing makes it possible for users to route preferred messages to selected private process instances while other messages can be received and processed by the rest of the instances in the same or in the different BusinessWorks projects. Public Smart Routing uses a combination of configurable conditions and predefined set of criteria to dispatch the workloads to the best fitting cluster for processing of messages received from trading partners. The Public Smart Routing component in TIBCO BusinessConnect does not support Smart Routing for messages received from the private processes (outbound messages).

TIBCO BusinessConnect Concepts

Private Process Smart Routing 67

|

Private Process Smart Routing
TIBCO BusinessConnect allows you to define simple business rules to route messages to specific private processes. You can configure which messages should be routed to which private process instance using the BusinessConnect server through the TIBCO Administrator GUI. You can specify a set of business rules, such as to route all messages from the trading partner A to the host B towards the private process C.

Configuring Private Process Smart Routing
Smart routing requires the following: • • Configuring the TIBCO BusinessConnect server through TIBCO Administrator Configuring of the private processes through the BusinessConnect Palette in TIBCO Designer

Using TIBCO Administrator, you can set up the business rules and specify the smart ID to be assigned to messages that meet the conditions of the rule. Business Rules for Private Process Smart Routing Business rules identify a set of messages based on one or more of these variables: • • • • • Business protocol Sending partner Receiving partner Message direction (inbound or outbound) Operation ID

Using the BusinessConnect Palette, you can configure which private processes will receive messages that include specific smart IDs. As shown in Figure 17, private processes can inherit a smart ID from a shared resource but do not have to. You can specify no Smart Routing for a private process within a shared resource, and you can also specify a smart ID for a private process outside of a shared resource.

TIBCO BusinessConnect Concepts

68

| Chapter 7

Smart Routing

Figure 17 Smart Routing
TIBCO Administrator
TIBCO BusinessConnect System Settings SmartRouting Configuration Business Rules SmartID SmartID SmartID SmartID SmartID Event Source Inherits SmartID Event Source no SmartID

TIBCO Designer
BusinessConnect Palette Shared Resource SmartID

Event Source SmartID

To see the step-by-step explanation on configuring Smart Routing for private processes, see TIBCO BusinessConnect Trading Partner Administration Guide, Private Process Smart Routing. To see how to configure rules for Smart Routing for private processes, see TIBCO BusinessConnect Trading Partner Administration Guide, Create Business Rules for Private Process Smart Routing. Configuring Private Process Smart Routing for the TIBCO BusinessConnect Palette When you select the checkbox Use Smart Routing, a text field named Smart Routing ID becomes visible and editable. By enabling this option on the shared resource, you can allow for the referencing event sources to use the specified smart ID value and inherit changes in the ID's value made on the given shared resource. If you want the specific event source to define its own Smart Routing ID, the checkbox Shared Smart ID must be cleared and an individual smart ID can be specified to take precedence over the ID (if any) on the referenced shared resource.

TIBCO BusinessConnect Concepts

You can delegate a cluster for handling Email messages sent from a specific trading partner by defining a rule based on the sender address. By defining the proper rules. You can delegate a cluster for handling large messages by defining a rule based on the message size. you can strategically configure multiple clusters to prioritize and distribute workloads among a group of runtime engines so that you can optimize your hardware resources and maximize throughput. Here are a few examples: • You can delegate one cluster to process EDI documents and another cluster for process RosettaNet documents by defining rules based on the various transport types.Public Smart Routing 69 | Public Smart Routing TIBCO BusinessConnect allows you to define simple business rules in order to route inbound public messages coming from your trading partners to be processed by multiple clusters of load balanced engines. • • Public Smart Routing utilizes a rule based engine that evaluates based on a set of fixed and known attributes that are available for each transport type. Inbound public transports that are supported for Public Smart Routing are as follows: • • • • HTTP/S Inbound File poller Inbound FTP-Get poller Inbound Email poller The following sections discuss the concepts in details and describe the components that facilitate the functionality of Public Smart Routing: • • • • • Distributing Workloads Among Engines Processing of Inbound Documents Routing Messages to the Designated Clusters Defining Rules for Public Smart Routing Server Groups and Clusters TIBCO BusinessConnect Concepts . These attributes are checked against an inbound public message and the cluster that fits the best is designated for processing.

workloads could become a backlog and processing of documents pending in the queue can be delayed. • • • Processing of Inbound Documents In BusinessConnect. A Worker engine that is heavily loaded with inbound documents may slow down the processing of outbound requests to the trading partners. which results into a variety of documents being assigned to the Worker engine in a single queue. TIBCO BusinessConnect Concepts . Better hardware with high processing power may not be utilized efficiently within the cluster.70 | Chapter 7 Smart Routing Distributing Workloads Among Engines In a single cluster deployment. or on one of the interior runtime engines in the cluster behind the firewall. Documents received from specific trading partners that require faster response time may be delayed. such as EZComm and RosettaNet. For these transports. The public inbound transports belong to two major categories: DMZ runtime engines and interior runtime engines. DMZ Runtime Engines DMZ runtime engines host two main public transports: • • HTTP/S This transport includes AS2 and other MIME based messages. the Public Smart Routing component intercepts each incoming message and implements rule based logic in routing them to the internal clusters. a machine called Scheduler is selected and is responsible for dispatching each incoming document to a Worker engine for processing. Inbound File Poller This transport is protocol specific. the inbound documents from trading partners are received through inbound public transports that reside either in the DMZ runtime engines. Each Worker engine is configured identically in order to process documents in the same way. A rule-based mechanism alleviates the likelihood of bottlenecks in cases such as the following: • Large EDI documents may take hours to process while a small RosettaNet document that requires a synchronous response within minutes could time out. Under high load scenarios.

URI. Based on the set of rules configured for each available cluster. such as content type. These attributes serve as the criteria to define rules and determine a designated unit for processing. subject. TIBCO BusinessConnect Concepts . the Smart Routing component is disabled by default and the one and only one cluster always receives notification for each public inbound message. The inter-component message essentially triggers the processing of the inbound message by the corresponding selected cluster. the Public Smart Routing component intercepts each incoming Email and File message implements rule based logic in routing them to the internal clusters. content size. 2. The Smart Routing component intercepts each inbound message and evaluates the corresponding list of attributes based on the transport type. the Smart Routing component derives a destination cluster and publishes an inter-component message that notifies the selected cluster. and so on. Here is how the messages are processed: 1. If no rules are defined.Public Smart Routing 71 | Interior Runtime Engines The Interior runtime engines host the following: • • Inbound Email FTP-Get Pollers The inbound Email and FTP-Get pollers transports are running behind the firewall and are responsible for receiving public messages on the POP and FTP servers. Rule Based Message Processing Each transport type contains a set of fixed and known attributes available through the MIME headers. For these transports.

