Security configuration considerations

Description of the type of security used for the Web Services

In order to guarantee the origin and the integrity of the web service requests, the SPSSIGNATURE service implements the WS-Security Protocol that allows the creditor to sign SOAP requests using an x509 certificate.

The validation/signature process uses the concept of a public key. It allows the authentication of the creditor; each SOAP signed request is linked with only on one document and therefore cannot be reused nor imitated.

Web service signature configuration for the requests

La web service signature must respect the WS-Security protocol which allows the use of several profiles of token of security.

Security Token Model
X509 Certificate Token http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf
Minimum hash signature algorithm
SHA-256 http://www.w3.org/2001/04/xmlenc#sha256
Minimum asymmetric signature algorithm
RSA with SHA-256 https://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/

The accepted algorithms are likely to evolve within the state-of-the-art rules of cryptography. In order to generate the signature web service and the token, the creditor must use the certificate associated with the service as considered previously.