Show TOC Start of Content Area

Background documentation CIDX Adapter  Locate the document in its SAP Library structure

The CIDX adapter enables the execution of business transactions between CIDX trading partners based on Chem eStandards specifications.

The adapter implements the transport, packaging, and routing of CIDX business messages and signals as defined in the Chem eStandards envelope and security specifications (based on RNIF 1.1 specifications; more information: cidx.org).

Transport protocols to be used are HTTPS and HTTP. With HTTPS, client authentication is possible for sender party and receiver party.

The adapter supports the security functions of the RNIF 1.1 business transaction dialog: authentication, authorization, and non-repudiation. Confidentiality should be ensured by using transport-level encryption, for example, HTTPS.

The CIDX adapter supports detached signatures on the basis of the PKCS#7 specification and RNIF1.1 transport bindings. The validation of signatures and trustworthiness of the associated public key can be based on a hierarchical trust model or a direct trust model. The hierarchical trust model is restricted to certificates directly signed by a root CA (Certification Authorization). There is no support for the handling of certificate revocation lists.

The adapter supports non-repudiation of origin and content as well as non-repudiation of receipt. For more information, refer to the details on accessing the non-repudiation archive.

Recommendation

For each Chem eStandards transaction, the specification recommends applying particular security measures. These are also reflected in the channel templates for each transaction in the business package. When setting up the trading partner agreement with your business partner, we recommend that you adhere to these security settings.

The following table summarizes the security-relevant aspects of the CIDX adapter:

Aspect

CIDX Adapter

Underlying protocol

HTTP

Inbound and outbound connections should be secured by SSL (client authentication is possible).

Inbound configuration

Configuration in sender channel of type CIDX in the Integration Directory.

You configure the actual message-level security options in the channel in the Security Policy block. The AS Java keystore views of the actual certificates for decryption, signature validation, and signing of receipts, you configure in the sender agreement associated with the channel.

Messaging user must have role SAP_XI_APPL_SERV_USER on Integration Server.

User credentials for PIP signals back to the sender can be configured.

Outbound configuration

Configuration in receiver channel of type CIDX in the Integration Directory.

You configure the actual message level-security options in the channel in the Security Policy block. The AS Java keystore views of the actual certificates for signing and signature validation of receipts, you configure in the receiver agreement associated with the channel.

User authentication and anonymous logon to receiver system are possible. If authenticated, user must have appropriate authorizations in the receiver system.

      More information about how to configure SSL for the Advanced Adapter Engine: HTTP and SSL.

      More information about the AS Java configuration: Security Configuration at Message Level.

      More information about the possible security features: Message-Level Security.

 

End of Content Area