Q3) TIBCO BusinessConnect Concepts . Q3) Engine 4 (Q1. and can be load-balanced with more than one group of runtime engines.72 | Chapter 7 Smart Routing Routing Messages to the Designated Clusters The public event sources are responsible for routing the messages to the designated cluster using a message queue. A Scheduler machine within the cluster of runtime engines that participate in the message queue dispatches the message to a Worker engine for processing. where three of these engines are simultaneously participating in two clusters. Each runtime engine can be configured to process messages from more than one message queue. Figure 18 shows three message queues processed by three clusters that consist of six runtime engines. Q2) Engine 2 (Q1) Q3 Engine 5 (Q3) Cluster C processing Q3 Engine 6 (Q1. Figure 18 Message Queues and Clusters Inbound documents Cluster A processing Q1 Engine 1 (Q1) Q1 Cluster B consuming Q2 Smart Routing Component Q2 Engine 3 (Q2. The consumer of the message queue receives a notification messages from the public transport receivers and starts processing the messages from the queue.

greater_than (>). Each rule consists of one or more conditions Each condition consists of an attribute. a rule is satisfied when all or any of the criteria are met.Public Smart Routing 73 | Defining Rules for Public Smart Routing The Smart Routing component is responsible for placing the inbound public messages to the appropriate queue for processing. FTP-Get) dispatches to only one cluster of runtime engines. Each rule is bound to a single cluster and a cluster can be bound to multiple rules. and an operand Each attribute is defined based on the public inbound transport type. the following definitions apply: • • • • • • • Each public event source (DMZ. Operators. It evaluates an incoming message against a set of rules in a predefined order of precedence. A destination cluster is selected when the first rule satisfies the conditions set forth in each rule. less_than (<). and range — string operands support operators matches. and Operands The rules for defining clusters consist of the following elements: • • Attributes These are objects of a given type that extends the operand implementation by adding a name. such as the following: • • Email size is less than 1MB (Content_Size The sender address is less than 1. Operators These objects determine the relationship between two (or more) operands. and = — Boolean operands support the operator is TIBCO BusinessConnect Concepts . The Smart Routing rule is defined as a set of available email criteria based on the transport type. Each message queue is identified by one or multiple rules. Each runtime engine participates in one or more message queues.com (Sender = john@acme.com) Depending on the configurations. Each cluster contains one or more runtime engines.0 bytes) john@acme. Operators follow this rule: — numeric operands support the following operators: =.000. each cluster has a separate message queue. and transport property. For the multiple clusters of runtime engines. an operator. Email. Attributes. default value.

Once you have defined all conditions.152 bytes You can also use predefined (preconfigured) properties in expressions. such as the following: ((Content_Size greater than 1000. or have rules configured which define the way they will be used in the system. The routing mechanism based on the rules you have defined using the configurable conditions is now displayed in the field Rule Expressions. a rule for the routing mechanism is put together and displayed. .74 | Chapter 7 Smart Routing • Operands These are objects that are a string. Step 3. • File transport and messages which are larger than the currently specified threshold size: create a rule for the transport File and use the expression Large_File = true Server Groups and Clusters You will assign servers to fault tolerant groups using the procedure described in the TIBCO BusinessConnect Server Administrator’s Guide. you can create rules for different variations of the of the same protocol by using generic routing attributes. These fault tolerant groups of servers are later assigned to a cluster. a condition can have one attribute. numeric.097. To rout messages received using a certain protocol. For TIBCO BusinessConnect public Smart Routing. or Boolean. operator. Creating Smart Routing Rules In many cases. Smart Routing will occur when the file size is larger than 1KB and client authentication is not required. you can create the following rules: • • • HTTPS or HTTPS_CA: create a rule for HTTP and use the expression Secure_SSL = true FTPS: create a rule for FTP and use the expression Secure_SSL = true Any HTTP transport (HTTP/S/CA) and messages which are larger than 2MB: create a rule for the transport HTTP and use the expression Content_Size greater_than 2. Assigning (or adding) a group to a cluster does not mean that you are actually moving a group from one cluster to another: clusters can overlap and groups can share loads. Assign Components to Machines. TIBCO BusinessConnect Concepts . and one or more operands (in that order.0) and (Client_Auth is false)) In this case.

com are routed to group 2 for processing Emails with file sizes less than 1kB are routed either to group 1 or to group 2 for processing. these message would never be processed. G2. If Group3 was not assigned to NO MATCHING RULES. email messages will be routed as follows: • • • • Emails from the sender john@acme. where group 1 and group 2 will work in load balanced mode.com” G1 Cluster B Recipient = “peter@vidgets. Figure 19 Server Group Assignment Cluster A Sender = “john@acme.com).com” G2 Cluster X Content_Size less_than 1000. and Cluster_X (processing file sizes that are less than 1 MB in size) G3 (group 3) is not assigned on creation and by default it is assigned to NO MATCHING RULES • • When the described cluster rules are implemented. the server groups G1. and Cluster_X (processing file sizes that are less than 1 KB in size) G2 (group 2) is assigned to two clusters: Cluster_B (processing email from the recipient peter@vidgets. All other inbound messages from non-email transports. will also be routed to Group3.Public Smart Routing 75 | Assigning Groups to Clusters An example of server groups assignments to multiple clusters is shown in Figure 19.com).com are routed to group 1 for processing Emails for the recipient peter@vidget. such as HTTP or FTP. Emails from any other senders or recipients and file sizes greater than 1kB are routed to Group3. and G3 are assigned as follows: • G1 (group 1) is assigned to two clusters: Cluster_A (processing email from the sender john@acme. TIBCO BusinessConnect Concepts .0 bytes G1 G2 NO MATCHING RULES G3 In this example.

where it can be added or removed at any time. By default. If there are no groups assigned to this cluster. the following will happen: • • If the rule Sender = john@cme.com Cluster X: Content_Size less than 1.0 bytes If an inbound message comes in that corresponds to the rules Sender = john@cme.0 bytes comes first and is true.000. therefore. it is still listed under the cluster NO MATCHING RULES. Each time a service instance or a group is re-assigned. When an inbound document is received that does not match any of the defined rules. including the cluster called NO MATCHING RULES (the cluster with no rules defined). it is sent to this cluster. there are the following defined rules for the existing clusters: Cluster A: Sender = john@cme.com and Content_Size less than 1.000. NO MATCHING RULES One group can belong to multiple clusters.76 | Chapter 7 Smart Routing Assignment Order Inbound messages will be delivered to the cluster that is defined by the first matching rule.000. the first matching rule will decide the group assignment. you need to re-deploy the server. all non-corresponding messages will be discarded.0 bytes. If the rule Content_Size less then Cluster X will be used. all service instances are added to this cluster and later can be assigned to another cluster. TIBCO BusinessConnect Concepts .com comes first and is true. than 1. the message will be assigned to the cluster A. After you assign a fault tolerant group to a specific cluster. Any message may be evaluated as true for more than one rule and. In the example in Figure 19.com Cluster B: Recipient = peter@vidgets.

page 88 SSHFTP Support in TIBCO BusinessConnect. page 86 Non-Repudiation. page 78 Digital Signatures. page 85 Cipher Suites.| 77 Chapter 8 Security This chapter gives an overview of the security mechanisms supported by TIBCO BusinessConnect. page 80 Digital Certificates. page 91 TIBCO BusinessConnect Concepts . page 81 Encryption. Topics • • • • • • • • Overview. page 84 Digest Algorithms.

