mail Notification Security:

Each individual e-mail notification message sent by a notification mailer includes a line containing a notification ID (NID), access key, and node identifier, which are used to authenticate responses to the notification.

• The NID identifies the notification in the database.

• The notification access key is a distinct random key generated by the Notification System for each NID. The access key must be included in a response to the

notification in order for a notification mailer to accept the response, thereby serving as a password that allows only users who actually received the notification

containing the key to respond to that notification.

• The node identifier specifies the notification mailer node to which the message belongs.

The format of the NID line is as follows:

NID[NID/access_key@node_identifier]

Responses by E-mail

When a user responds to a notification by e-mail, the response message must include the NID line from the original notification message. A notification mailer accepts the response only if the correct NID and access key combination is included in the response.

Users can ensure that the response message contains the NID and access key either by including the entire original message when replying or by using a response template that includes the NID line.

Note: Some mail clients, notably early releases of Microsoft Outlook Express, may not copy the NID line properly in a reply message. When responding to a notification, users should verify that the NID line is included in full and contains the prefix NID and all the details between the square brackets.

A user who receives an e-mail notification message may forward the message to another user through the e-mail application. When you configure a notification mailer, you can choose whether to allow a user to respond by e-mail to an e-mail notification that has been forwarded from another role.

• If you deselect the Allow Forwarded Response configuration parameter, the

response exactly matches the e-mail address of the recorded recipient role, or the e-mail address of a user in that role. If the two e-mail addresses match exactly, meaning the notification was not forwarded or was forwarded according to a valid vacation routing rule, the notification mailer treats the response as a valid response.

If the two e-mail addresses do not match exactly, meaning the notification was simply forwarded using the e-mail Forward command, the notification mailer does not process the response and treats it as unsolicited mail.

• If you select the Allow Forwarded Response configuration parameter, the notification mailer that receives the notification never checks the "From:" e-mail address of the notification response and always allows the response to be processed. In this case, users can delegate notifications to other users simply by forwarding the notification message through the e-mail application, and the new recipient of a forwarded notification automatically receives the authority to respond to it.

Important: Note that there are limitations when you deselect the Allow Forwarded Response parameter. For example, suppose a notification is sent to a distribution list mail alias that does not have a user/role relationship in the Oracle Workflow directory service. If any user from the distribution list responds to the notification, the notification mailer will always treat their notification response as unsolicited mail, because the "From:" e-mail address, which is an individual user's e-mail

address, will never match the distribution list mail alias.

Responses through the Notification Detail Link Attachment

HTML-formatted e-mail notifications with attachments and plain text e-mail

notifications with HTML attachments include an attachment called Notification Detail Link. When this link is clicked, it displays the notification in the Notification Details Web page. A user who receives a notification with a Notification Detail Link attachment can use this Web page to respond directly to the notification, instead of sending an e-mail response message to be processed by a notification mailer.

You can choose whether to require users to log in before they can access the Notification Details Web page for a notification through the Notification Detail Link.

• By default, users must always log in before they can access the Notification Details page in Oracle E-Business Suite from the Notification Detail Link.

• You can optionally enable guest access to the Notification Details page. Guest access lets users access this page from e-mail notifications without logging in to Oracle E-Business Suite with an individual user name and password. This feature is not recommended due to security considerations. However, if you choose to allow guest access, you can perform the following steps to enable it:

• Set the WF: GUEST Access to Notification profile option to Enabled at the site

level. See: Overview of Setting User Profiles, Oracle E-Business Suite System Administrator's Guide - Maintenance.

• Create a grant assigning the "Workflow Guest User permission set" to the GUEST user. When defining the set for the grant, select the set type

Navigation Menu and select the menu named "Workflow Guest User permission set" (internal code: WF_GUEST_GRANTS). After creating the grant, you must stop and restart Oracle HTTP Server for the change to take effect. See: Create Grant, Oracle E-Business Suite System Administrator's Guide - Security.

• In Oracle Applications Manager, stop and restart the service component container named Workflow Mailer Service. See: Service Components, page 7-7.

With guest access, if a user navigates to the Notification Details page and is not already logged in to Oracle E-Business Suite, the user is logged in automatically as the GUEST user. The user can then respond to the notification, and can also reassign the notification or request more information if those actions are available for that notification. However, the user cannot access any other notification in the Notification Details page, nor any other Oracle Workflow Web pages.

In cases where Oracle Workflow records the identity of the logged in user who acted on a notification, the action history will show those actions as being performed by the GUEST user.

When a user views a notification through guest access, Oracle Workflow displays the notification according to the language and territory preferences of the recipient role for the notification and the date and number preferences of the GUEST user. To view notifications with their own preferences, users can log in with their own user names and passwords before accessing the notifications.

Oracle Workflow does not support guest access for notifications that require electronic signatures. If you want users to sign their notification responses with password-based signatures or certificate-based digital signatures, those users must log in with their own user names and passwords to enter their signatures.

Note: If you enabled guest access but no longer want to allow it, you can disable it by setting the WF: GUEST Access to Notification profile option to Disabled and setting an end date for the grant you created. Then stop and restart Oracle HTTP Server and, in Oracle Applications Manager, stop and restart the service

component container named Workflow Mailer Service. Users will then always be required to log in before they can access the Notification Details page from the Notification Detail Link.