Standards for Technology in Automotive Retail

 Home -  News Feed 

Chapter 8. Security

Table of Contents

8.1. Business Messaging Security
8.2. Requirements
8.3. STAR Security Issues: Scope
8.4. Message-Level Security Versus Infrastructure Security

8.1. Business Messaging Security

Message Security is a complex subject. Below, we describe the key issues, describe the scope of this release of the STAR Transport Guidelines and make security implementation recommendations for STAR Web Services Guidelines and STAR ebMS Implementation Guidelines.

When two parties exchange digital business data in the form of a message, key questions must be asked and answered by each party to assure that the business transaction is secure:

STAR Scope




Who are you?

What system are you talking to me from?

How do I identify the business role you are playing?

Are you an individual human or an automated system?



Can I prove you are who you say you are?

What technology will prove you are who you say you are?



Are we the only ones who can read the business data?

Content Integrity


Was the message received exactly as sent?

Non-Repudiation of originator


Can I prove you sent me this exact message?

Non-Repudiation of receipt


Can you prove that I received the message?

Non-Repudiation of content


Can you prove that I received the message exactly as sent?

Trusted Timestamps


Can we reliably prove when a message was sent or received?

Can we enable synchronization of system time?



Are you allowed to execute this business transaction?

Trust Models       

How do I go about authenticating you?

Do we need a 3rd party?

Do we have to assign each other credentials such as usernames and passwords or digital certificates?

Can we use federated systems to authenticate each other?

Attack Prevention                      


Can someone easily impersonate our systems, messages or credentials? Can our architectures avoid misdirected or malicious attacks?

Please note that Auditing will be addressed in more detail in the next version of this document.