Encrypting Data Flow in a Business Process Service

In addition to the native security support provided by the underlying transports, you can provide additional security to transports by encrypting data flowing to a business process service through the encryption and decryption operations in Sybase WorkSpace.

Before encrypting your data flow, verify that:

The encrypt/decrypt or xmlencrypt/xmldecrypt security operations explicitly specify security profiles for each encryption/decryption operation in a business process.
The encryptautoprofile/decryptautoprofile or xmlencryptautoprofile/xmldecryptautoprofile security operations use the same implicit security profiles for all encryption/decryption operations within a business process.

Create a business process service.
See Creating a Business Process Service in the Sybase WorkSpace Development collection > Service Development > Developing a Business Process Service for step-by-step instructions.
In Sybase WorkSpace, expand the SecurityService category in the Service Explorer to display the supported security operations.
Drag and drop one of the following SecurityService Operations onto your business process service:
- encrypt/decrypt
- encryptautoprofile/decryptautoprofile
- xmlencrypt/xmldecrypt
- xmlencryptautoprofile/xmldecryptautoprofile
If you used an encryptautoprofile/decryptautoprofile or xmlencryptautoprofile/xmldecryptautoprofile security operation:
1. In the Business Process Variable section, right-click Local Variable > New Variable to create a new variable.
2. Select the new variable to display the Properties view.
3. To define variable properties, select the Reply-To Address variable type.
4. To define the properties of each operation in your business process as having a Reply-To Address variable, select the operation on the design canvas, and then select the Reply-To Address variable that you just defined.
5. Save your business process.
Define the business process input and output variables for the security operations:
1. Select the Service Interface tab, and click Add under the Operation Parameters section.
2. Define the input and output parameters for the security operation as required.
  See the security operation listed in the Service Explorer for the specific parameters.
3. Save your business process.
Create the Assign activities:
1. Open the Tool Palette and drag three Assign activities onto the business process directly before and after each security operation. Connect your activities.
  For example, Assign > Encryption Operation > Assign > Decryption Operation > Assign.
2. Map the values for the pre-operation and post-operation Assigns.
  See Creating an Assign in the Sybase WorkSpace Development collection > Service Development > Develop > Developing a Business Process Service > Designing a Business Process > Adding Activities for step-by-step instructions.
3. Save your business process.
Develop a Sybase Services Package Profile.
For step-by-step instructions, see the following topics in the Sybase WorkSpace Development collection > Service Development > Package > Developing a Sybase Services Package Profile:
- Completing the Prerequisites for a Sybase Services Package Profile
- Creating a Sybase Services Package Profile
If you used an encryptautoprofile/decryptautoprofile or xmlencryptautoprofile/xmldecryptautoprofile security operation, configure the security profile ID:
1. Select the Access Configuration tab.
2. Select the transport definition you want to configure in the Transports section, and click Properties to display the Properties dialog box.
3. Select Transport Security Details in the left pane, enter the security profile name in the security profile ID field, and click OK.
  See the Runtime Management Console online help (installed with the Runtime Management Console) for more information on creating security profiles in the Security Console.