Description of the type of security used for the Web Services
In order to guarantee the origin and the integrity of the web service requests, the SPSSIGNATURE service implements the WS-Security Protocol that allows the creditor to sign SOAP requests using an x509 certificate.
The validation/signature process uses the concept of a public key. It allows the authentication of the creditor; each SOAP signed request is linked with only on one document and therefore cannot be reused nor imitated.
Web service signature configuration for the requests
La web service signature must respect the WS-Security protocol which allows the use of several profiles of token of security.
Security Token Model |
X509 Certificate Token http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf |
Minimum hash signature algorithm |
SHA-256 http://www.w3.org/2001/04/xmlenc#sha256 |
Minimum asymmetric signature algorithm |
RSA with SHA-256 https://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/ |
The accepted algorithms are likely to evolve within the state-of-the-art rules of cryptography. In order to generate the signature web service and the token, the creditor must use the certificate associated with the service as considered previously.