Managing WebLogic Integration Solutions
TPM Schema
This section describes the schema for trading partner management (TPM) data that you can exchange with the TPM repository using:
- The WebLogic Integration Administration Console
- The Workshop TPM controls
- The Bulk Loader utility
TPM Overview
The TPM schema allows you to configure WebLogic Integration to share information among trading partners by defining the following:
- Addresses, phone and fax numbers
- Authentications, encryptions, and certificates
- Protocol transports for RosettaNet, ebXML, and Web services
- Data unique to your business needs
A trading partner can have one or more service bindings that use different transport protocols for the exchange of documents. Each transport can use a variety of security authentication options, for client, server, signing, and messaging roles. The TPM schema allows you define the complete set of communication and configuration options for all trading partners.
Architecture: Trading Partners and Services
The root element of the TPM schema is the trading-partner-management element. The element provides logging and messaging options, and contains the two essential child elements for any configuration:
trading-partner—a business entity that has authorization to send and receive business messages.The trading-partner element defines the settings for a single trading partner: authentication, security, and protocol options.
service—a business process a trading partner offersThe service element defines settings that describe how pairs of trading partners communicate: message protocols, message tracking, and RosettaNet service options.
The service element is rather simple and contains the following elements:
rosettanet-service-defaults—for describing optional RosettaNet settingsservice-profile—for describing how pairs of trading partners communicate
The trading-partner element is far more complex. The following illustrations present the entity relationships among its elements.
Protocols and Security
The TPM schema provide configuration options for communication using the following service protocols:
- ebXML
- RosettaNet
- Web services available through JWS and JPD
The TPM schema provide settings for the authentication of trading partners as they send messages using these protocols at runtime for:
- authentication credentials for outbound connections
- mapping of trading partners to WebLogic Integration users for inbound connections
- transport level security with a Secure Sockets Layer (SSL)
- message level encryption and digital signatures
You configure these security and authentication options using:
- The
authentication elements, that reside within a transport element for a given service protocol and allow clients and servers to authenticate.
- The individual service binding elements for each protocol, that provide settings for digital signatures and encryption for messaging.
The individual binding elements for each of the protocol services support non-repudiation by digitally signing outbound messages and acknowledgements based on the attributes that require signatures on messages and acknowledgement receipts. You can securely log message information as well.
The TPM schema supports the use of password aliases so you can refer to the password aliases in the WebLogic Integration password store. To learn more about password security, see Password Aliases and the Password Store.
Extensibility
You can include custom information unique to your business needs using extended property sets. The extended-property-set allows any XML elements and attributes to be specified as child nodes of the extended-property-set element. To learn more about extending TPM schema, see extended-property-set Element.
Test Mode
You can deploy your TPM options in a development environment without the need to specify explicit service profiles between trading partners. The test mode attribute on the trading-partner-management element allows you to test and deploy TPM business settings using the default bindings for your trading partners. This mode does not require separate service profiles to be set up for each pair of partners that exchange business messages.
To learn more about using test mode, see trading-partner-management Element.
Related Topics
To learn more about using the WebLogic Integration Administration Console for TPM, see Trading Partner Management.
To learn more about Workshop trading partner integration controls, see TPM Control, RosettaNet Control, and ebXML Control in Building Integration Applications in the WebLogic Workshop help.
To learn more about using the Bulk Loader, see Using the Trading Partner Bulk Loader.
To learn more about XML, see the W3C Recommendation, XML-Signature Syntax and Processing at the Web site of the W3C.
To learn more about the ebXML protocol, see the ebXML Collaboration-Protocol Profile and Agreement Specification - Version 2.0 at the Oasis Web site.
To learn more about ebXML in general, visit the ebXML Web site.
To learn about the RosettaNet protocol, visit the RosettaNet Web site.
address Element
This element defines the external business address for a trading partner.
Syntax
<address>partnerMailAddress</address>
Attributes
none
Type
xs:string
References
To
none
Children
none
Hierarchy
Used By
trading-partner Element
Children
none
authentication Element
This element specifies the authentication properties for a remote client that connects to the parent transport endpoint.
