RosettaNet RNIF Adapters
The RNIF adapters enable the execution of business transactions between RosettaNet trading partners based on PIP® specifications.
The adapters implement the transport, packaging, and routing of RosettaNet business messages and signals as defined in the RosettaNet Implementation Framework versions 1.1 and 2.0 (more information: rosettanet.org).
Transport protocols to be used are HTTP and HTTPS. With HTTPS, client authentication is possible for sender party and receiver party.
The adapters support the security functions of the RNIF business transaction dialog: confidentiality, authentication, authorization, and non-repudiation (more information Message-Level Security). However, the RNIF versions 1.1 and 2.0 differ in the level of confidentiality provided by the specifications. Message-level encryption is possible only with the RNIF 2.0 adapter.
The RNIF 1.1 adapter supports detached signatures on the basis of the PKCS#7 specification and RNIF1.1 transport bindings. The transport bindings are based on the Open Buying on the Internet (OBI) standards as defined by RNIF 1.1.
The RNIF 2.0 adapter supports encryption and detached signatures on the basis of the S/MIME version 2 specification. The adapter supports service-content-level encryption and service-container-level encryption.
The validation of signatures and trustworthiness of the associated public key can be based on a hierarchical trust model or a direct trust model. The hierarchical trust model is restricted to certificates directly signed by a root CA. There is no support for handling of certificate revocation lists.
The adapter
supports non-repudiation of origin and content as well as non-repudiation of
receipt. For more information, refer to the
details on
accessing the non-repudiation archive.

Each PIP® specification recommends applying particular security measures. These are also reflected in the channel templates for each PIP in the business package. When setting up the trading partner agreement with your business partner, we recommend that you adhere to the security settings in the PIP specification.
The following table summarizes the security-relevant aspects of the RNIF 1.1 adapter:
Aspect |
RNIF 1.1 Adapter |
Underlying protocol |
HTTP Inbound and outbound connections should be secured by SSL (client authentication is possible). |
Inbound configuration |
Configuration in sender channel of type RNIF11 in the Integration Directory. You configure the actual message-level security options in the channel in the Security Policy block. The AS Java keystore views of the actual certificates for decryption, signature validation, and signing of receipts, you configure in the sender agreement associated with the channel. Messaging user must have role SAP_XI_APPL_SERV_USER on Integration Server. User credentials for PIP signals back to the sender can be configured. |
Outbound configuration |
Configuration in receiver channel of type RNIF11 in the Integration Directory. You configure the actual message level-security options in the channel in the Security Policy block. The AS Java keystore views of the actual certificates for signing and signature validation of receipts, you configure in the receiver agreement associated with the channel. User authentication and anonymous logon to receiver system are possible. If authenticated, user must have appropriate authorizations in the receiver system. |
The following table summarizes the security-relevant aspects of the RNIF 2.0 adapter:
Aspect |
RNIF 2.0 Adapter |
Underlying protocol |
HTTP Inbound and outbound connections should be secured by SSL (client authentication is possible). |
Inbound configuration |
Configuration in sender channel of type RNIF in the Integration Directory. You configure the actual message-level security options in the channel in the Security Policy block. The AS Java keystore views of the actual certificates for decryption, signature validation, and signing of receipts, you configure in the sender agreement associated with the channel. Messaging user must have role SAP_XI_APPL_SERV_USER on Integration Server. User credentials for PIP signals back to the sender can be configured. |
Outbound configuration |
Configuration in receiver channel of type RNIF in the Integration Directory. You configure the actual options of message level-security in the channel in the block Security Policy. The AS Java keystore views of the actual certificates for encryption, signing, and signature validation of receipts, you configure in the receiver agreement associated to the channel. User authentication and anonymous logon to receiver system are possible. If authenticated, user must have appropriate authorizations in the receiver system. |
● More information about how to configure SSL for the Advanced Adapter Engine: HTTP and SSL.
●
More information
about the AS Java configuration:
Security Configuration
at Message Level.
● More information about the possible security features: Message-Level Security.