Standards for Technology in Automotive Retail

 Home -  News Feed 

10.2. Discussions: ebMS Message-Level Security

10.2.1. Digtally Signing a STAR ebMS Message

It is OPTIONAL for a specific STAR ebMS message exchange to use Digital Signature, but if a Digital Signature is applied to a message the signature MUST be in full compliance with [XMLDSIG] and [ebMS version 2.0].

ebMS version 2.0 is very specific about how to apply Digital Signatures. Though multiple signatures are allowed, only the first signature is defined. The first signature is a signature over the SOAP Envelope (excluding the Signature elements themselves) and over all Attachments. ebMS requires specific algorithms for canonicalization and transformation of the SOAP Envelope. In other words, the sender creates a digital signature over the SOAP Envelope and all payloads.

A receiver MAY make use of ebXML CPA to associate a Digital Certificate with a sender.

10.2.2. STAR ebMS Message-Level Encryption

ebMS allows optional encryption of parts of a message. ebMS does not restrict the method/technology used for encryption, but RECOMMENDS the use of [XMLEncryption]. STAR Transport RECOMMENDS the use of [XMLEncryption] or [SMIME] based encryption for ebMS Messages.