Standards for Technology in Automotive Retail

 
 Home -  News Feed 

8.2. WS-I Conformance Claim

In order to help inform clients and trading partners consuming a STAR Level 2 service using Digital Certificates for authentication, it is recommended that STAR implementations state their conformance to the WS-I Basic Security Profile.

Example 8.1. WS-I Basic Security Profile Conformance Claim

<wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl"
  xmlns:tns="http://example.org/myservice"
  xmlns:soapbind="http://schemas.xmlsoap.org/wsdl/soap"
  xmlns:wsi="http://ws-i.org/schemas/conformanceClaim/"
  targetNamespace="http://example.org/myservice">
  <wsdl:portType name="MyPortType">
      ...
  </wsdl:portType>
  <wsdl:binding name="MyBinding" portType="MyPortType" >
      ...
  </wsdl:binding>
  <wsdl:service name="MyService" >
    <wsdl:port name="MyPort" binding="tns:MyBinding" >
      <wsdl:documentation>
        <wsi:Claim
         conformsTo=”http://ws-i.org/profiles/basic-security/1.0/x.509-certificate-token” />
      </wsdl:documentation>
      <soapbind:address 
       location="http://example.org/myservice/myport" />
    </wsdl:port>
  </wsdl:service>
</wsdl:definitions>

By including the conformance claim within the WSDL for a service, clients of the service are made aware of the endpoint's conformance to the specified target. Clients can then test to make sure that their implementations are conformant as well as verify that the web service is indeed conformant to the specified profile/target.

8.2.1. WS-I Basic Security Profile

WS-I Basic Security Profile 1.0 consists of a set of non-proprietary web services specifications, along with clarifications to and amplifications of those specifications which promote interoperability.

STAR Level 2 implementations when using Digital Certificates for authentication MUST implement the rules specified by the WS-I Basic Security Profile. In particular implementations must be conformant to section 12.

Conformance Targets. Conformance targets identify what artifacts (e.g., SOAP message, WSDL description) or parties (e.g., SOAP processor, end user) requirements apply to . This allows for the definition of conformance in different contexts, to assure unambiguous interpretation of the applicability of requirements, and to allow conformance testing of artifacts (e.g., SOAP messages and WSDL descriptions) and the behavior of various parties to a Web service (e.g., clients and service instances). STAR implementations or derivation of STAR transport web services will align to one of the conformance targets as mentioned in the Basic Security Profile 1.0.

[Important]STAR Level Two Requirement

STAR2002: Implementations must conform to section 12, "X.509 Certificate Token" of the WS-I Basic Security Profile 1.0.

The WS-I Basic Security Profile indicates that the BinarySecurityToken Value Type attribute be http:// docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3. If referencing a certificate path, the BinarySecurityToken should be one of:

  • http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1

  • http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#PKCS7

The profile indicates that X509PKIPathv1 is recommended for efficiency.