Standards for Technology in Automotive Retail
Table of Contents
The following sections define the implementation details to meet the STAR Transport Guidelines security requirements when using Web Services for STAR Level 2 requirements. All security requirements from STAR Level 1 still apply to STAR Level 2.
The following specifications are used to accomplish secure web services communication until further clarifications and standards emerge from the Web Services Security technical committee in Oasis:
HTTPS: Provides a secure transport channel
Web Services Security: SOAP Messaging Security V1.0: Provides the framework for SOAP messaging security.
Web Services Security: X.509 Token Profile V1.0: Describes the use of digital certificates.
The security methods described in this section must be applied to all the web services methods mentioned earlier on both requests and responses.
STAR Level 2 implementations must still implement all requirements from STAR Level 1 in regards to security. STAR Level 2 requirements are enhancements to STAR Level 1. Implementations must fall back gracefully to STAR Level 1 if the trading partner can not support the STAR Level 2 requirements.