More documents in SecurityWhere is place located?
    Currently Being Moderated

    Overview of Secure Collaboration

    created by Jason Lax on Aug 1, 2012 11:16 AM, last modified by Jason Lax on Aug 1, 2012 11:19 AM
    Version 2

    Secure Collaboration is concerned with Web Services Security, Content Security and Security Interoperability.

    SAP Integration Scenario for Secure Collaboration: Resource Center

     

     

    Web Services Security

    • SAML: SAML (Security Assertions Markup Language) is an industry standard ratified by OASIS (Organization for Advancement Structured Information Sciences). This XML-based framework provides a standard way to define user authentication, entitlements, and attribute information in XML documents. From SAP Web Application Server 6.30, SAP supports SAML for authentication.
    • WS-Security: WS-Security describes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies.
      WS-Security also provides a general-purpose mechanism for associating security tokens with messages. No specific type of security token is required by WS-Security. It is designed to be extensible to support multiple security token formats. For example, a client might provide proof of identity and proof that they have a particular business certification.
      Additionally, WS-Security describes how to encode binary security tokens. Specifically, the specification describes how to encode X.509 certificates and Kerberos tickets as well as how to include opaque encrypted keys. It also includes extensibility mechanisms that can be used to further describe the characteristics of the credentials that are included with a message. SAP is involved in defining parts of the standard.

      The following parts of the standard are of particular relevance:
      - WS-Trust describes a framework for managing, establishing and assessing trust relationships to enable Web services to securely interoperate.
      - WS-SecureConversation describes a framework to establish a secure context for parties that want to exchange multiple messages.
      - WS-SecurityPolicy describes general security policies that can be associated with a service.

    • XACML: XACML Extensible Access Control Markup Language (XACML) is an OASIS Open Standard. This standard consists of an XML specification for expressing policies for information access over the Internet. If applied consistently, it should allow enterprises to manage the enforcement of all the elements of its access control policy in all the components of its IT systems.

     

    Getting Started with Web Service Security

    Security for SOA and Web Services

    Service oriented architecture (SOA) enables loosely coupled applications to be assembled from a set of internal and external services (web services) that are distributed over a connected infrastructure. The distributed nature of SOA makes addressing security concerns a critical success factor.

     

    Web Services Security Configuration Guide

    Khirallah Birkler (IBM), Reinhard Heite (IBM), and Martin Raepple (SAP) have worked together to describe how to apply Web Services Security (WS-Security) in mixed IBM and SAP environments. WS-Security provides security at the message level - specifying how to authenticate, sign, or encrypt SOAP messages. You'll learn how to manage the cryptographic keys used for signing and encryption, and how to configure for signature, authentication, and encryption scenarios.

     

    More information on SAP Integration Scenario for Secure Collaboration (Resource Center)

     

     

    Content Security

    • Digital Rights Management: Digital Rights Management allows controlling usage of content by assigning attributes.
    • Document encryption:
      PKCS#7
      SAP implements Public Key Cryptography Standard #7 compliant technology in its Secure Store and Forward (SSF) interface. SSF allows SAP systems to protect data and documents, even outside of the SAP system, using digital signatures and encryption. This protection is provided by an external, SAP certified security product via the SSF interface.

      XML Encryption
      There is a Worldwide Web Consortium (W3C) working group to develop a process for encrypting and decrypting digital content (including XML documents and portions thereof) and an XML syntax used to represent the encrypted content as well as the information that enables an intended recipient to decrypt it. This concept involves a message embedded in XML, parts of which can be encrypted, and parts that are needed by intermediaries for routing, which can be left in clear text (with other methods, a message is usually completely encrypted or not encrypted).
    • Document signatures:
      XML Signature
      The standard defines a schema for capturing the result of a digital signature operation applied to arbitrary (but often XML) data. A fundamental feature of XML Signature is the ability to sign only specific portions of the XML tree rather than the complete document. SAP conforms to the standard as of Web AS 6.30.

      Mail Signatures
      Privacy Enhanced Mail (PEM) is a cryptographic protocol for e-mail. It has largely been superseded by S/MIME, but is supported by SAP for digitally signing e-mail.
      Secure Multipart Internet Message Extensions (S/MIME) is a proposed protocol for embedding cryptographically protected messages in Internet e-mail. SAP supports the use of this protocol for digital signature functionality and encryption.
    • Secure storage: SAP provides different mechanisms to store private information securely. Connection data (user and password) is stored encrypted with the destination services of the engines.
    • Virus detection: SAP systems provide an interface for integrating third-party virus-checking products. SAP also recommends virus protection for the operating system. 

    Getting Started with Content Security

    Digital Signatures and Encryption   (SAP Help Portal)

    Secure Store and Forward (SSF) mechanisms provide you with the means to secure data and documents in SAP Systems as independent data units. By using SSF functions, you can "wrap" data and digital documents in secure formats before they are saved on data carriers or transmitted over (possibly) insecure communication links.

     

    More information on SAP Integration Scenario for Secure Collaboration (Resource Center)

     

    Security Interoperability

    • WS-Security Policy: WS-SecurityPolicy describes general security policies that can be associated with a service.
    • WS-Trust: WS-Trust describes a framework for managing, establishing and assessing trust relationships to enable Web services to securely interoperate.
    • WS-Secure Conversation: WS-SecureConversation describes a framework to establish a secure context for parties that want to exchange multiple messages. 
    • WS-Security SAML token profile: WS-Security SAML token profile describes the implementation of SAML tokens in web services.
    • S/MIME: Secure Multipart Internet Message Extensions (S/MIME) is a proposed protocol for embedding cryptographically protected messages in Internet e-mail. SAP supports the use of this protocol for digital signature functionality and encryption.
    • PKCS#7: SAP implements Public Key Cryptography Standard #7 compliant technology in the Secure Store and Forward (SSF) interface. SSF allows SAP systems to protect data and documents, even outside of the SAP system, using digital signatures and encryption. This protection is provided by an external, SAP certified security product via the SSF interface.
    • XML Encryption: There is a Worldwide Web Consortium (W3C) working group to develop a process for encrypting and decrypting digital content (including XML documents and portions thereof) and an XML syntax used to represent the encrypted content as well as the information that enables an intended recipient to decrypt it. This concept involves a message embedded in XML, parts of which can be encrypted, and parts that are needed by intermediaries for routing and so on, which can be left in clear text (with other methods, a message is usually completely encrypted or not encrypted). SAP plans to support this standard in the near future.
    • XML Signature: The XML Signature initiative, currently progressing through the standardization process, is a joint working group formed by the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF). The standard defines a schema for capturing the result of a digital signature operation applied to arbitrary (but often XML) data. A fundamental feature of XML Signature is the ability to sign only specific portions of the XML tree rather than the complete document. SAP conforms to the standard as of Web AS 6.30.
    • LDAP: Lightweight Directory Access Protocol (LDAP) is the protocol used to access directory services and supported by SAP as of R/3 Rel. 4.6. It is supported in both SAP NetWeaver AS ABAP and AS Java in the user management area.
    • SPML: Service Provisioning Markup Language (SPML) is an OASIS framework developed to exchange user data. It is supported in SAP NetWeaver AS Java.

     

    More information on SAP Integration Scenario for Secure Collaboration (Resource Center)

    • Topics: Security

    Comments

    Delete Document

    Are you sure you want to delete this document?

    Actions