Syntax
<authentication>
client-partner-name="tradingPartnerReference"
client-authentication= "BASIC
|NONE
|SSL_CERT_MUTUAL"
username="loginName"
password-alias="clientPassword"
client-certificate-name="certificateReference"
server-authentication= "NONE
|SSL_CERT"
server-certificate-name="certificateReference"/>
Attributes
|
Attribute
|
|
|
|
client-authentication
|
Description
|
Specifies whether to use client authentication, and if so, what kind.
|
|
Allowable Values
|
BASIC—username and password
NONE—no authentication
SSL_CERT_MUTUAL—mutual SSL certificates
|
|
Use
|
optional
|
|
Type
|
xs:NMTOKEN
|
|
Default Value
|
none
|
|
client-certificate-name
|
Description
|
A reference to the name of the client certificate for mutual SSL authentication.
|
|
Allowable Values
|
any
|
|
Use
|
optional
|
|
Type
|
reference
|
|
Default Value
|
none
|
|
client-partner-name
|
Description
|
The name of the trading partner in the TPM repository to which the authentication applies.
|
|
Allowable Values
|
any
|
|
Use
|
required
|
|
Type
|
reference
|
|
Default Value
|
none
|
|
password-alias
|
Description
|
This is a reference to the password alias in the WebLogic Integration password store. The password is retrieved from the password store and is required when BASIC authentication nis used.
|
|
Allowable Values
|
any
|
|
Use
|
optional
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
|
server-authentication
|
Description
|
Specifies whether to use server authentication, and if so, what kind.
|
|
Allowable Values
|
NONE—no authentication
SSL_CERT—SSL certificate authentication
|
|
Use
|
optional
|
|
Type
|
xs:NMTOKEN
|
|
Default Value
|
no default value
|
|
server-certificate-name
|
Description
|
A reference to the name of the server certificate for SSL authentication.
|
|
Allowable Values
|
any
|
|
Use
|
optional
|
|
Type
|
reference
|
|
Default Value
|
none
|
|
username
|
Description
|
The user name for basic client authentication.
|
|
Allowable Values
|
any
|
|
Use
|
optional
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
References
To
client-certificate Element
server-certificate Element
trading-partner Element
From
none
Hierarchy
Used By
transport Element
Children
none
client-certificate Element
This element defines a digital certificate of a trading partner for client authentication access to a WebLogic Integration communication end point.
Syntax
<client-certificate
name="certificateName"
password-alias="keystoreEntryPasswordAlias">
<ds:KeyInfo
.
.
.
</ds:KeyInfo>
</client-certificate>
Attributes
|
Attribute
|
|
|
|
name
|
Description
|
The name for the client certificate in the TPM repository. The name is also the entry name in the local keystore.
|
|
Allowable Values
|
any
|
|
Use
|
required
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
|
password-alias
|
Description
|
This is a reference to the entry in the WebLogic Integration password store for the encrypted password. The encrypted password is used for accessing the password-protected keystore entry.
|
|
Allowable Values
|
any
|
|
Use
|
required
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
References
To
none
From
authentication Element
Hierarchy
Used By
trading-partner Element
Children
ds:KeyInfo
ebxml-binding Element
This element defines the ebXML business protocol specific bindings of the parent trading partner.
The ebXML protocol supports non-repudiation by digitally signing outbound messages and acknowledgements based on the attributes is-signature-required and is-receipt-signature-required.
Syntax
<ebxml-binding
business-protocol-name="protocolName"
business-protocol-version="versionNo"
delivery-semantics= " [BESTEFFORT
|ONCEANDONLYONCE
|ATLEASTONCE
|ATMOSTONCE]"
is-default="[true|false]"
is-receipt-signature-require="[true|false]"
is-signature-required="[true|false]"
name="bindingName"
persist-duration="intervalNo"
retries="retriesNo"
retry-interval="retryIntervalNo"
signature-certificate-name="signatureCertificate">
<signature-transforms
.
