Skip to Content
author's profile photo Former Member
Former Member

Security in PI

Hi All,

work method for Security using Digital Signature , non repudiation & use encryption...

feature and benififits of using Digital Signature , non repudiation & encryption..if any one worked on this send me the work method

because in my requirement i am sending payment details to bank using SOAP.i need to propose what to use and how to use.

thanks

rupesh

Add a comment
10|10000 characters needed characters exceeded

Related questions

4 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Jun 17, 2008 at 10:23 AM

    Hi Rupash,

    To employ XML encryption, the SAP system should be configured to enable XML Encryption and decryption according to the Web Services Security (WS-Security) standard.

    For eg consider a RFC client call to the destination, on executeion of the call, the RFC adapter will transform the RFC message structure to XML and pass it to the integration server. The integration server will map the XML structure of the RFC message to the Web services interface document structure, and the SOAP adapter will in turn encrypt the message, leveraging the Web Services Security standard, which supports both SOAP and SAP NetWeaver XI protocols.3

    To encrypt the message, the SOAP adapter (in System A) must use the public key in System Bu2019s certificate so that when Business Partner B receives the encrypted SOAP message, it can decrypt it with the private key certificate known only to it. System A will then make the call to Business Partner Bu2019s system (System B) via SOAP messaging over HTTP as System B is also running SAP NetWeaverXI so its SOAP adapter will decrypt the message, transform it back to the structure if necessary, and execute the service call against the backend system (which could be ABAP, Java, or non-SAP based.)

    Check this too

    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f9aa3d03-0b01-0010-96ad-d81b88c0b65f

    Hope it helps 😊

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jun 17, 2008 at 09:53 AM
    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jun 17, 2008 at 09:57 AM

    Hi,

    The user is defined in the ABAP stack via SU01 as usual, with roles assigned to them.

    The Java stack uses the role titles in the ABAP user master to provide authorisation to the XI components.

    lots more info in SAP help:

    http://help.sap.com/saphelp_nw04/helpdata/en/f7/c2953fc405330ee10000000a114084/frameset.htm

    security

    Thanks

    Vikranth

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jun 17, 2008 at 01:48 PM

    Hi Rupash Krishna ,

    SAP NetWeaver Standards Support:

    Security

    SAP offers a broad range of security mechanisms and services to meet the highest demands for data integrity, protection, and confidentiality u2013 and to support authentication, authorization, and secure information exchange.

    SAP NetWeaver supports a variety of authentication mechanisms to ensure that the right people have access to the right applications u2013 including standard X.509 digital certificates, smart cards, ticketing, and username and password authentication. Pluggable authentication and support for the Java Authorization and Authentication Service (JAAS) let you integrate your preferred authentication technique. Single sign-on removes the burden of remembering various usernames and passwords.

    A comprehensive authorization mechanism allows both coarse and fine-grain authorization management. Users can be granted access to information, applications, and services automatically based on their specific roles. User information can be managed centrally and synchronized with an LDAP-enabled directory. Authorization mechanisms based on access control lists are also available.

    Encryption features ensure that information exchanged among users remains private. Support for HTTPS, the secure variant of HTTP, is included. Plus, a feature for secure network communications uses external security solutions to protect communications links among the distributed components of your SAP solution.

    To enable secure interoperability, SAP NetWeaver supports industry standards such as Security Assertions Markup Language (SAML) and XML-Signature. Secure store-and-forward mechanisms can take advantage of external security solutions to protect data. Digital signatures offer nonrepudiation, while digital envelopes wrap data and documents in secure formats before they are stored or transmitted. Trust center services for public key infrastructure (PKI) are also provided.

    Finally, the security audit log records events, such as log-on attempts and transaction starts, while the Audit Info System offers a summary of reports that provide key security information.

    Security - Data security at transaction level is a prerequisite to competing in the Internet economy. SAP offers best-in-class, comprehensive security solutions that protect data and ensure the confidentiality of business transactions. As a global solution provider and trusted advisor, SAP provides security technologies to protect the data processed by the mySAP Business Suite. The security infrastructure of SAP NetWeaver delivers comprehensive security features for heterogeneous environments. Combined with specialized partner solutions, its state-of-the-art technology makes mySAP Business Suite the secure place to do business.

    SAP NetWeaver Security Guide

    http://help.sap.com/saphelp_nw04/helpdata/en/8c/2ec59131d7f84ea514a67d628925a9/content.htm

    Security and Identity Management

    https://www.sdn.sap.com/irj/sdn/security

    SAP Perspective on Product Security

    http://www.saphosting.com/partners/sap_partner_hosting_events/pdf/2006_may/Overview-SAP-Product-Security.pdf

    SAP Security : New letter

    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/4df867cc-0601-0010-c293-ee07f11617ac

    cheers!

    gyanaraj

    ****Pls reward points if u find this helpful

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.