For more information.78 | Chapter 8 Security Overview This chapter gives you a brief overview of the security methods used in TIBCO BusinessConnect. like the signature on a paper document. TIBCO BusinessConnect determines which operations the sender is currently allowed (authorized) to perform by checking trading partner information in the repository. • Secure data Confidentiality of the business data is protected using encryption. • • Secure communication This is achieved using HTTPS over SSL or SSH. Authentication is based on X. combined with secret key algorithms). see Digest Algorithms and Cipher Suites. see Encryption. In a communication system. For more details. where permissions are set through binding to operations. or concealing of information from unauthorized parties. Encryption also achieves privacy. where the whole communication pipe is encrypted. Once the sender of a message has been authenticated. Encryption Encryption means that plain text is converted into ciphertext to prevent any but the intended recipient from reading the data. while the data integrity is protected by digest algorithms. TIBCO BusinessConnect uses PKI (public key infrastructure) in all situations where public and private keys are used. see Digital Certificates). • Authentication Aithentication is used to assure the identity of the partner with whom you are communicating. These algorithms are utilized by digital signature algorithms to provide authentication services. • Authorization Authorization is secured through trading partner management.509 certificates (for more information. Encryption is based on the use of private and public keys. TIBCO BusinessConnect Concepts . authentication verifies that messages do originate from their stated source. Use it only as an introduction and make sure that you understand how to protect your business data and communications by consulting other resources.

TIBCO BusinessConnect uses data encryption. Non-repudiation depends on the use of digital signatures (for more information. origin. For more information. or commitment. the partner may not be authorized to perform certain interactions. or for proof of ownership). see Non-Repudiation.Overview 79 | TIBCO BusinessConnect uses repository information to determine how it responds to a message from the partner. that is. for proof of obligation. In some cases. TIBCO BusinessConnect Concepts . • Non-repudiation This is a property achieved through cryptographic methods that prevents an individual or entity from denying having performed a particular action related to data (such as mechanisms for non-rejection or authority. see Digital Signatures). intent. In order to conceal information from unauthorized parties and to assure privacy of business data.

and non-repudiation. A digital signature includes the following parts: • • • A certificate authority’s distinguished name of the signer A sender’s public key (optional) The serial number of the signer’s certificate To enable non-repudiation. They bind a document to the possessor of a particular key. data integrity. To learn more about non-repudiation in TIBCO BusinessConnect. They can be used to provide data origin authentication. see Non-Repudiation. Digital signatures are used to bind information to the identity of its originator. and stores incoming messages in the non-repudiation database. which can be verified by using the corresponding public key. Digital signatures are verifiable transformation made on a piece of data by the private key. Non-repudiation depends on authentication using digital signatures. checks inbound public messages for a digital signature.80 | Chapter 8 Security Digital Signatures Authentication using digital signatures is done using S/MIME authentication. TIBCO BusinessConnect Concepts . TIBCO BusinessConnect uses S/MIME to add a digital signature to each outbound public message. It involves adding a digital signature to the outgoing message.

to identify itself during e-commerce.509v3. A certificate is like a driver’s license in that both are issued by a recognized authority (a CA or a governmental agency.Digital Certificates 81 | Digital Certificates Digital certificates are data strings that a Certificate Authority (CA) creates after the CA verifies the identity of an entity that has submitted a CSR (Certificate Signing Request). Then one party to a transaction—Party A—uses the other’s public key to encrypt the transaction data. A user can then use its certificate.509 standard. the user’s identity. Digital certificates are based on the trust that both trading partners hold in the certificate authority. such as X. such as: TIBCO BusinessConnect Concepts . which may in turn be authenticated by a certificate from an even higher-level CA. the CA’s signature on the certificate verifies the authenticity of the link between the user’s public key and the user’s actual identity. Certificates are specified by the X. When the CA signs and issues a certificate to a user. Then the other party—Party B—uses their own private key to decrypt the data. The three basic items in a certificate are the CA’s signature. respectively) and both identify the holder. and the user’s public key. Parties to a transaction exchange digital certificates. This results in a certificate chain. They expire on a pre-determined date. Some CAs are themselves authenticated using a certificate by a higher-level CA. as contained in its certificates file. Using Certificates with TIBCO BusinessConnect There are three kinds of certificates you will use while working with TIBCO BusinessConnect: Obtaining a Certificate A large number of certificate authorities (CAs) are in the business of providing digital certificates (also called SSL certificates) to authenticate the identity of the certificate holder. You can obtain an SSL certificate from the web site of any authorized certificate authority (CA). Digital certificates perform these functions: • • • • Certify the identity of the holder of the certificate Allow for non-repudiation of transactions Encrypt email messages Sign mobile code that can be downloaded by a web server These certificates contain both a private key for the certificate holder and a public key for distribution to partners.

For information. You will acquire a leaf certificate from a CA by sending a Certificate Signing Request (CSR).org Certificates Authority (CA) This is a trusted third party that validates identities and issues X. The root CA's certificate is unique in that it is a self-signed certificate. Each certificate in the chain verifies the authenticity of the certificate that follows. TIBCO BusinessConnect supports X509 certificates versions 1. see TIBCO BusinessConnect Trading Partner Administration Guide. which means that it is self-signed. • Root certificates The certificate issued by the highest level certificate authority (CA) is called the root certificate.509 certificates by signing the certificate with its signature. • Leaf certificates These certificates are issued to you directly from a CA.verisign.ietf. The CAs that are directly subordinate to the root CA in the CA hierarchy have CA certificates that were verified and signed by the root CA. beginning with a Root certificate and ending with the user’s X. Root certificates from well-known certifying authorities. All digital certificates used in TIBCO BusinessConnect must be compliant with the PKIX standard RFC #3280.82 | Chapter 8 Security • • VeriSign: http://www. You can add CA certificates directly to the certificate store outside of the partner configuration process. which described on the following website: http://www.geotrust. The root certificate authenticates its own signature. Certificate Chain A certificate chain is a list of certificates. 2. or Thawte.com/ GeoTrust: http://www.com/.509 certificate. and 3. which determine the certificate issuers that the software can trust. Certification is achieved by the presence of a digital signature belonging to the authority issuing the certificate and authenticated by the preceding certificate in the chain. TIBCO BusinessConnect Concepts . Add Certificate Authority. They are also called identity certificates. which is associated with the private key of your server. such as Verisign. Any client or server software that supports certificates has a collection of trusted CA certificates. It is signed by the root CA itself. are distributed with applications and kept in an application’s trusted certificate store.

