The endpoint also needs to handle security, i.e. authentication, authorization, encryption if desired, and so on. All of these are typically not part of an EJB, but declared outside ot it. You would need to add that to your endpoint.
I understand all of this should be in the first point of contact of the request from the customer. But to call this NAME EJB End Point design is what is bit confusing. If this interface is not an ejb Itself but the funtionality is then it would be advisable to call endpoint interface rather than EJB End point interface? Am I thinking wrong.
As well If the end point interface is not EJB for an existing EJB business component can the same interface be reused with the web tier for non EJB's.