.
.
/>
<transport
.
.
.
/>
</ebxml-binding>
Attributes
|
Attribute
|
|
|
|
name
|
Description
|
The name for the binding in the TPM repository. A trading partner may have multiple ebxml-binding elements, so the name must be unique to the parent trading-partner element.
|
|
Allowable Values
|
any
|
|
Use
|
required
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
|
business-protocol-name
|
Description
|
Identifies the business protocol for message exchange.
|
|
Allowable Values
|
ebXML
|
|
Use
|
optional
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
|
business-protocol-version
|
Description
|
Identifies the version of the business-protocol name.
|
|
Allowable Values
|
any
Note: Currently 1.0 and 2.0 are supported.
|
|
Use
|
optional
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
|
delivery-semantics
|
Description
|
This attribute specifies reliable messaging behavior.
|
|
Allowable Values
|
BESTEFFORT—best effort attempt to deliver messages. No reliable messaging.
ONCEANDONLYONCE—Once and only once reliable messaging. Select this option for messaging that requires acknowledgement.
ATLEASTONCE—at least once reliable messaging. Select this option for messaging that requires acknowledgement, but not duplicate elimination.
ATMOSTONCE—at most once reliable messaging. Select this option for messaging that requires duplicate elimination, but not acknowledgement.
For ebXML 1.0, only BESTEFFORT or ONCEANDONLYONCE are valid. For ebXML 2.0, all values are valid.
|
|
Use
|
optional
|
|
Type
|
xs:NMTOKEN
|
|
Default Value
|
false
|
|
is-default
|
Description
|
Identifies the default ebxml-binding for a trading partner in the event it has more than one.
|
|
Allowable Values
|
false
true
|
|
Use
|
optional
|
|
Type
|
xs:boolean
|
|
Default Value
|
none
|
|
is-receipt-signature-
required
|
Description
|
This setting, if true, specifies that the party who receives the ebXML messages from this trading partner through this binding must acknowledge them using the digitally signed receipt messages. The receipt messages must use the certificate of the acknowledging party.
You can control the archival of signed receipts in a secure audit log by the global attribute secure-audit-logging in the root element trading-partner-management.
|
|
Allowable Values
|
false
true
|
|
Use
|
optional
|
|
Type
|
xs:boolean
|
|
Default Value
|
none
|
|
is-signature-required
|
Description
|
This setting, if true, specifies that parties must digitally sign messages they send to the trading partner though this binding.
You can control the archival of signed messages in a secure audit log by the global attribute secure-audit-logging in the root element trading-partner-management.
|
|
Allowable Values
|
false
true
|
|
Use
|
optional
|
|
Type
|
xs:boolean
|
|
Default Value
|
none
|
|
persist-duration
|
Description
|
Specifies the duration for which messages have to be stored persistently for the purpose of duplicate elimination.
|
|
Allowable Values
|
any
|
|
Use
|
optional
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
|
retries
|
Description
|
Specifies the maximum number of times to attempt to send a reliably delivered message.
|
|
Allowable Values
|
Any positive Integer
|
|
Use
|
optional
|
|
Type
|
xs:nonNegativeInteger
|
|
Default Value
|
3
|
|
retry-interval
|
Description
|
This attribute defines the time interval between attempts to send a reliably delivered message. The interval begins after the timeout period for message acknowledgement expires.
|
|
Allowable Values
|
time duration string
|
|
Use
|
optional
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
|
signature-certificate
-name
|
Description
|
References the name of the certificate for digitally signing messages.
|
|
Allowable Values
|
any
|
|
Use
|
optional
This setting is required if the is-signature-required or is-signature-receipt-required attributes are true.
|
|
Type
|
reference
|
|
Default Value
|
none
|
Reference
To
signature-certificate Element
From
service-profile Element
Hierarchy
Used By
trading-partner Element
Children
signature-transforms Element
transport Element
encryption-certificate Element
This element defines a digital certificate for a trading partner for encrypting and decrypting exchanged messages.