The supported format is PKCS#7 certificates only. Each trading partner then installs the other partner’s certificates file. the key identity file relates to the trading host and certificates file(s) relate to any trading partner(s) that the host has. in a central location: the credential store.org Certificates File A file that contains the private key’s certificate chain. The certificates file defines how each trading partner should expect the other to identify itself in e-commerce transactions. Hosts require a private key in addition to a public key certificate.Digital Certificates 83 | To learn how to obtain a leaf certificate using CSR. and 3. and intermediate certificates. partners only include public key certificates. see TIBCO BusinessConnect Trading Partner Administration Guide. For a host to verify the validity of a trading partner’s certificate. Storing Certificates A certificate exists in a system file. Trading partners exchange certificates files during the setup phase of their relationship. the host must trust each CA’s certificate in the certificate chain within the trading partner’s certificates file. Create New Identity. TIBCO BusinessConnect Concepts .p7c. it contains no private key and is not protected with a password. leaf. which is described on the following website: http://www. When setting up an installation for e-commerce.ietf. including root. 2. All digital certificates used in TIBCO BusinessConnect must be compliant with the PKIX standard RFC #3280. To exchange business documents with a trading partner you must store the certificates as part of that participant.p7b and . which can have file extensions like . TIBCO BusinessConnect supports X509 certificates versions 1. TIBCO BusinessConnect stores all certificates. Unlike a key identity. • Intermediate certificates The certificates in the chain that lead up to the highest-level CA are called subordinate or intermediate certificates.

The extension of the private key file name is most commonly referenced as .p7b and . Private Keys Private keys are used to decrypt data and to sign messages.TIBCO BusinessConnect supports the PKCS#7 public key identity format. All public and private keys are saved in the certificate store. It also supports storing of individual X509 certificates in PEM (base64) and DER (ASN. but it may be anything else as long as the data in the file is compliant with the PKCS#12 specification. TIBCO BusinessConnect Concepts . Public Keys Public keys are given to trading partners so that they can encrypt data and verify signatures. The person who created the ciphertext message cannot decrypt their own message since they don’t have the private key it was encrypted for: only the holder of the matching private key can decrypt the message encrypted with a specific public key.p7c.p12. S/MIME This message packaging and signing protocol uses public and private keys to enable encryption and unencryption of a message. Each public key-private key pair must be certified by a Certificate Authority (CA) before it can be used for a business transaction. SSH This protocol provides transport layer security with both server and client authentication by establishing a secured channel through key negotiation and strong encryption algorithms. while only the recipient can decrypt such message. Public key encryption is based on the premise that anyone is permitted to encrypt a message intended for a recipient. Public and Private Keys PKI (Public Key Infrastructure) is the method used by TIBCO BusinessConnect to validate private and public keys.1 Distinguished Encoding) formats. which comes in the following file formats: .84 | Chapter 8 Security Encryption Encryption is available through the following security mechanisms: • • • SSL This protocol uses public and private keys to enable encryption of the transport protocol on which an encrypted or unencrypted message travels.

which considers the data moved through it opaque. parties can be certain that the document has been created by the signing party and that it was unaltered since its signing. see TIBCO BusinessConnect Server Administration Guide. These options can be used independently from the other. TIBCO BusinessConnect offers these digest algorithms to verify digital signatures: • • MD5 SHA1 Encryption Algorithms Encryption algorithms are used in two different contexts: • • Transport layer Business layer In the transport layer. You and your business partner must use the same encryption algorithm. business documents' payloads are encrypted as per the specification of the given business protocol. If verification is successful. The negotiation of the symmetric keys takes place by an asymmetric algorithm utilized and defined in SSL/TLS or SSH. decryption is not possible. However. Install Unlimited Strength JCE Policy Files. you may not achieve full-strength encryption. The larger the algorithm bit size. TIBCO BusinessConnect Concepts . if your JCE policy files are limited strength. The procedure of verifying that no unauthorized changes were made on the signed content is called the “verification of the digital signature”. the more secure the encryption. For more information about JCE policy files. the encryption takes place on the transport connection.Digest Algorithms 85 | Digest Algorithms Digest algorithms—utilized in digital signatures—provide help in detecting changes in the signed payload since the signature has been generated on the content. The number included in the name of the algorithm is the number of bits. otherwise. In the business layer. This is independent of the bit size of the certificate. There are multiple encryption algorithms available for use.

86 | Chapter 8 Security Cipher Suites The following cipher suites are supported for BusinessConnect: Export and Stronger TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) TLS_RSA_WITH_RC4_128_SHA (0x005) TLS_RSA_WITH_RC4_128_MD5 (0x0004) TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00a) TLS_RSA_WITH_DES_CBC_SHA (0x0009 TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003) TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006) TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008) TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) TLS_DHE_DSS_WITH DES_CBC_SHA (0x0012) TLS_DHE_DSS_EXPORT_WITH_DES40_CBC-SHA (0x0011) TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015) TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) Stronger than Export TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00a) TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) TLS_RSA_WITH_RC4_128_SHA (0x005) TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) TLS_RSA_WITH_RC4_128_MD5 (0x0004) TLS_RSA_WITH_DES_CBC_SHA (0x0009 TLS_DHE_DSS_WITH DES_CBC_SHA (0x0012) TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015) 128-Bit and Stronger TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00a) TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) TIBCO BusinessConnect Concepts .

Cipher Suites 87 | TLS_RSA_WITH_RC4_128_SHA (0x005) TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) TLS_RSA_WITH_RC4_128_MD5 (0x0004) Stronger than 128-Bit TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00a) TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) 256-Bit and Stronger TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) Supported SSH Ciphers AES128-CTR* AES128-CBC AES192-CTR* AES192-CBC AES256-CTR* AES256-CBC BLOWFISH-CTR* BLOWFISH-CBC* TWOFISH128-CTR* TWOFISH128-CBC TWOFISHh192-CTR* TWOFISH192-CBC TWOFISH256-CTR* TWOFISH256-CBC CAST128-CBC 3DES-CTR* 3DES-CBC ARCFOUR128 ARCFOUR256 ARCFOUR* SSH* * Ciphers that can not be selected from the BusinessConnect GUI. TIBCO BusinessConnect Concepts .

