BoostAero XML and CSV Implementation Guideline ... - SupplyOn

More documents

Recommendations

Info

ClientAuthenticationMDNAS2 Settings Requirements ExplanationTransportProtocolAS2 via secureHTTP (HTTPS)HTTPS is a special form of the HTTP protocol offeringincreased security via SSL (128 Bit encryption). HTTPS isused to prevent the „observation“ during the transmission ofsensitive data.BasicAuthentication_Authentication of the sending interface system during thereceipt via username and password is NOT required and NOTpossible. Authentication is done via signing/certificates (seeCommunication Certificate for certificate based authentication).MDNMandatory(synchronous orasynchronous)The MDN is an instrument for transaction security. The MDN issent back by the recipient. It confirms the message receipt andprovides proof that the correct recipient was reached, since hewas in the possession of the private key.The MDN is returned synchronously.MDN signed _ MDN signature is required.MDN encryption _No additional encryption of the MDN is necessary, since thecommunication is already SSL encrypted (HTTPS)!4.1.5 AirSupply M2M Certificate OverviewScope of the certificate overview is a set of recommendations when using X.509 v3 certificates forsupplier authentication in Machine to Machine (M2M) communication scenarios within the AirSupplysolution. M2M scenarios include communication based on the AS2 protocol as well as the HTTPSprotocol.The following areas are explicitly not in scope: User certificates which prove the identity of supplier or customer users of the SupplyOnmarketplace or their corresponding organization. Other SSL/TLS server-authentication, E-Mail, XML-Security, code-signing, time-stamping, VoIP,IM, Web services, etc.4.1.5.1 General TopicsSupplyOn will determine which CA certificates are included in M2M components on the SupplyOnmarketplace, based on the benefits and risks of such inclusion to our customers.SupplyOn reserve the right to not include a particular CA certificate or to discontinue including aparticular CA certificate in M2M components on the SupplyOn marketplace at any time and forany reason.SupplyOn will not allow the usage of SELF-SIGNED CERTIFICATES in PRODUCTIONenvironments to prevent misuse due to missing certificate registration and managementprocesses. SELF-SIGNED CERTIFICATES may be used in TEST environments withoutPRODUCTION data.4.1.5.2 Generic Certificate RecommendationsAll certificates used for digital identities in scope of the PRODUCTION M2M connection to the suppliershould conform to the following criteria: The certificate is issued by one of the certificate authorities listed Trusted Issuers The assurance level of the corresponding registration process must assert the holder identity to alevel equal or comparable to the “Extended Validation” Test or basic validation certificates (e.g. based on E-Mail address or domain verification) issuedby the [Trusted Issuers] shall not be accepted.Public 16/59
4.1.5.3 Trusted Issuers (Certificate Authorities List)The following trusted issuers have been chosen to be accepted in scope of this context:Id. Certificate Authority Detail Information1 Symantec/ VeriSign http://www.verisign.comIncluding its subordinate brands GeoTrust, Equifax andThawte2 Commodo http://www.comodo.com3 TC TrustCenter http://www.trustcenter.deSupplyOn needs for the M2M Integration the following Certificate content:Key Usage: for digital signatureEnhanced Key Usage: for SSL encryptionPublic 17/59
Page 1 and 2: IMPLEMENTATION GUIDE for suppliers
Page 3 and 4: 3.7 January 2014 5.5 Added informat
Page 5: Table of content1 Purpose of the do
Page 9 and 10: # Message Types(BoostAero XML /CSV)
Page 11 and 12: # Message Types(BoostAero XML /CSV)
Page 13 and 14: 4.1.2 Message Disposition Notificat
Page 15: SecurityTransport LayerAS2 Settings
Page 19 and 20: 4.1.5.4 AS2 via the CLEO LexiCom AS
Page 21 and 22: The Euro 350,-- implementation and
Page 24 and 25: Technical information and assistanc
Page 26 and 27: 6.4 CSV message format guidelinesTh
Page 28 and 29: 7.2 Error codes for specific messag
Page 30 and 31: MessageErrorCodeC437C438C439C008C44
Page 32 and 33: As soon as the technical AS2 connec
Page 34 and 35: Acceptance criteria- The supplier h
Page 36 and 37: 8.2.2 AcceptanceFor each phase ther
Page 38 and 39: 9.2.3 OverviewThe message scheduler
Page 40 and 41: # Name Description14 Column Frequen
Page 42 and 43: 9.2.4 Message Scheduler Details - 1
Page 44 and 45: # Name Description4 Dropdown Order
Page 46 and 47: Type Status Meaning/RemarkREJECTEDW
Page 48 and 49: OPENUser Group Action New Status Im
Page 52 and 53: # Description3 Information Text Thi
Page 56 and 57: 9.3 Message MonitorThe user can ent
Page 58 and 59: # Name Description12 Column Informa

BoostAero XML and CSV Implementation Guideline ... - SupplyOn

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?