Syntax
<encryption-certificate
name="certificateName"
password-alias="keystoreEntryPasswordAlias">
<ds:KeyInfo
.
.
.
</ds:KeyInfo>
</encryption-certificate>
Attributes
|
Attribute
|
|
|
|
name
|
Description
|
The name of the encryption certificate in the TPM repository. This name is also the entry name in the local keystore.
|
|
Allowable Values
|
any
|
|
Use
|
required
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
|
password-alias
|
Description
|
This is a reference to the entry in the WebLogic Integration password store for the encrypted password. The encrypted password is used for accessing the password-protected keystore entry.
|
|
Allowable Values
|
any
|
|
Use
|
optional
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
References
To
none
From
rosettanet-binding Element
Hierarchy
Used By
trading-partner Element
Children
ds:KeyInfo
extended-property-set Element
The extended-property-set element allows you to add custom XML nodes to your TPM configuration for your business needs.
The child elements appear within the repository as sub trees within an XML document, and can be nested.
<trading-partner name="ACMECORP" type="REMOTE" business-id="ACME-id">
.
.
.
<extended-property-set
name="ACME Corp Extension"
description="Contact Info"
notes="the number format is important"/>
<business-contact>Joe Smith</business-contact>
<phone type="work">+1 123 456 7654</phone>
<phone type="cell">+1 321 654 4567</phone>
<city>Anytown</city>
<state>California</state>
</extended-property-set>
</trading-partner>
Syntax
<extended-property-set
name="propertyName"
description="propertyDescription"
notes="propertyNotes">
<xmlElement
.
.
.
</xmlElement>
</extended-property-set>
Attributes
|
Attribute
|
|
|
|
name
|
Description
|
The name of the property set.
|
|
Allowable Values
|
any
|
|
Use
|
required
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
|
description
|
Description
|
A text description of the property set that appears in the WebLogic Integration Administration Console.
|
|
Allowable Values
|
any
|
|
Use
|
optional
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
|
notes
|
Description
|
Text notes or documentation for the property set.
|
|
Allowable Values
|
any
|
|
Use
|
optional
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
References
To
none
From
none
Hierarchy
Used By
trading-partner Element
Children
any
failure-notifier Element
This element represents the RosettaNet PIP failure notifier. It sends notification of failure (PIP0A1) messages to the appropriate trading partner and binding.
Syntax
<failure-notifier
trading-partner-name="tradingPartnerReference"
binding-name="bindingNameReference""/>
Attributes
|
Attribute
|
|
|
|
trading-partner-name
|
Description
|
The name of the trading partner in the TPM repository that should receive RosettaNet failure notification.
|
|
Allowable Values
|
any
|
|
Use
|
required
|
|
Type
|
reference
|
|
Default Value
|
none
|
|
binding-name
|
Description
|
References the name of the service binding in the TPM repository for the provider.
|
|
Allowable Values
|
any
|
|
Use
|
optional
|
|
Type
|
reference
|
|
Default Value
|
none
|
References
To
rosettanet-binding Element
trading-partner Element
From
none
Hierarchy
Used By
rosettanet-binding Element
Children
none
failure-report-administrator Element
This element represents the RosettaNet PIP failure report administrator. It sends notification of failure (PIP0A1) messages to the appropriate trading partner and binding.
Syntax
<failure-report-administrator
trading-partner-name="tradingPartnerReference"
binding-name="bindingReference"/>
Attributes
|
Attribute
|
|
|
|
trading-partner-name
|
Description
|
The name of the trading partner in the TPM repository that should receive RosettaNet failure notification.
|
|
Allowable Values
|
any
|
|
Use
|
required
|
|
Type
|
reference
|
|
Default Value
|
none
|
|
binding-name
|
Description
|
The name of the binding in the TPM repository for the provider.
|
|
Allowable Values
|
any
|
|
Use
|
optional
|
|
Type
|
reference
|
|
Default Value
|
none
|
References
To
rosettanet-binding Element
trading-partner Element
From
none
Hierarchy
Used By
rosettanet-binding Element
Children
none
reference simpleType
This references another element in the TPM repository.