TIBCO BusinessConnect uses digital signatures. certified document should ensure that the sender cannot deny sending the message and the receiver cannot deny receiving it. This approach to non-repudiation uses public key signatures to provide authentication.88 | Chapter 8 Security Non-Repudiation Non-repudiation is a technical solution to a legal issue: it prevents trading partners from falsely denying having participated in a communication or denying the validity of the communication or its parts. See TIBCO BusinessConnect Trading Partner Administration Guide. a non-repudiation protocol for a digital. TIBCO BusinessConnect Concepts . For example. and logging to support the following non-repudiation scenarios: • • NRO (Non-Repudiation of Origin) NRR (Non-Repudiation of Receipt) Only signed MDN receipts can be logged in the TIBCO BusinessConnect non-repudiation scheme. Non-Repudiation of Origin See the chapter on Acknowledgments in TIBCO BusinessConnect EDI Protocol User’s Guide for more information. While TIBCO BusinessConnect does not support non-repudiation of transactions. Non-Repudiation Logging Scenarios in TIBCO BusinessConnect After the inbound message is validated. A public key digital signature can provide non-repudiation of electronic transactions if it can be guaranteed that the digital signature was created when the public key credentials were valid. Message Disposition Notification Receipts for more information. the Responder logs the signed original request in its non-repudiation database because non-repudiation of request is selected in the Responder’s trading partner setup for that Initiator. authentication. Non-repudiation for inbound transactions can be enabled in the trading partner setup. Chapter 17. it uses the TIBCO BusinessConnect implementation of PKI (Public Key Infrastructure) to support non-repudiation for documents.

Non-Repudiation Logging of Acknowledgments on Initiator 1. The Responder creates an acknowledgment because the Initiator’s setup for trading partner was configured to ask for an acknowledgment. and a signed receipt for the acknowledgment is selected. The Responder logs the receipt from the Initiator in its non-repudiation database because non-repudiation was selected in the transport setup for the Initiator trading partner. 4. The Initiator sends a signed receipt to the Responder. 3. This occurs because non-repudiation was selected in the Initiator’s outbound transport setup for the trading partner. The Responder sends the signed acknowledgment to the Initiator. The outbound document includes a request for a synchronous or asynchronous signed receipt from the Responder because a signed receipt is requested in the outbound transport setup for the trading partner. The Initiator sends the request. TIBCO BusinessConnect Concepts . the Sign checkbox is selected. The Responder signs the acknowledgment with its private key because. The Initiator creates a request document and uses its private key to sign it because non-repudiation is selected in the outbound host to partner transport setup for the trading partner. 4. in the trading partner transport setup for the Initiator. signed acknowledgment from the Responder in the non-repudiation database. Non-Repudiation of Receipt Non-Repudiation Logging on Initiator 1. The Initiator reconciles acknowledgments and logs the original. The Initiator calculates the message digest for the acknowledgment. The Initiator authenticates acknowledgments for content integrity.Non-Repudiation 89 | Non-Repudiation Logging of Acknowledgments on Responder 1. 5. 3. 2. 2. The Initiator receives the signed acknowledgment and sends a receipt to the Responder because a receipt was requested in the transport setup for the Responder trading partner. The Responder logs the signed acknowledgment in its non-repudiation database after the message is successfully posted to the Initiator. non-repudiation is selected. 2.

90 | Chapter 8 Security 3. The Initiator logs the receipt from the Responder because non-repudiation was selected in the Initiator’s outbound host to partner transport setup for the trading partner. 4. 5. The Responder receives the request from the Initiator. The Responder logs the signed original request in its non-repudiation database because non-repudiation of request is selected in the Responder’s trading partner setup for that Initiator. the Responder uses the Initiator's public certificate to verify the content integrity. and sends it back to the Initiator. TIBCO BusinessConnect Concepts . The Responder creates the receipt. 6. When a Responder receives a signed document that includes a request for a synchronous or asynchronous signed receipt. The Responder calculates the message digest for the document. The Initiator logs the request after a successful HTTPS post of the message to the trading partner or VAN. 2. Non-Repudiation Logging on Responder 1. 4. This also true for an email sent successfully through SMTP to the trading partner or VAN. The Responder sends a receipt to the Initiator because the inbound document contains a request for a receipt. uses its private key to sign it. 3.

in which case the outcome depends on the success of this attempt. the sending participant must be configured with an SSH private key since the transport assumes that this credential is made available to (and may be requested by) the SSH server.Com* (with import and export) Private key formats: OpenSSH PEM and Ssh. Public key and Password BusinessConnect is allowed authenticate using password. When either 'Public Key' or 'Public Key and Password' is selected. public key. The client is always identified by a user name. public key or both. or both password and public key. If the password fails. and a combination of password and public key. OpenSSH PEM (with export) Host signature algorithms: SSH-RSA and SSH-DSS Server public key algorithms: DSA and RSA. The SSH server drives the authentication (requests the preferred authentication methods) and the SSH client obeys by submitting the credentials. Authentication methods for SSHFTP The supported authentication methods are password. the following types of keys. • • • Password The configured password is used to complete the user authentication phase with the SSH server. If the server rejects the authentication attempt. and algorithms are available: • • • • • Key types: RSA. public key. the transport creation fails and the framework sends the corresponding error message to the business protocol. Public key The configured public key (retrieved from the user's SSH private key) is used to complete the user authentication phase with the SSH server.Com** (with import). which are specific to the requested/agreed-upon method or methods. BusinessConnect starts using the 'public key' method. BusinessConnect will move to password mode. the negotiation is successful and the tunnel is established. If the SSH server indicates both options. certificates. DSA Public key formats: OpenSSH PEM and Ssh. If it is successful and the server requires no further authentication steps to be executed. TIBCO BusinessConnect Concepts . whether the authentication takes place over password.SSHFTP Support in TIBCO BusinessConnect 91 | SSHFTP Support in TIBCO BusinessConnect To support the SSHFTP transport in TIBCO BusinessConnect.

Supported MACs for SSHFTP HMAC_MD5 HMAC_MD5-96* HMAC_SHA1 HMAC_SHA1-96* HMAC_RIPEMD160 * These MACs can not be selected from the BusinessConnect GUI. Selecting Algorithms and Methods during Tunnel Negotiation Tunnel negotiation is driven by the SSH server and controlled by the SSH client. it is a priority to be able set up a working connection quickly. To use the SSH Server Public Key Retriever. instead of taking enough time to ensure that the identities of the peer trading partners' SSH servers be trusted by retrieving the servers' credentials only from verified/trusted sources. installing and configuring the public keys of SSH servers of the trading partners while setting up and configuring inbound and outbound SSH transports in TIBCO BusinessConnect. If the option ANY is set for either cipher. which is also supported by the client. see TIBCO BusinessConnect Trading Partner Administration Guide. If the configuration is set to ANY. regardless of the direction of the transport (such as inbound or outbound). see Supported SSH Ciphers. the server's first choice of preference will be used. Fetch from SSH server. Supported Ciphers for SSHFTP For the list of supported ciphers. you may face problems finding. MAC. and compression algorithms and authentication methods are specified by a list that is offered by the server and chosen by the client. MAC. This means that the ciphers. Chapter 15. SSHFTP Transport. BusinessConnect always acts as the SSH client. Sometimes. TIBCO BusinessConnect Concepts . SSH Server Public Key Retriever As an administrator. any of the ciphers from the supported ciphers list can be selected by the server. or compression.92 | Chapter 8 Security The client's private key for any inbound or outbound SSHFTP transport is configured through the field 'Client Authentication Identity for SSHFTP' on the corresponding business agreement of the sending and receiving participants. as well as to help establish a trusted connection. The SSH Server Public Key Retriever was added to facilitate speedy setup of a working connection.

