CIDX Adapter

The CIDX adapter enables the execution of business transactions between CIDX trading partners based on Chem eStandards specifications.

The adapter implements the transport, packaging, and routing of CIDX business messages and signals as defined in the Chem eStandards envelope and security specifications (based on RNIF 1.1 specifications; for more information, see cidx.org).

Transport protocols to be used are HTTPS and HTTP. With HTTPS, client authentication is possible for sender party and receiver party.

The adapter supports the security functions of the RNIF 1.1 business transaction dialog: authentication, authorization, and non-repudiation. Confidentiality should be ensured by using transport-level encryption, for example, HTTPS.

The CIDX adapter supports detached signatures on the basis of the PKCS#7 specification and RNIF1.1 transport bindings. The validation of signatures and trustworthiness of the associated public key can be based on a hierarchical trust model or a direct trust model. The hierarchical trust model is restricted to certificates directly signed by a root CA (Certification Authorization). There is no support for the handling of certificate revocation lists.

The adapter supports non-repudiation of origin and content as well as non-repudiation of receipt. For more information, see the details on accessing the non-repudiation archive.

For each Chem eStandards transaction, the specification recommends applying particular security measures. These are also reflected in the channel templates for each transaction in the business package. When setting up the trading partner agreement with your business partner, SAP recommends that you adhere to these security settings.

The following table summarizes the security-relevant aspects of the CIDX adapter:

Aspect

CIDX Adapter

Underlying protocol

HTTP

Inbound and outbound connections should be secured by SSL (client authentication is possible).

Inbound configuration

Configuration in sender channel of type CIDX in the Integration Directory.

The actual message-level security options are configured in the channel in the Security Policy block. The J2EE keystore views of the actual certificates for decryption, signature validation, and signing of receipts are configured in the sender agreement associated with the channel.

Messaging user must have role SAP_XI_APPL_SERV_USER on Integration Server.

User credentials for PIP signals back to the sender can be configured.

Outbound configuration

Configuration in receiver channel of type CIDX in the Integration Directory.

The actual message level-security options are configured in the channel in the Security Policy block. The J2EE keystore views of the actual certificates for signing and signature validation of receipts are configured in the receiver agreement associated with the channel.

User authentication and anonymous logon to receiver system are possible. If authenticated, user must have appropriate authorizations in the receiver system.

For a detailed description of how to configure SSL for the Adapter Engine, see HTTP and SSL.

For the J2EE configuration, see Security Configuration at Message Level.

For a description of the possible security features, see Message-Level Security.