Using ebXML in NIST 800-131a compliance mode
When you are in strict mode, the following changes need to be made to the Collaboration Protocol Agreement (CPA) to maintain a successful transaction:
- Verify that all certificates using the ebxml transaction are NIST 800-131a compliant. To verify compliance, refer to Verifying NIST 800-131a Compliance with Digital Certificates.
- Change the tp:HasFunction from: http://www.w3.org/2000/09/xmldsig#sha1 to http://www.w3.org/2001/04/xmlenc#sha256
- Change the tp:SignatureAlgorithm from: http://www.w3.org/2000/09/xmldsig#rsa-sha1 to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
- If the ebxml transaction uses a server adapter with SSL, that adapter must be configured with a
NIST 800-131a compliant certificate and other applicable security details.Note: The signing algorithm dsa-sha256 is not supported..