Syntax
<reference>referenceName</reference>
Attributes
none
Type
xs:string
Hierarchy
Used By
authentication Element
ebxml-binding Element
failure-notifier Element
failure-report-administrator Element
rosettanet-binding Element
service-profile Element
Children
none
rosettanet-binding Element
This element defines the RosettaNet business protocol specific bindings for the parent trading partner.
The RosettaNet protocol supports non-repudiation by digitally signing outbound messages and acknowledgements based on the is-signature-required and is-receipt-signature-required attributes.
Syntax
<rosettanet-binding
name="bindingName"
business-protocol-name="businessProtocolName"
business-protocol-version="businessProtocolVersion"
is-default="[true|false]"
encryption-certificate-name="encryptionCertificateName"
cipher-algorithm="[NONE|RC5|DES|TRIPLE_DES|RC2]"
encryption-level="[NONE|PAYLOAD|ENTIRE_PAYLOAD]"
is-signature-required="[true|false]"
is-receipt-signature-required="[true|false]"
signature-digest-algorithm="[SHA-1|MD5|None]"
signature-certificate-name="signatureCertificateName"
retries="noOfRetries"
retry-interval="retryIntervalNo"
process-timeout="processTimeoutNo">
<failure-report-administrator/>
<failure-notifier
.
.
.
/>
<transport
.
.
.
/>
</rosettanet-binding>
Attributes
|
Attribute
|
|
|
|
name
|
Description
|
The name for the binding in the TPM repository. A trading partner may have multiple rosettanet-binding elements, so the name must be unique to the parent trading-partner element.
|
|
Allowable Values
|
any
|
|
Use
|
required
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
|
business-protocol-name
|
Description
|
Identifies the business protocol for message exchange.
|
|
Allowable Values
|
RosettaNet
|
|
Use
|
optional
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
|
business-protocol-version
|
Description
|
Identifies the version of the business-protocol name.
|
|
Allowable Values
|
1.1
2.0
|
|
Use
|
optional
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
|
is-default
|
Description
|
Identifies the default rosettanet-binding for a trading partner in the event it has more than one.
|
|
Allowable Values
|
false
true
|
|
Use
|
optional
|
|
Type
|
xs:boolean
|
|
Default Value
|
false
|
|
encryption-certificate-name
|
Description
|
The name of the encryption certificate for the encryption and decryption of messages.
|
|
Allowable Values
|
any
|
|
Use
|
optional
|
|
Type
|
reference
|
|
Default Value
|
none
|
|
cipher-algorithm
|
Description
|
The cipher algorithm for encrypting messages.
|
|
Allowable Values
|
NONE
RC5
DES
TRIPLE_DES
RC2
|
|
Use
|
optional
|
|
Type
|
xs:NMTOKEN
|
|
Default Value
|
none
|
|
encryption-level
|
Description
|
This attribute determines how much of a message to encrypt.
|
|
Allowable Values
|
NONE
PAYLOAD
ENTIRE_PAYLOAD
|
|
Use
|
optional
|
|
Type
|
xs:NMTOKEN
|
|
Default Value
|
none
|
|
is-signature-required
|
Description
|
This setting, if true, specifies that parties must digitally sign messages they send to the trading partner though this binding.
You can control the archival of signed messages in a secure audit log by the global attribute secure-audit-logging in the root element trading-partner-management.
|
|
Allowable Values
|
false
true
|
|
Use
|
optional
|
|
Type
|
xs:boolean
|
|
Default Value
|
false
|
|
is-receipt-signature
-required
|
Description
|
This setting, if true, specifies that the party who receives the RosettaNet messages from this trading partner through this binding must acknowledge them using the digitally receipt messages. The receipt messages must use the certificate of acknowledging party.
