Oracle E-Business Suite 12.2 Mobile and Web Services Architecture
This is the second posting in a blog series summarizing the new Oracle E-Business Suite 12.2 Mobile and web services functionality and recommendations for securing them.
Approximately 2,900 web services are created with an update to or installation of 12.2 and are defined in the table APPLSYS.FND_IREP_CLASSES. Within the Oracle E-Business Suite’s user interface, the Integrated SOA Gateway (ISG) module is used to deploy the web services defined in APPLSYS.FND_IREP_CLASSES. Key to understanding the 12.2 web services architecture is that ALL web services are defined in the Service Oriented Architecture (SOA) Gateway, this includes both Simple Object Access Protocol (SOAP) and Representational State Transfer (REST) web services.
The E-Business Suite’s Mobile and smartphone applications are deployed internally as REST services and are likewise defined in the Integrated SOA Gateway and stored in the table APPLSYS.FND_IREP_CLASSES. The graphic below depicts the addition of web services and helps to visualize the increased attack surface that needs to be secured.
If you have any questions, please contact us at info@integrigy.com
-Michael Miller, CISSP-ISSMP, CCSP, CCSK
References
- Oracle E-Business Suite Mobile and Web Services Security - Integrigy Whitepaper
- Oracle E-Business Suite Mobile and Web Services Security - Integrigy Webinar
- Oracle E-Business Suite Release 12.2 Configuration in a DMZ (Note 1375670.1)