Standards for Technology in Automotive Retail
Table of Contents
Message Security is a complex subject. Below, we describe the key issues, describe the scope of this release of the STAR Transport Guidelines and make security implementation recommendations for STAR Web Services Guidelines and STAR ebMS Implementation Guidelines.
When two parties exchange digital business data in the form of a message, key questions must be asked and answered by each party to assure that the business transaction is secure:
Who are you?
What system are you talking to me from?
How do I identify the business role you are playing?
Are you an individual human or an automated system?
Can I prove you are who you say you are?
What technology will prove you are who you say you are?
Are we the only ones who can read the business data?
Was the message received exactly as sent?
Non-Repudiation of originator
Can I prove you sent me this exact message?
Non-Repudiation of receipt
Can you prove that I received the message?
Non-Repudiation of content
Can you prove that I received the message exactly as sent?
Can we reliably prove when a message was sent or received?
Can we enable synchronization of system time?
Are you allowed to execute this business transaction?
How do I go about authenticating you?
Do we need a 3rd party?
Do we have to assign each other credentials such as usernames and passwords or digital certificates?
Can we use federated systems to authenticate each other?
Can someone easily impersonate our systems, messages or credentials? Can our architectures avoid misdirected or malicious attacks?
Please note that Auditing will be addressed in more detail in the next version of this document.