Security Architecture and Technologies for the Electronic Document Exchange with SOAP as Communication Protocol

Abstract: In many industries the tracking and tracing of products within the supply chain is required by law. Companies in the metal working industry exchange so-called material test reports, which specify the product’s properties, the customer’s requirements, and serve as an assurance between the supplier and the customer. Internet technologies have changed the way companies exchange information and conduct business. In the metal working industry companies can implement an intermediary platform and make the exchange of material test reports more efficient. Furthermore, a client application that allows the company to export test reports from their information system directly to the intermediary can significantly decrease the processing costs. This inter-organizational collaboration can render an increase in productivity for customers and suppliers. The main goal of the thesis is to analyze how companies in a supply chain can exchange documents with an intermediary over the protocol SOAP as well as support companies by showing a structured procedure for how to achieve security in a system using SOAP. SOAP is a platform independent XML-based communication protocol. The Extensible Markup Language (XML) is of major importance in e-business applications, because of its platform, language, and vendor independent way of describing data. As a universal data format, it enables the seamless connection of business systems. SOAP does not provide any security and is usually implemented over HTTP, which allows it to pass through firewalls. Companies are only prepared to join an inter-organizational collaboration if IT-security is guaranteed. In the exchange of material test reports, security has two objectives. The first is to replace the handwritten signature in the paper-based document exchange. The second is to guarantee security for the material test reports as well as for the information intermediary. SOAP’s extensibility model allows organizations to develop new extensions, which build upon the protocol and provide functions which aren’t specified. Specifications for attachments as well as for security should be implemented in the electronic document exchange. To design a secure system, each security concept, such as confidentiality, authentication and integrity, can be analyzed in its context and the appropriate standard can thereafter be implemented.