Skip Headers
Oracle Workflow Administrator's Guide
Release 2.6.3.5
Part Number B12160-02
|
|
|
|
|
|
|
|
|
Previous |
Next |
|
Contents |
Index |
Glossary |
E-mail Notification Security
Each individual e-mail notification message sent by a notification mailer includes a line containing a notification ID (NID), access key, and node identifier, which are used to authenticate responses to the notification.
- The NID identifies the notification in the database.
- The notification access key is a distinct random key generated by the Notification System for each NID. The access key must be included in a response to the notification in order for a notification mailer to accept the response, thereby serving as a password that allows only users who actually received the notification containing the key to respond to that notification.
- The node identifier specifies the notification mailer node to which the message belongs.
The format of the NID line is as follows:
NID[NID/access_key@node_identifier]
Responses by E-mail
When a user responds to a notification by e-mail, the response message must include the NID line from the original notification message. A notification mailer accepts the response only if the correct NID and access key combination is included in the response. Users can ensure that the response message contains the NID and access key either by including the entire original message when replying or by using a response template that includes the NID line.
Note: Some mail clients, notably early releases of Microsoft Outlook Express, may not copy the NID line properly in a reply message. When responding to a notification, users should verify that the NID line is included in full and contains the prefix NID and all the details between the square brackets.
A user who receives an e-mail notification message may forward the message to another user through the e-mail application. When you configure a notification mailer, you can choose whether to allow a user to respond by e-mail to an e-mail notification that has been forwarded from another role.
- If you deselect the Allow Forwarded Response configuration parameter, the notification mailer will check if the "From:" e-mail address of the notification response exactly matches the e-mail address of the recorded recipient role, or the e-mail address of a user in that role. If the two e-mail addresses match exactly, meaning the notification was not forwarded or was forwarded according to a valid vacation routing rule, the notification mailer treats the response as a valid response. If the two e-mail addresses do not match exactly, meaning the notification was simply forwarded using the e-mail Forward command, the notification mailer does not process the response and treats it as unsolicited mail.
- If you select the Allow Forwarded Response configuration parameter, the notification mailer that receives the notification never checks the "From:" e-mail address of the notification response and always allows the response to be processed. In this case, users can delegate notifications to other users simply by forwarding the notification message through the e-mail application, and the new recipient of a forwarded notification automatically receives the authoritiy to respond to it.
Warning: Note that there are limitations when you deselect the Allow Forwarded Response parameter. For example, suppose a notification is sent to a distribution list mail alias that does not have a user/role relationship in the Oracle Workflow directory service. If any user from the distribution list responds to the notification, the notification mailer will always treat their notification response as unsolicited mail, because the "From:" e-mail address, which is an individual user's e-mail address, will never match the distribution list mail alias.
Responses through the Notification Detail Link Attachment
HTML-formatted e-mail notifications with attachments and plain text e-mail notifications with HTML attachments include an attachment called Notification Detail Link. When this link is clicked, it displays the notification in the Notification Details Web page. A user who receives a notification with a Notification Detail Link attachment can use this Web page to respond directly to the notification, instead of sending an e-mail response message to be processed by a notification mailer.
You can choose whether to require users to log in before they can access the Notification Details Web page for a notification through the Notification Detail Link.
For Oracle Applications:
- By default, users must always log in before they can access the Notification Details page in Oracle Applications from the Notification Detail Link.
- You can optionally enable guest access to the Notification Details page. Guest access lets users access this page from e-mail notifications without logging in to Oracle Applications with an individual user name and password. This feature is not recommended due to security considerations. However, if you choose to allow guest access, you can perform the following steps to enable it:
- Set the WF: GUEST Access to Notification profile option to Enabled at the site level. See: Overview of Setting User Profiles, Oracle Applications System Administrator's Guide.
- Create a grant assigning the "Workflow Guest User permission set" to the GUEST user. When defining the set for the grant, select the set type Navigation Menu and select the menu named "Workflow Guest User permission set" (internal code: WF_GUEST_GRANTS). After creating the grant, you must stop and restart Oracle HTTP Server for the change to take effect. See: Create Grant, Oracle Applications System Administrator's Guide.
- In Oracle Applications Manager, stop and restart the service component container named Workflow Mailer Service. For more information, see the Oracle Applications Manager online help.
With guest access, if a user navigates to the Notification Details page and is not already logged in to Oracle Applications, the user is logged in automatically as the GUEST user. The user can then respond to the notification, and can also reassign the notification or request more information if those actions are available for that notification. However, the user cannot access any other notification in the Notification Details page, nor any other Oracle Workflow Web pages.
In cases where Oracle Workflow records the identity of the logged in user who acted on a notification, the action history will show those actions as being performed by the GUEST user.
When a user views a notification through guest access, Oracle Workflow displays the notification according to the language and territory preferences of the recipient role for the notification and the date and number preferences of the GUEST user. To view notifications with their own preferences, users can log in with their own user names and passwords before accessing the notifications.
