Trading Networks 10.3 | Administering and Monitoring B2B Transactions | Trading Networks Administrator's Guide | Understanding webMethods Trading Networks | Security | Protecting Access to Trading Networks Processing
 
Protecting Access to Trading Networks Processing
When trading partners want to connect to your Trading Networks system (for example, to send a document for processing), access can be protected through a user account (user name/password) or x.509v3 client certificates. A partner must have partner authority to access your Trading Networks system to exchange documents. When you define a profile for a partner, you can associate one or more My webMethods or Integration Server user accounts with a profile. Your partner can use the user accounts to access your system.
When your Trading Networks system needs to connect to a partner's system (for example, to deliver a document), it can use a user account (user name/password) or x.509v3 client certificates as credentials that the partner's system uses for authentication. If your partner requires authentication using user name/password, your Trading Networks system maintains the user name and password it needs to supply when connecting to that partner in the partner's profile on your system. If a partner requires authentication using client certificates, your Integration Server system maintains the client certificate it needs to supply when connecting with that partner.
Trading Networks protects access to the wm.tn:receive service using an Integration Server Access Control List (ACL). The protection ensures that only partners with Trading Networks administrative authority or partner authority can invoke this service. To invoke the wm.tn:receive service, the client must supply the user name and password of a valid My webMethods or Integration Server user account. When using a user account with Trading Networks administrative authority, Trading Networks always accepts and processes the document. However, you will typically not grant your partners administrative authority. Instead, they have user accounts that have Trading Networks partner authority.
When you create a profile for a partner, you can associate a user account with the profile, and therefore the partner. You can associate one or more My webMethods users with the profile; Trading Networks automatically gives partner authority to the My webMethods user. When using a user account with partner authority, Trading Networks makes sure that the user that invokes the wm.tn:receive service matches the sender specified within the document being sent. Trading Networks uses the sender identified within the document to look up the sender's profile and makes sure that the profile is associated with the My webMethods or Integration Server user account that was used to send the document. If the user account is not associated with the sender's profile, Trading Networks does not process the document.