Contract No.: 285248 Strategic Objective
Secure Storage Service Optional GE Open API Specification
Download 1.78 Mb.
|
- Navigate this page:
- 22.3.2Intended Audience
- 22.3.3API Change History
- 22.3.4Additional Resources
- 22.4.2Representation Format
- 22.4.3Representation Transport
22Secure Storage Service Optional GE Open API Specification22.1CopyrightCopyright © 2012-2014 by Thales 22.2Legal noticePlease check the following Legal Notice to understand the rights to use these specifications. 22.3Introduction to the Secure Service Storage Optional GE APIPlease check the FI-WARE Open Specifications Legal Notice to understand the rights to use FI-WARE Open Specifications. 22.3.1OverviewThe Secure Storage Service provides a storage for labelled (i.e. XML-DSig protected) data. It comes with an application-level filter which authorizes read access in function of the identity of the authenticated requester (for example, a service provider) and in function of the sensitivity of the data. 
Basic ConceptsXML-DSig (for XML Digital Signature) defines an XML syntax for digital signatures and is defined in the WC3 recommendation XML Signature Syntax and Processing. Functionally, it has much in common with PKCS#7 but is more extensible and geared towards signing XML documents. XML signatures can be used to sign data –a resource– of any type, typically XML documents, but anything that is accessible via a URL can be signed. An XML signature used to sign a resource outside its containing XML document is called a detached signature; if it is used to sign some part of its containing document, it is called an enveloped signature; if it contains the signed data within itself it is called an enveloping signature. The data is labelled before being stored, i.e. it is previously protected by its owner. Moreover, the owner himself has initialised the sensitivity level of the different fields of his data (for example : mail address > private, main interest > public, job > public, etc...). Once the data are stored by SSS, the public fields (i.e. the fields that have been tagged 'public') can be read by anyone. The private one can be read by trusted service providers (SP) only. A trusted service is a service which is authenticated by a certificate which has been delivered by a dedicated Certification Authority. 22.3.2Intended AudienceThis specification is intended for Service Consumers (with development skills) and Users. For the Service Consumers, this document provides a full specification of how to interoperate with the Secure Storage Service API. For the latter, this specification indicates the interface to be provided to the client application developers to provide the described functionalities. To use this information, the reader should firstly have a general understanding of the Optional Generic Enabler service Secure Storage . The API user should be familiar with:
22.3.3API Change HistoryCurrent version is: Version 1.1.0, 27/05/2013 The most recent changes are described in the table below:
22.3.4Additional ResourcesMore documentation related to the architecture is available at Secure Storage Service 22.4General SSS API Information22.4.1SSS Optional GE API Core
22.4.2Representation FormatThe Secure Storage Service Optional GE API supports the transmission of XML files and Strings. Content-Type header and is required for operations that have a request body. The response format is always in plain text ("text/plain") or ("application/xml"). In order to manipulate the different XML elements of the SSS within the application, XML representations using JAXB (Java Annotation Xml Binding, see http://jaxb.java.net/ for more information) were used. 22.4.3Representation TransportResource representation is transmitted between client and server by using HTTPs 1.1 protocol. Both client and server may use as many HTTP headers as they consider necessary. Download 1.78 Mb. Share with your friends:
|