Problem:

Release: 4.0

Is data encryption supported?

Resolution:

Release: 4.0   

Yes. Since Most host systems have security built into them EnterpriseLink provides a mechanism that enables you to map between the security you build into your project to the existing security on your host system. This is called security mapping. Using one of several security mapping options, you can create a robust, secure, Web-enabled application that provides the right level of access to both your deployed project and the host system without requiring that you change anything on your host system, and without requiring more than one logon per user.

The security system you need to accommodate your deployed project depends on the nature of the project and the host application. Some systems require no security at all, especially if they are behind company firewalls and inaccessible to the public. Other systems, however, are designed specifically to allow outside users access to the application. Whatever the particular needs of your application, EnterpriseLink provides a security mapping option to meet those needs. The options are:

Disable security mapping - Use this option when your host system has no security, or when you do not want to extend the host security to the deployed project. Instead, rely on the security you build into your project. This is the default setting.

Digital Certificate to Host Logon ID Mapping - Assign and map Digital Certificates generated for the authorized users of your deployed project directly to specific logon IDs on the host system.

Digital Certificate to Host LU Name Mapping - Assign and map Digital Certificates to specific host Logical Unit (LU) names.

Web User to Host Logon Mapping - Map specific Web user IDs to host logon IDs, one-to-one.

Web User to Host Logon ID Pooling - Map Web user IDs to IDs in a generic logon ID pool on the host system.

Web User to Host LU Name Mapping - Map Web user IDs to host LU names, one-to-one.

Web User to Host LU Name Pooling - Map Web user IDs to entries in a LU name pool on the host system.

Some mapping options require tha

t you identify the user ID and password fields built into a Web page or pages in your EnterpriseLink project. For each project you enable for security mapping via the Administration Site, you'll see an additional branch on the EnterpriseLink Builder projects tree to accommodate the security component of the project. The branch contains two objects -- User and Password -- that you drag and drop onto the Web page fields that correspond to user ID and password. This maps those fields on the Web page to the security mapping component. At run time, if a mapping exists for the user, EnterpriseLink automatically supplies the user ID and password, bypassing the page.

Security Mapping information is stored in the EnterpriseLink certificate repository which is contained in a separate schema in the project database, or in its own database. EnterpriseLink identifies the certificate repository by the ODBC System Data Source Name ELCertificateDB. This repository is highly secure. It is encrypted in a way that makes it impossible to decrypt without use of the Administration Site interface. If in separate repositories, you must keep the EnterpriseLink project repository and the EnterpriseLink certificate repository synchronized with one another, so be sure to back up the EnterpriseLink repository and the certificate repository together. Also, deleting a project using EnterpriseLink Builder removes the certificate and pools associated with it from the certificate repository.

Some of the security mapping options enable you to use digital certificates. Digital certificates are normally used to explicitly identify a browser user to a Web server. Using the Administration Site, you can map each digital certificate from the EnterpriseLink Server to a specific host logon ID and password or LU name, enabling the identification of a user on the host system as well.