Obscure Data - Process Data Values Service

The Obscure Data - Process Data Values service inserts up to five preconfigured parameter name-value pairs into process data.

The following table provides an overview of the Obscure Data - Process Data Values service:

Category Description
System name ObscureParameter
Graphical Process Modeler (GPM) category All Services (as ObscureParameter)
Description Each instance of the Obscure Data - Process Data Values service can be used to insert up to five preconfigured parameter name-value pairs into process data. The values that are associated with each of the parameter names are masked by replacing the original content with an unintelligible version. The unobscured plain text value can be retrieved by using the revealObscured XPath function.
Business usage In Sterling B2B Integrator, the data processed by a business process (contents of process data, primary document), as it is being executed or after it has finished executing is readily available in plain text and easily viewable. The purpose of the Obscure Data - Process Data Values service is to help restrict access to sensitive data, such as passwords, etc., by masking them and converting the values to unintelligible ones. If you need to obscure the entire content of the primary document, use the Obscure Data - Obscure Primary Document service and if you only need to obscure certain elements in process data, use the Obscure Data - Process Data Values service.
Usage example Assume that a business process has been set up to route information based on the information stored in a secure repository. The security credentials (user ID, password, etc.) required to access the secure repository could be obscured while configuring the Obscure Data - Process Data Values service and retrieved only within the adapter used to establish a connection to the secure repository.
Preconfigured? Yes
Requires third-party files? No
Platform availability All supported Sterling B2B Integrator platforms
Related services This service is designed to work with the RevealObscured XPath function. See revealObscured XPath Function for more information.
Application requirements The parameter name-value pairs to be inserted into process data must be specified while configuring the service instance in Sterling B2B Integrator, in order to prevent unauthorized viewing of sensitive information in the Graphical Process Modeler (GPM) or the BPML code.
Initiates business processes? No
Invocation This service is invoked from within a business process.
Business process context considerations This service inserts the configured, and obscured, parameters into process data. It does not affect the primary document.
Returned status values Possible values:
  • Success
  • Error
Restrictions None
Persistence level System default
Testing considerations None

Implementing the Obscure Data - Process Data Values service

To implement the Obscure Data - Process Data Values service, complete the following tasks:
  1. Create an Obscure Data - Process Data Values service configuration. For information, see Managing Services and Adapters.
  2. Configure the adapter. For information, see Configuring the Obscure Data - Process Data Values service.
  3. Create and enable a business process that includes the Obscure Data - Process Data Values service.
  4. Test the business process and the service.
  5. Run the business process.

Configuring the Obscure Data - Process Data Values service

To configure the Obscure Data - Process Data Values service, you must specify field settings in Sterling B2B Integrator:

Field Description
Name Unique and meaningful name for the adapter configuration. Required.
Description Meaningful description for the adapter configuration, for reference purposes. Required.
Select a Group Select one of the options:
  • None – You do not want to include this configuration in a group at this time.
  • Create New Group – You can enter a name for a new group in this field, which will then be created along with this configuration.
  • Select Group – If you have already created one or more groups for this service type, they are displayed in the list. Select a group from the list.
Note: For more information about groups, see Managing Services and Adapters.
Parameter Name Name of the obscured parameter. Obscure Data - Process Data Values service uses the value you specify for this parameter as the element name in the ProcessData of the business process. This service creates process data elements based on the name-value pairs.
Parameter Value Value of the obscured parameter. Obscure Data - Process Data Values service encrypts the value you specify for this parameter. The service uses the encrypted representation for the value in ProcessData with the Parameter Name for the element. The following example illustrates the encrypted value in an example of process data:
<ProcessData> 
<admin>AAAAEQAAAAUAAAAeAAAAGgAAABkAAAA
       OAAAAFgAAAAk=</admin> 
<support>AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
         AAAAAAAAA==</support> 
<ftpdemo>AAAAFgAAABUAAAADAAAAFwAAABIAA
         AAAHQAAAAI=</ftpdemo> 
</ProcessData>
This service creates process data elements based on the name-value pairs
Note: The value you specify for this parameter must comply with the XML naming rules for XML elements and XML syntax rules. For more information on XML conventions, see http://www.w3.org/XML/.
Note: A maximum of five of the above name-value pairs can be specified per instance of the Obscure Data - Process Data Values service.

