Publicerad 20 juni 2024

Information security and trust

The transport model is based on services and technical specifications that establish a range of security mechanisms.

Security Measure

Security Function (CEF/EU)

Definition/Scope

Transport Integrity (non-tampering)

Transport Integrity

AP to AP through AS4 encryption and signing plus TLS

 

Participant's integration with its AP through internal security

Identification/ Authentication of Sender

Authentication Sender

AP to AP through matching the AP certificate subject and the transport envelope's sender identifier.

 

Participant to Participant through lookup in SMP and trust that this information is correct.

Authorization of Sending (Is sender authorized to send)

Authorisation of Sending

AP to AP through certificates showing that the AP is authorized for the current federation and environment

 

Participant to Participant through lookup in SMP and trust that this information is correct.

Identification/ Authentication of Receiver

Receiver Authentication

AP to AP through certificates in the service metadata that show that the AP is authorized for the current federation and environment. Verification that the synchronous acknowledgment's signature matches the certificate from the service metadata.

 

Participant to Participant through lookup in internal registers and process/business control that the counterpart is known.

Transport Integrity (non-tampering) of Payload

Message Integrity

AP to AP through AS4 encryption and signing plus TLS

 

Participant's integration with its AP through internal security

 

No uninterrupted payload integrity Participant to Participant

Message Confidentiality during transport (non-persistent)

Message Confidentiality – non-persistent

AP to AP through AS4 encryption plus TLS

 

Participant's integration with its AP through internal security

Message Confidentiality – persistent (for stored messages)

Message Confidentiality – persistent

Not used in this Transport Model

Message Timestamp

Message Timestamp

AP to AP through AS4 timestamp (signed by the sending AP)

 

Participant to Participant by the envelope being timestamped (not signed in this Transport Model)

Identification of sender

Addressee Identification / Party Identification

AP to AP through matching the AP certificate subject and the transport envelope's sender identifier.

 

Participant to Participant through lookup in internal registers and process/business control that the counterpart is known.

Non-repudiation of the origin of the Message

Non Repudiation of Origin

AP to AP by signing the message with the sender's AP certificate.

 

Participant to Participant no cryptographic security mechanism for non-repudiation in this Transport Model

Non-Repudiation of a message receipt

Non-Repudiation of Receipt

AP to AP by signing the transport acknowledgment with the receiving AP's certificate.

 

Participant to Participant no cryptographic security mechanism for non-repudiation in this Transport Model

Robust and reliable Message Exchange

Reliable Message

AP to AP through synchronous transport acknowledgment with retransmission policy in case of interruption

 

Participant to Participant no specific security mechanism in this Transport Model

 

Previous section

Use case

Kontakta oss

Kontakta SFTI:s tekniska kansli

Välj område * (obligatorisk)
Välj område
















Verifiering * (obligatorisk)
Vi kontrollerar att du är en människa och inte en robot.