Thursday, July 10, 2014

#14 SOA 12c New Features - Encrypting personally identifiable information (PII)

Great new feature enabling the encryption of sensitive data such as credit card number or SSN.

Here is a simple example of a order process where I can encrypt the (credit card number) field.

Here is my order XSD.

















The BPEL process just assigns input to output.






















Here is the composite view -











Notice the lock icon on the exposed service. Here I have defined the encryption.

Steps -





























Select the data to be encrypted -























Note the key name -










I know this is probably preaching to the converted, however - to reiterate -
e.g. one needs to decrypt the ccnr before sending it on to the CreditCardValidation Service.










Now all we need to do is create the csf key.
We can use WLST to do this -

Open a CMD window in the following directory




















Enter the cmd:
wlst
then
connect("weblogic","welcome1","t3://localhost:7101")
then you will see the prompt
wls:/DefaultDomain/serverConfig>
enter
 createCred(map="oracle.wsm.security",
key="pii-csf-key", user="weblogic", password="welcome1", desc="Key for
pii_security_policy")

 You will see the confirmation





Now deploy and test -

































Review the BPEL audit trail
















Now wasn't that easy!

Now to decryption -






The BPEL process now calls the credit card validation service - the argument passed is the ccnr.
So I need to decrypt before calling -


























































The web service's logic is pretty banal -









Deploy and Test


























Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)