SSHFTP Support in TIBCO BusinessConnect 93 | If the configuration is set to ANY. any of the MACs from the supported MACs list can be selected by the server. no compression is enforced by the client. Supported Compression Algorithms for SSHFTP Zlib Zlib@openssh.com If NONE is selected. This assumes that the SSH server also considers 'NONE' to be a valid option. TIBCO BusinessConnect Concepts .

94 | Chapter 8 Security TIBCO BusinessConnect Concepts .

CDATA Character data. and that no enumerated set of values is provided to constrain that content. and &) that would interfere with normal processing. TIBCO BusinessConnect Concepts . Typically. See also Certificate Authority. containing no elements or entities that need to be processed. See also nack. CDATA has two very different meanings in XML. Electronic. B B2B Business to Business. A trusted third party that validates identities and issues X. if the sender of the original data does not receive an ack message before a predetermined time. The second meaning applies only within documents. CDATA sections provide an escape mechanism supporting documents containing characters (typically <. asynchronous transaction type A request/response transaction type in which the Responder sends a response on a channel other than the sending channel. or receives a nack.509 digital certificate and the certificate chain of its CA’s certificates. certificate chain A list of certificates made up of a user’s X. >. integrated communication between businesses. See also VPN. where CDATA is used within attribute declarations to indicate that an attribute should contain character content. the sender re-sends the original data. A certificate is in a certificate chain.509 certificates by signing the certificate with its signature. certificate A data string that a Certificate Authority (CA) creates after the CA verifies the identity of an entity that has submitted a CSR (Certificate Signing Request). The first meaning is used within document type declarations. where CDATA marked sections (beginning with <![CDATA[and ending with]]>) label text within documents that is purely character data.| 95 Glossary A ack A return message in a B2B request/response transaction indicating that data has been received correctly. C Certificate Authority (CA) CA Certificate Authority. See also synchronous transaction type. usually over the Internet or over a VPN. See also certificate chain.

TIBCO BusinessConnect Concepts . D DBMS Data Base Management System. A complex set of programs that controls the organization. CSV Common Separated Values. Data is organized in fields. CIDX™ See ChemXML. company-to-marketplace. A message structure format. and retrieval of data for many users.cxml. marketing efforts. A type of software that automates a company's sales force. CMS Cryptographic Message Syntax. See also certificates file. See also key identity file. cXML Commerce XML. and delivering chemicals.org for more information. ChemXML™ An XML-based data exchange standard for buying. digital certificate See certificate. An XML format developed for documents used in e-procurement. selling. CIDX™ (Chemical Industry Data eXchange) developed ChemXML on a non-profit basis for use in the chemical industry to conduct electronic business transactions and exchange data in company-to-company. storage. See also XML. digital signature See signature. certificates file A file that contains a private key’s certificate chain. cleartext Data that has not been encrypted.96 | Glossary A certificate chain can be in a certificates file. and files. ciphertext Data that has been encrypted. The file that you send to a CA such as Verisign when you request a certificate. See also S/MIME. See www. and marketplace-to-marketplace transactions. records. CSR Certificate Signing Request. CRM Customer Relationship Management. A certificate chain can also be in a key identity file. A database management system also controls the security of the database. The CSR contains your email address and certain identifying information. The internal format of an S/MIME message. and customer service needs.

A non-XML schema file that contains a formal description of the vocabulary and structure of the elements in an associated XML file. the premier solution for the creation. accounts receivable and payable. Also used to refer to the client program the user executes to transfer files. Also see www. element The unit forming the basic structure of XML documents. conversion. DTD Document Type Definition. or combine both. An ERP system can include software for manufacturing. EDI Electronic Data Interchange.com for information on TIBCO’s XML Authority. The document type declaration may refer to an external file (the external subset). an exception is anything that requires special processing to account or adjust for. anything that has gone wrong. See www. A client-server protocol which allows a user on one computer to transfer files to and from another computer over a TCP/IP network. F FTP File Transfer Protocol.Glossary 97 | document type declaration A declaration that provides a document type definition (DTD) for an XML document. DUNS Number A number in the Data Universal Numbering System from Dun & Bradstreet. BusinessConnect uses DUNS numbers for RosettaNet. E ebXML electronic business XML. include additional declarations (the internal subset). The document type declaration also gives the root element for the document. warehousing.ebxml. Elements may contain attributes in their start tags. DTDs serve the same function as XML schema documents. general ledger. At the business process level. An integrated information system that serves all departments within an enterprise. order entry. See also XML.org. EDI uses some variation of the ANSI X12 standard (USA) or EDIFACT (UN-sponsored global standard). and textual content. transportation and human resources. such as correcting an invalid order. other elements. TIBCO BusinessConnect Concepts . exception At the software level. See also TCP/IP. typically within a lower level code module. An XML e-commerce standard defined by the ebXML consortium. See also XML.extensibility. A native SAP message format. purchasing. A DTD may also provide some content information. EDI is most often used by trading partners in the exchange of standardized documents. ERP Enterprise Resource Planning. The DTD for an XML document is the combination of the internal and external subsets described by the document type declaration. and management of DTDs and XML schemas.

