- Startsida
- SFTI
- Peppol
- The Peppol transport model
- Information security and trust
Information security and trust
The transport model is based on services and technical specifications that establish a range of security mechanisms.
Security Measure | Security Function (CEF/EU) | Definition/Scope |
---|---|---|
Transport Integrity (non-tampering) | Transport Integrity | AP to AP through AS4 encryption and signing plus TLS
Participant's integration with its AP through internal security |
Identification/ Authentication of Sender | Authentication Sender | AP to AP through matching the AP certificate subject and the transport envelope's sender identifier.
Participant to Participant through lookup in SMP and trust that this information is correct. |
Authorization of Sending (Is sender authorized to send) | Authorisation of Sending | AP to AP through certificates showing that the AP is authorized for the current federation and environment
Participant to Participant through lookup in SMP and trust that this information is correct. |
Identification/ Authentication of Receiver | Receiver Authentication | AP to AP through certificates in the service metadata that show that the AP is authorized for the current federation and environment. Verification that the synchronous acknowledgment's signature matches the certificate from the service metadata.
Participant to Participant through lookup in internal registers and process/business control that the counterpart is known. |
Transport Integrity (non-tampering) of Payload | Message Integrity | AP to AP through AS4 encryption and signing plus TLS
Participant's integration with its AP through internal security
No uninterrupted payload integrity Participant to Participant |
Message Confidentiality during transport (non-persistent) | Message Confidentiality – non-persistent | AP to AP through AS4 encryption plus TLS
Participant's integration with its AP through internal security |
Message Confidentiality – persistent (for stored messages) | Message Confidentiality – persistent | Not used in this Transport Model |
Message Timestamp | Message Timestamp | AP to AP through AS4 timestamp (signed by the sending AP)
Participant to Participant by the envelope being timestamped (not signed in this Transport Model) |
Identification of sender | Addressee Identification / Party Identification | AP to AP through matching the AP certificate subject and the transport envelope's sender identifier.
Participant to Participant through lookup in internal registers and process/business control that the counterpart is known. |
Non-repudiation of the origin of the Message | Non Repudiation of Origin | AP to AP by signing the message with the sender's AP certificate.
Participant to Participant no cryptographic security mechanism for non-repudiation in this Transport Model |
Non-Repudiation of a message receipt | Non-Repudiation of Receipt | AP to AP by signing the transport acknowledgment with the receiving AP's certificate.
Participant to Participant no cryptographic security mechanism for non-repudiation in this Transport Model |
Robust and reliable Message Exchange | Reliable Message | AP to AP through synchronous transport acknowledgment with retransmission policy in case of interruption
Participant to Participant no specific security mechanism in this Transport Model |