Oracle Workflow does not support guest access for notifications that require electronic signatures. If you want users to sign their notification responses with password-based signatures or certificate-based digital signatures, those users must log in with their own user names and passwords to enter their signatures.
Note: If you enabled guest access but no longer want to allow it, you can disable it by setting the WF: GUEST Access to Notification profile option to Disabled and setting an end date for the grant you created. Then stop and restart Oracle HTTP Server and, in Oracle Applications Manager, stop and restart the service component container named Workflow Mailer Service. Users will then always be required to log in before they can access the Notification Details page from the Notification Detail Link.
For standalone Oracle Workflow:
- If you select the Send Access Key configuration parameter for a notification mailer, the notification mailer includes the notification access key in the Notification Detail Link attachment. The access key allows users to access the Notification Details web page in standalone Oracle Workflow directly by clicking the Notification Detail Link, whether they are currently logged in or not. However, if users are not already logged in, they cannot access any other notifications except the notification with which the attachment was sent.
- If you deselect the Send Access Key configuration parameter, the notification mailer does not include the access key in the Notification Detail Link. When users click the link without the access key, they are prompted to log in, if they have not already done so, before they can access the Notification Details web page.
E-mail Notification Summaries
Instead of individual e-mail notifications, users can also receive e-mail summaries listing all their open notifications. Users can indicate that they want to receive e-mail summaries by choosing a notification preference of SUMMARY or, for Oracle Applications only, SUMHTML.
- SUMMARY - Users receive plain text e-mail summary messages, which do not enable any direct response through e-mail to the notifications they list. Instead, to respond to the individual notifications in a summary, users must log in to Oracle Workflow and access the notifications through the Worklist web page.
- SUMHTML - Users receive HTML-formatted e-mail summary messages. An HTML-formatted summary does not enable responses through e-mail. However, it includes a link to the Worklist web page as well as links to each notification in the Notification Details web page, where users can respond to the individual notifications. Users must log in to Oracle Applications before they can access the Worklist and Notification Details pages, unless you enable guest access to the Notification Details page. See: Responses Through the Notification Detail Link Attachment.
To send e-mail summaries, schedule a Launch Summary Notifications event for a notification mailer. For the seeded Workflow Notification Mailer, the Launch Summary Notifications event is scheduled to send e-mail summary notifications once a day by default.
Confirming Responses with Electronic Signatures
In Oracle Applications, you can require that the response to a notification be signed with either a password-based signature or a certificate-based digital signature. In this case, users cannot respond to that notification through e-mail. Instead, they must respond to the notification from the Notification Details web page and enter the appropriate type of signature. To access the Notification Details page, users can either log into Oracle Applications separately, or, if their notification preference includes HTML attachments, use the Notification Detail Link.
Use the special message attribute #WF_SIG_POLICY to specify the signature policy for a notification. See: #WF_SIG_POLICY Attribute, Oracle Workflow Developer's Guide.
Excluding Notification Content From E-mail
If a particular notification contains sensitive information that you do not want to send in e-mail, you can choose to exclude the content of the notification from the e-mail version of the notification. In this case, users receive an e-mail message that only informs them that they must access the notification through the Notification Details web page instead to view the content and respond. To access the Notification Details page, users can either log into Oracle Applications separately, or, if their notification preference includes HTML attachments, use the Notification Detail Link.
Use the special message attribute #WF_SECURITY_POLICY to specify the content security policy for a notification. See: #WF_SECURITY_POLICY Attribute, Oracle Workflow Developer's Guide.
Sending Outbound E-mail Notifications Only
If you do not want to allow responses by e-mail, you can choose to send only outbound e-mail notifications. To configure your notification mailers for outbound-only processing, set the inbound thread count to 0 (zero) in the configuration wizard for each notification mailer.
When you set up an outbound-only mailer, you should configure the mailer to use message templates for response-required notifications that do not request a response by e-mail, but instead direct recipients to respond from the Notification Details Web page. For example, you can configure the mailer to send response-required notifications using the Workflow View From UI message template, which is an alternative template provided by Oracle Workflow in the System: Mailer item type, or create your own custom message templates. The outbound-only mailer can still use the standard message templates to send outbound summary notifications or For Your Information (FYI) notifications that do not require a response.
Disabling E-mail Notifications
Ultimately, the security of e-mail notifications depends on the security of your e-mail application. If you do not want to send any workflow information by e-mail, you can choose not to run any notification mailers at all. In this case users must always log on to Oracle Workflow and access the Worklist web page to view and respond to their notifications.
See: Implementing Notification Mailers
See: Notification Preferences
See: Plain Text E-mail
See: HTML-Formatted E-mail with Attachments
See: HTML-Formatted E-mail
See: Plain Text E-mail with an HTML Attachment
See: Setting Up Notification Mailers
See: Inbound Notification Mailer Processing
See: Overview of Notification Handling, Oracle Workflow User's Guide
Copyright © 2003, 2004, Oracle. All rights reserved.