Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in ebXML Messaging CPP/CPA Elements. Elements of Security P rivacy –Protect against information being disclosed or revealed to any entity not.

Published byPatrick Glenn Modified over 8 years ago

Similar presentations

Presentation on theme: "Security in ebXML Messaging CPP/CPA Elements. Elements of Security P rivacy –Protect against information being disclosed or revealed to any entity not."— Presentation transcript:

1 Security in ebXML Messaging CPP/CPA Elements

2 Elements of Security P rivacy –Protect against information being disclosed or revealed to any entity not authorized to have that information A uthentication –Authenticate the claimed identity of the originator of a data item A uthorization –Protect against the threat that unknown entities enter into a system and ensures that an entity performs only authorized actions within the system I ntegrity –Protect against the threat that the value of a data item might be changed in a way that is inconsistent with the recognized security policy N on-repudiation –Protect against one party to a transaction or communication later falsely denying that the transaction or communication occurred

3 Security and Computing Infrastructure Security can be applied to… –Transports (SSL, IPSEC) –Messages (S/MIME, PGP) –Systems

4 Interoperable Messaging: Complex stuff Transports Servers & ports Usernames & passwords Certificates & trust Algorithms & parameters Processing order Supported standards Acknowledgements Processing steps Transports Servers & ports Usernames & passwords Certificates & trust Algorithms & parameters Processing order Acknowledgements Processing steps Supported standards ?

5 Security Options The More Obvious Stuff –Encryption –Signatures –Non-repudiation The Less Obvious Stuff –Trust –Certificate lifecycle management –Certificate revocation

6 ebXML Delivery Channel Covers the Obvious Delivery Channel = Document Exchange Layer + Transport Layer Delivery Channel characteristics –nonrepudiationOfOrigin –nonredupiationOfReceipt –secureTransport –confidentiality –authenticated –authorized

7 How to Deal with the Less Obvious These are PKI issues that need to be addressed to facilitate interoperability The key to understanding these issues is an understanding of X.509 certificates –Creation –Issuance –Management

8 X.509 Certificate Anatomy

9 Certificate Issuance

10 Certificate Management Includes Key registration Key archive and recovery Centralized revocation information –CRLs –OCSP Certificate publication to a repository

11 Web Trust Model CA 1 2 3 Root CAs in trust store Intermediate CAs (when they exist) End-entities

12 Pulling it All Together: Certificate Path Validation Subject Public Key Subject = Peter Parker Issuer = Certification Authority B Certificate 1 Subject Public Key Subject = Certification Authority B Issuer = Certification Authority A Certificate 2 Subject Public Key Subject = Certification Authority A Issuer = Certification Authority A Certificate 3 Trusted Certificates Certificate

Download ppt "Security in ebXML Messaging CPP/CPA Elements. Elements of Security P rivacy –Protect against information being disclosed or revealed to any entity not."

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.
SMUCSE 5349/7349 Public-Key Infrastructure (PKI).

SMUCSE 5349/7349 Public-Key Infrastructure (PKI).
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

Similar presentations

Ads by Google