You can control the archival of signed receipts in a secure audit log by the global attribute secure-audit-logging in the root element trading-partner-management.
|
|
Allowable Values
|
false
true
|
|
Use
|
optional
|
|
Type
|
xs:boolean
|
|
Default Value
|
false
|
|
signature-digest-algorithm
|
Description
|
This setting specifies the message digest algorith used for the digital signature.
|
|
Allowable Values
|
SHA-1
MD5
None
If the vaule is SHA-1, None, or null, the Secure Hash Algorithm 1 (SHA-1), which produces a 160-bit hash, is used.
If the value is MD5, the Message Digest 5 (MD5) message hash algorithm, which produces a 128-bit hash, is used.
|
|
Use
|
optional
|
|
Type
|
xs:NMTOKEN
|
|
Default Value
|
NONE
|
|
signature-certificate
-name
|
Description
|
References the name of the certificate for digitally signing messages.
|
|
Allowable Values
|
any
|
|
Use
|
optional
This setting is required if the is-signature-required or is-signature-receipt-required attributes are true.
|
|
Type
|
reference
|
|
Default Value
|
none
|
|
retries
|
Description
|
Specifies the maximum number of times to attempt to send a reliably delivered message.
|
|
Allowable Values
|
Any positive Integer
|
|
Use
|
optional
|
|
Type
|
xs:nonNegativeInteger
|
|
Default Value
|
3
|
|
retry-interval
|
Description
|
This attribute defines the time interval between attempts to send a reliably delivered message. The interval begins after the time-out period for message acknowledgement expires.
|
|
Allowable Values
|
time duration string
|
|
Use
|
optional
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
|
process-timeout
|
Description
|
The amount of time a PIP can be active before timing out.
|
|
Allowable Values
|
time duration string
|
|
Use
|
optional
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
References
To
encryption-certificate Element
signature-certificate Element
From
failure-notifier Element
failure-report-administrator Element
service-profile Element
Hierarchy
Used By
trading-partner Element
Children
failure-report-administrator Element
failure-notifier Element
transport Element
rosettanet-service-defaults Element
This element specifies RosettaNet protocol-specific configuration attributes for a service.
Syntax
<rosettanet-service-defaults
service-content-schema="schemaFilePath"
use-dtd-validation="[true|false]"
validate-service-content="[true|false]"
validate-service-header="[true|false]"/>
Attributes
|
Attribute
|
|
|
|
service-content-schema
|
Description
|
The XML schema for content validation.
The service uses this schema only if use-dtd-validation is false and validate-service-content is true.
|
|
Allowable Values
|
any
|
|
Use
|
optional
|
|
Type
|
xs:string
|
|
Default Value
|
none
|
|
use-dtd-validation
|
Description
|
Specifies the kind of XML validation to perform. If true, the validation is from a DTD; if false, from XML schema.
|
|
Allowable Values
|
false
true
|
|
Use
|
optional
|
|
Type
|
xs:boolean
|
|
Default Value
|
false
|
|
validate-service-content
|
Description
|
Determines whether to validate the service content of all messages.
|
|
Allowable Values
|
false
true
|
|
Use
|
optional
|
|
Type
|
xs:boolean
|
|
Default Value
|
false
|
|
validate-service-header
|
Description
|
Determines whether to validate the service header for all messages.
|
|
Allowable Values
|
false
true
|
|
Use
|
optional
|
|
Type
|
xs:boolean
|
|
Default Value
|
false
|
References
To
none
From
none
Hierarchy
Used By
service Element
Children
none
server-certificate Element
This element defines a digital certificate for a trading partner to authenticate the identity of a target server for an outbound connection.
Syntax
<server-certificate
name="serverCertificateName"
password-alias="password-alias_1">
<KeyInfo
.
.
.
</KeyInfo>
</server-certificate>
Attributes
|
Attribute
|
|
|
|
name
|
Description
|
The name of the server certificate in the TPM repository. The name is also the entry name in the local keystore.
|
|
Allowable Values
|
any
|
|
Use
|
required
|
|
Type
|
|
