Standards for Technology in Automotive Retail
Table of Contents
The following sections define the implementation details to meet the Star Transport Guidelines security requirements when using Web Services.
The following specifications are used to accomplish secure web services communication until further clarifications and standards emerge from the Web Services Security technical committee in Oasis:
HTTPS: Provides a secure transport channel
Web Services Security: SOAP Messaging Security V1.0: Provides the framework for SOAP messaging security.
Web Services Security: Username Token Profile V1.0: Describes user authentication tokens.
The security methods described in this section can be applied to all the web services methods mentioned earlier on both requests and responses. Communication partners will need to agree on which security methods to use and on which types of communication. The choice will also be affected by business rules, performance and information sensitivity. As a base standard all STAR endpoints and clients MUST send information encrypted using HTTPS and comply with the security requirements outlined by the WS-I Basic Security Profile 1.0.
|STAR Level 1 Requirement|
STAR1004 : All implementations are REQUIRED to send information over HTTPS.