Important: IBM® strongly
recommends enabling SSL for the Content Engine and Process Engine web services. Authentication
over these two web services is usually performed by providing username
and password credentials. If these web services are not configured
to run over an SSL connection, clear text passwords will be sent across
the network. (However, this is not true when Kerberos-based authentication
is used. In the IBM FileNet® P8 5.0.0
release, Kerberos authentication is available only for the Content Engine web service.) The option
not to use SSL over these two web services is provided primarily for
development systems or other non-production systems where the security
provided by SSL might not be required.
For access to the Content Engine through the EJB transport
(IIOP or T3 protocol), an SSL connection is necessary to provide privacy
for data sent across the network. However, user passwords would not
be compromised if SSL were not used. While it is preferable to use
SSL with the EJB transport (IIOP or T3 protocol), it is not a requirement.
- The Content Engine web service
is used:
- By all clients of the Content Engine version
5.0.0 .NET API
- By all clients of the Content Engine version
5.0.0 COM Compatibility API (CCL)
- By Enterprise Manager tool and FileNet Deployment Manager tools
- By the Content Engine version
3.5.2 to 5.0.0 Upgrade tool
- By the Process Engine, when
making calls to the Content Engine to
retrieve user and group information
- By the Component Manager, running on the Application Engine, which is an integral component
for BPM Process Orchestration framework
- By customer and 3rd party tools written against the Content Engine version 3.5 web service
API, including Altien Document Manager and the Sharepoint integration
done by Vorsite.
- Certain Java™ applications
(written against the Content Engine version
3.5 Java API or the Content Engine 5.0.0 zJava API) might use the Content Engine web service transport,
but typically they would use EJB transport (IIOP or T3 protocol).
- The Application Engine server
uses only the EJB transport to communicate with the Content Engine in the 5.0.0 release.
- The Process Engine web service
is used by customer and independent software vendor applications to
write runtime applications (typically step processor applications)
against the Process Engine. The Process Engine Java API does not make use of the Process Engine web service.