Secure. See also SSL. A transport protocol for email clients to retrieve email from a message store on a host server.98 | Glossary H HTTP Hypertext Transfer Protocol. TIBCO ActiveExchange products support Entrust Profile (. Messages sent over the secure transport are not themselves encrypted. MIME uses base64 and other encodings to encode non-text information as text to make sure that email messages with images or TIBCO BusinessConnect Concepts . Trading partners create a key identity for their own installations. Multipurpose Internet Mail Extensions. HTTPS uses port 443. IMAP is newer and has more features than the more popular POP access protocol. A standard structured messaging format which allows a single message to contain many parts. By default. MIME J JSSE Java™ Secure Socket Extension. It is encrypted with a password because it contains a private key. M MAPI Messaging Applications Programming Interface.p12 or . HTTPS uses SSL to encrypt the HTTP transport. See also SSL. different vendors offer different JSSE implementations. A Java standard that enables SSL. See also TCP/IP. the key identity file relates to the trading host and certificates file(s) relate to any trading partner(s) that the host has. As SSL is not part of Java. and PKCS#12 (. and fax. MIME is a very flexible format. A client-server TCP/IP transport protocol used on the web for exchanging documents. IMAP4 Internet Message Access Protocol. A variant of HTTP used for creating secure transactions. K key identity file A file that contains a private key and its certificate chain. web hypertext documents.pfx) (as implemented by Netscape and Microsoft and others).epf) (as implemented by Entrust). See also POP. such as plain text. HTTP uses port 80. A proprietary interface to client email servers. graphics. key pair A private/public key pair. By default. HTTPS Hypertext Transfer Protocol. MIME specifies how messages must be formatted so that they can be exchanged between different email systems. I IMAP. audio. which can include virtually any type of file or document in an email message. When setting up an installation for e-commerce.

PIP Partner Interface Process. The recipient authenticates the sender using the sender’s public key. It is used for message unencryption and for signing. The infrastructure necessary to successfully use public key cryptography. A private key is kept in a key identity file. POP3 Post Office Protocol. non-repudiation Non-repudiation of service allows the sender of a message to provide the recipient of a message proof of the origin of the message. It is used for message encryption and for verifying a signature. This can synchronous or asynchronous. Part of the RosettaNet business protocol.Glossary 99 | other non-text information are delivered with maximum protection against corruption. See also S/MIME. R request/response A type of message that requires a response from the receiver. a MIME message may have a header. public key The part of a key pair that can be shared with anybody. The sender also signs a document using their private key. Each user has a public key and a private key. A client-to-host transport protocol for email clients to retrieve email from a message store. See also ack. PKI Public Key Infrastructure. data that has been converted to the TIBCO IntegrationManager internal representation (AttributeNode) and which can be accessed at the field level by other components. TIBCO BusinessConnect Concepts . This protects against any attempt by the sender to subsequently revoke the message or its content. For example. A public key is kept in a certificate. private key The part of a key pair that is kept strictly confidential. It is encrypted with a password. See also IMAP. A system that offers encryption and digital signatures. POP is more widely used than the IMAP protocol. The recipient decrypts the document using their private key. This is based on a sender’s unique digital signature. P parsed For XML. See also symmetric key cryptography. A sender encrypts a document using the recipient’s public key. The public key is made public while the private key remains private. and digital signature. which has more features. body. See also unparsed. public key cryptography N nack A return message indicating that data has not been received correctly. including certificates and certificate authorities. POP.

among others. SSL can use S schema See XML schema. Installing a digital certificate makes a browser or server’s SSL capabilities available. SSL provides encryption. RV Rendezvous protocol. confidentiality. SSL is layered beneath protocols such as HTTP. SOAP Simple Object Access Protocol.100 | Glossary RNIF RosettaNet Implementation Framework. Gopher. A generic language for representing hypertext documents. S/MIME is designed for messaging clients delivering security services to distributed messaging applications. A protocol designed by Netscape Communications Corporation to encrypt data and authenticate senders. SSL is part of all major browsers and web servers. SQL Structured Query Language. A distributed TIBCO messaging protocol middleware product. client and server authentication. SMTP Simple Mail Transport Protocol. signature A verifiable transformation made on a piece of data by the private key. SSL is the industry standard for sharing secured data over the web. A signature usually also contains the possibly incomplete certificate chain of the signer. S/MIME (RFC 2311) is based on the MIME standard (RFC 1521). and message integrity. and NNTP.org for more information. and authentication. TIBCO BusinessConnect Concepts . SSL is layered above the TCP/IP connection protocol. SMTP. S/MIME defines a data encapsulation format for the provision of a number of security services that include data integrity. a standardized electronic business interface. POP. See also certificate. SMTP is the standard for servers that move email over the Internet. that provides a lightweight method for exchanging structured data. A digital signature binds a document to the possessor of a particular key. and POP3 are used to retrieve the email from the host’s mail server. A host-to-host mail transport protocol for email. other protocols such as IMAP. A language for accessing data in a database. It is a messaging format for exchanging digitally signed and/or encrypted messages. See www. RosettaNet An industry consortium dedicated to the development and deployment of RosettaNet. FTP. S/MIME (Secure Multipurpose Internet Mail Extensions) presents a way of adding security to objects that are packaged with MIME. As it is a server-to-server protocol. which can be verified by using the public key. Telnet. SOAP messages are XML documents contained in a mandatory SOAP envelope and sent using HTTP or HTTPS. SGML Standard Generalized Markup Language. A network protocol developed by Microsoft. SSL Secure Sockets Layer.rosettanet.

which uses server and client authentication. A client signs random data with a private key during the setup phase of an SSL connection to authenticate itself. The same key is used to encrypt and unencrypt data. numbers. 56-bit. See also HTTPS. The in-memory representation of 'type-aware' data uses strings. symmetric key cryptography A system that offers encryption. such as _CDATA. For XML. U unparsed For XML. SSL is used by HTTPS. synchronous transaction type A request/response transaction type in which the Responder sends a response on the sending channel. SSL is available at the 40-bit. URI Uniform Resource Identifier. untyped A document that does not use a schema. The longer the session key is. and the recipient decrypts the document using the same symmetric key. See also untyped. A resource identifier that uses a naming scheme to identify resources. and character data is represented by some 'special' name. TIBCO IntegrationManager components. This refers to the length of the session key that every encrypted conversation generates. IP is a connectionless protocol that provides packet routing. and arrays. Encrypted data sent after the setup phase is not signed. and how to find the target resource on that computer. The in-memory representation of untyped data is an array of name->value pairs. URL Uniform Resource Locator. unless they have special support for parsing XML. type-aware A document that uses a schema of some sort. TIBCO BusinessConnect Concepts T TCP/IP Transmission Control Protocol on top of the Internet Protocol. it is an array of name->(string or element) pairs. an XML document in the form of a giant string or byte array. URN Uniform Resource Number. See also asynchronous transaction type. A sender encrypts a document using the symmetric key. among others. the more difficult it is to break the encryption code. a host computer. See also type-aware. Protocols to enable communication between different types of computers and computer networks.Glossary 101 | digital certificates to authenticate an encrypted socket. See also parsed. BusinessConnect supports different levels of SSL. including the highest level. . TCP is a connection-oriented protocol that provides reliable communication and multiplexing. A resource identifier that describes its target by giving a pathway for retrieving it. A URL may include a protocol. and 128-bit levels. A resource identifier that describes a location (URL) or name (URN) for identifying an abstract or physical resource. See also public key cryptography. can utilize XML only as a string byte array.