This service creates process data elements based on the name-value pairs provided during configuration. No Obscure Data - Process Data Values service parameters are configured with the GPM. To retrieve the unobscured parameter values, use the revealObscured XPath function.

revealObscured XPath Function

The revealObscured XPath function is used to retrieve values associated with the obscured parameter names, in plain text form.

The syntax and an example demonstrating the usage of the revealObscured XPath function is shown below:

Syntax:

revealObscured (Name of Obscured Parameter)

Example:

revealObscured(obscuredPasswordParameterName)

The revealObscured XPath function can be used in an assign statement in a service invocation. For example, if a service requires a password passed from the workflow context, you could enter this password using the Obscure Data - Process Data Values service to prevent a plain text password from being passed in the business process. The following assign statement could be then used to pass the plain text password to the service.

<assign to="password" from="revealObscured(ParameterName)"/>

Example Business Processes

The first example uses a single parameter in the Obscure Data - Process Data Values service to take a user's password, obscure it and add it to process data. In this case, the User ID is specified in the Parameter Name field and the associated password is specified in the Parameter Value field. See Configuring the Obscure Data - Process Data Values service for more information. Then, when needed in the business process, the revealObscured XPath function is used to retrieve the obscured password from process data in a plain text (unobscured) form. The User ID and password can then be used to perform some function, for example, access a system folder.

<process name=”Obscure_Data_Process_Data_Values_Example”>
  <sequence>
<!-- Use the Obscure Data - Process Data Values service to add the obscured
         password to process data for later retrieval and use in the business 
         process -->
    <operation name="ObscureParameter">
    <participant name="Example_Obscure_Param"/>
    <output message="ObscureParameterInputMessage">
      <assign to="." from="*"></assign>
    </output>
    <input message="inmsg">
      <assign to="." from="*"></assign>
    </input>
    </operation>
INSERT OTHER BUSINESS PROCESS OPERATIONS HERE
<!-- Retrieve the obscured password from process data and unobscure it using
         the revealObscured XPath function -->
      <assign to="RevealedPassword" from="revealObscured(User ID)"append="true">
      </assign>
<!-- Use the User ID and Password to gain access to a system folder -->
INSERT OTHER BUSINESS PROCESS OPERATIONS HERE
  </sequence> 
</process>

The next example uses the Obscure Data - Process Data Values service to obscure both the User ID and password and add them to process data. In this example, there will be two parameters specified. For the first parameter, UserID is specified in the Parameter Name field and the actual User ID is specified in the Parameter Value field. For the second parameter, Password is specified in the Parameter Name field and the password associated with the User ID is specified in the Parameter Value field. Then, when needed, the revealObscured XPath function is used to retrieve the two parameters from process data in a plain text (unobscured) form. The unobscured User ID and password are then available to be used as needed in the business process.

<process name=”Obscure_Data_Process_Data_Values_Example”>
<sequence>
<!-- Use the Obscure Data - Process Data Values service to add obscured 
         User ID and Password parameters to process data for later retrieval
         and use in the business process -->
    <operation name="ObscureParameter">
    <participant name="Example_Obscure_Param"/>
    <output message="ObscureParameterInputMessage">
      <assign to="." from="*"></assign>
    </output>
    <input message="inmsg">
      <assign to="." from="*"></assign>
    </input>
    </operation>
INSERT OTHER BUSINESS PROCESS OPERATIONS HERE
<!-- Retrieve unobscured UserID and Password values from process data using
         the revealObscured XPath function -->
      <assign to="RevealedUserID" from="revealObscured(UserID)"append="true">
      </assign>
       <assign to="RevealedPassword" from="revealObscured(Password)" append="true">
       </assign>
    <!-- Use the unobscured UserID and Password values as needed in your business
         process -->
    INSERT OTHER BUSINESS PROCESS OPERATIONS HERE
  </sequence> 
</process>