X hits on this document

126 views

0 shares

0 downloads

0 comments

26 / 48

London Market Implementation of ACORD DRI Messages and Data

Security

The mandatory elements of the ACORD Basic Security Profile has been mandated for use in the London Market (see The London Market Accounting and Settlement Technical Information, Section 5). This requires:

Mandatory use of SSL/TLS Server authentication and Encryption

Mandatory use of digital signatures (SOAP Body only)

The following optional elements of the Basic Security Profile are not to be used by London Market implementers:

WSS Username Token (including a digital signature to protect integrity of the password)

Referred Message Signature to prove that a message was read by the Receiver as originally sent.

Digital certificates will be exchanged between trading parties out of band where each party will provide the other with their code signing certificate and its public key reference.  Within the SOAP Header message the certificate should be referenced in the Key Information aggregate. All Simple Object Access Protocol (SOAP) servers are required to be configured for HTTPS traffic.

It has become a common convention for PostRs messages not to be signed. Clarification direction is being sought from ACORD regarding their position on signing of PostRs messages.

Audit and Control

It is the responsibility of each trading party to maintain adequate controls and audit trails in accordance with their own requirements. The audit trail should contain sufficient data to verify the processing stage of each incoming and outgoing message, including related responses.

All packages and ACORD DRI messages must be responded to by the receiver. This will include an initial synchronous system

London Market Implementation of ACORD DRI Messages v1.doc

Page 26 of 48

Document info
Document views126
Page views126
Page last viewedFri Dec 09 15:55:29 UTC 2016
Pages48
Paragraphs1101
Words9338

Comments