Standards for Technology in Automotive Retail

 Home -  News Feed 

Chapter 7. Security

Table of Contents

7.1. Overview
7.2. WS-I Basic Security Profile
7.3. WS-Security SOAP Header
7.4. Authentication
7.4.1. Username and Password
7.4.2. The Username element
7.4.3. Plain Text Password
7.4.4. Password Digest  
7.5. Security Error Handling

7.1. Overview

The following sections define the implementation details to meet the Star Transport Guidelines security requirements when using Web Services.  

The following specifications are used to accomplish secure web services communication until further clarifications and standards emerge from the Web Services Security technical committee in Oasis:

  1. HTTPS: Provides a secure transport channel

  2. Web Services Security: SOAP Messaging Security V1.0: Provides the framework for SOAP messaging security.

  3. Web Services Security: Username Token Profile V1.0: Describes user authentication tokens.

The security methods described in this section can be applied to all the web services methods mentioned earlier on both requests and responses. Communication partners will need to agree on which security methods to use and on which types of communication. The choice will also be affected by business rules, performance and information sensitivity. As a base standard all STAR endpoints and clients MUST send information encrypted using HTTPS and comply with the security requirements outlined by the WS-I Basic Security Profile 1.0.

[Important]STAR Level 1 Requirement

STAR1004 : All implementations are REQUIRED to send information over HTTPS.