but physically share backbone trunks with other customers. and message storing and forwarding. VPN Virtual Private Network. common carriers have built VPNs that appear as private national or international networks to the customer. TIBCO BusinessConnect Concepts .102 | Glossary V VAN Value-added network. protocol conversion. A communications network in an EDI setting that provides services beyond normal transmission. For years. A network that is configured within a public network. VPNs enjoy the security of a private network via access control and encryption. while taking advantage of the economies of scale and built-in management facilities of large public networks. such as automatic error detection and correction.

they can be created with any XML tool. Some features include: Data typing enables defining data by type (character. XSLT is designed for use as part of XSL. XSL uses template rules that are written using XML to transform documents into formatting objects. and delivering content to different audiences for different purposes. the premier solution for the creation.com for information on TIBCO Extensibility products. XML is a standard for passing data between Internet applications. XSDL XML Schema Definition Language. Associating Java classes adds processing to the data. Expressed in XML document syntax. See www. and management of DTDs and XML schemas. An XSD file defines the structure and elements in a related XML file. See www.com for information on XML Authority. TIBCO BusinessConnect Concepts .). lets tags referenced in one schema be used in other schemas. XML documents contain data in the form of tag/value pairs. formatting.xsd is the suffix of an XSD schema document. integer. Namespaces enables multiple schemas to be combined into one.extensibility. Schema reuse. along with its descendants. A stylesheet language for XML. A language for transforming XML documents into other XML documents. . XML documents contain data in the form of tag/value pairs. XSL Extensible Style Language. An XML schema is an XML element information item which.extensibility. in print.com for information on TIBCO’s XML Authority®. or in other media. An XML schema dialect. which are then presented on screen. An XML schema establishes a set of rules for constraining the structure and articulating the information set of XML document instances. an XML schema is written in XML. combining. or schema inheritance. XSL specifies the styling of an XML document by using XSLT to describe how the document is transformed into another XML document that uses the formatting vocabulary. XML gives much more control than HTML over collecting. conversion. conversion. XML lets users label information using custom tags that describe the structure and meaning of a file’s content. Authoring information adds improved documentation for schema designers. In addition to XSLT. Unlike a DTD. and communities to define their own vocabularies. Global attributes assign properties to all elements. and namespaces. XSDL supports an extensible data typing system. See also www. including XSDL. A standardized document formatting language that provides a set of standards for document syntax while allowing developers. Although XML schemas are more verbose than DTDs. XSLT Extensible Stylesheet Language Transformations.extensibility. searching. and management of documents in XML schema dialects. XML is a standard for passing data between Internet applications. inheritance. organizations. etc. XSD XML Schema Definition. XML schema The definition of the content in an XML document.Glossary 103 | X XML eXtensible Markup Language. the premier solution for the creation. satisfies all the constraints on schemas in a specification. XSL includes an XML vocabulary for specifying formatting.

104 | Glossary TIBCO BusinessConnect Concepts .

operators. and operands 73 audit logging 22 authorization 78 B business protocols 18 BusinessConnect architecture 5 installation 6 server components 8 usage scenarios 4 cipher suites 86 128-Bit and Stronger 86 256-Bit and Stronger 87 Export and Stronger 86 Stronger than 128-Bit 87 Stronger than Export 86 ciphertext 96 cleartext 96 CMS 96 configuration store 23 CRM 96 CSR 96 CSV 96 customer support xv cXML 96 D data stores 22 database connections 22 DBMS 96 digest algorithms 85 digital certificates 81 digital signatures 80. 96 distributing workloads among engines 70 DMZ (De-Militarized Zone) 8 DMZ component 60 document type declaration 97 DTD 97 Dual Firewall (DMZ) mode 60 DUNS Number 97 C cache timeout 50 CAs 81 CDATA 95 certificate authorities 81 certificate chain 82 Certificates Authority (CA) 82 certificates file 83 E ebXML 97 TIBCO BusinessConnect Concepts .Index 105 | Index A about system configuration 22 ack 95 activities see also operations aeRvMsg message format 10 attribute 73 attributes.

106 | Index EDI overview 53 element 97 encryption 84 encryption algorithms 85 ERP 97 EZComm overview 55 L load balancing and Public Smart Routing for the Interior component (DMZ Mode) 64 load balancing in Single Server mode 59 M F MAPI 98 fault tolerance for the Interior Component (DMZ Mode) 63 fault tolerance in Single Server mode 59 File transport protocol 49 N nack 99 NO MATCHING RULES 76 non-repudiation 88 logging of acknowledgments on initiator 89 logging of acknowledgments on responder 89 logging scenarios 88 of origin 88 of receipt 89 on Initiator 89 on Responder 90 non-repudiation logging 22 I inbound inter-component event source 72 Interior component 63 Interior Engine 8 J JCE policy files 85 JMS message format 12 JMS queue transport type 13 JMS topic transport type 13 JMS transport types used for various messages 13 JSSE 98 O obtaining certificates 81 operand 74 operations overview 18 operator 73 K key identity file 98 key pair 98 P parsed 99 participant profiles 17 PIP 99 TIBCO BusinessConnect Concepts .

Index 107 | private keys 84 Private Process Smart Routing 67 business rules 67 configuration 67 processing of inbound documents 70 product overview 2 proxy servers 23 public event sources 69 public key cryptography 99 public keys 84 public processes in BusinessConnect 15 Public Smart Routing 69 creating rules 74 defining rules 73 rules 72 public transports 48 SSH 84 SSHFTP authentication methods 91 selecting algorithms and methods 91 supported ciphers 92 supported compression algorithms 93 supported MACs 92 SSHFTP implementation in BusinessConnect 50 SSHFTP tunnels 50 SSL 84. 100 storing certificates 83 support. contacting xv symmetric key cryptography 101 T R relationship between private and public processes 16 Rendezvous Certified Messaging (RVCM) 11 RosettaNet 100 RosettaNet overview 54 runtime data store 23 RV 100 TCP/IP 101 technical support xv TIBCO Rendezvous subject names 9 TIBCO_HOME xii tibXML 101 transactions access control 78 see also operations type-aware 101 S S/MIME 84. 100 schema 100 secure JMS transport 13 security overview 78 selecting algorithms and methods during tunnel negotiation 92 server groups and clusters 74 SGML 100 Single Server mode 59 SMTP 100 SOAP 100 SOAP overview 54 SQL 100 U unparsed 101 untyped 101 URI 101 URL 101 URN 101 using certificates with BusinessConnect 81 using TIBCO Administrator 26 using TIBCO BusinessWorks 29 using TIBCO Designer 31 TIBCO BusinessConnect Concepts .

108 | Index V VAN 102 VPN 102 X XML 103 XML schema 103 XSD 103 XSDL 103 XSL 103 XSLT 103 XSLT 53 TIBCO BusinessConnect Concepts .