[Profile Register/Log In] (What's This?)

From: Garrett Foster <garrett@fosterconcepts.com>
Subject: [techies] Re: cxml Punchout Application - https request/response
In-Reply-To: [techies] cxml Punchout Application - https request/response
Date: Thu Sep 18 15:45:18 2014

Hello Karen,

I don't really know of any good documents custom 10g application.  Only information on Web Services/SOA in iAS 11g and SOA Gateway in Oracle EBS r12.  From my experience this is much different then the Ariba cXML spec, which provides a spec and the vendors like Ariba  have their own security requirements.

It really depends on how much integration is happening with the Punchout Application.   
There are two sides to this, the purchaser and the supplier.   
Either one should use all Requests in SSL (HTTPS).    It may not be required on the other end but, it is good practice.     If you are the application submitting the request you will need to implement an Oracle Wallet and import the destination sites SSL Certificate.   Ariba and Sciquest will both require it.

Using the DB may seem like an easy way to implement but, I would start with mapping out all of the Use Cases with integration points.  Is this one REQUEST/RESPONSE and the Use Case is done or for a user to complete a Use Case are there many interactions to complete?

If you have several interactions the 10g database and XML parsers are not the best for consuming web services.  Especially when compared to the parsers in java or .Net.   Things like special characters in your data can through off the whole transaction.   


If you would like to discuss further let me know.

-Garrett



Garrett Foster
 | Managing Principal
Foster Concepts 
eCommerce That Works
O: +1 (303) 385-8574

On May 15, 2013, at 8:10 AM, Karen Boudreau wrote:

(Mailing list information, including how to remove yourself, is located at the end of this message.)

What is the safest and simplest way to send an HTTP(S) REQUEST/RESPONSE to an external (internet) url initiated from a user running an Oracle 10G Forms and Reports application (currently running on a 10g operational database)?
 
Is there a good article or whitepaper that explains how to do this simple process using predominately Oracle components? I am tempted to use utl_http because it may be quick to implement, however, the internet research I have done leads me to believe  the actual HTTPS REQUEST transaction should be initiated through a web service (or script) running outside the database (and database server)  and not launched directly from the operational database (like utl_http allows).
 
I am looking for a best practice secure design using predominantly Oracle components without additional scripting modules (such as PHP or ASP), if possible.
 
Background:
I am tasked with adding a cXML Punchout feature to a financial system’s procurement module. The cXML standards indicate the cXML message is transported to an external supplier’s website using an HTTP(S) REQUEST/RESPONSE. The financial system is built with 10g Oracle Forms and Reports running on an Oracle 10g database. 
 
My experience is with Oracle Forms/Reports and pl/sql.  I do not have experience with developing web applications using other technologies. I have spent numerous hours reviewing articles on utl_http, mod_plsql, xmldb, consuming web services, etc and am not sure which components I really should be using for this simple functionality.
 
Any help is greatly appreciated.
Regards,
Karen Boudreau
 

Subscription Reminder: You're Subscribed to: techies using the address: garrett@fosterconcepts.com

From: heidikuhn@rmoug.org 
P.O. Box 621942
Littleton, CO 80162

Manage Your Subscription » or, Unsubscribe Automatically »

Mailing List Powered by Dada Mail