Proposed Changes to the Unity Product Standard
There is no denying that the transition to the Unity Specification in North America is rapidly becoming a reality. Because of this, the Policy & Procedures group is looking to update the requirements around SIF Certification.
As part of this work they are proposing the following.
- Consumers will not be required to create their own environment, but the call will still be supported.
- Changes Since support will be expected of all providers.
- Unlevel the Transport Layer Security (TLS) to version 1.2.
- Certificates exchanged to verify identity employ a key length of at least 2048bits.
- All certificates employed must be current.
- All valid certificates will be accepted.
- Hostname and certificate mismatches are allowed.
- All encrypted connections employ a cypher with a minimum key length of 128bits.
- Keep: HTTP 1.1, XML 1.0, UTF-8, XPath 2.0, XQuery 1.0, XSDs, Gzip,& UUIDs
- Authentication (pick at least one): SIF_HMACSHA256 or OAuth 2.0 /w Bearer Tokens
- Those using JSON will need to use PESC JSON.
- We have one report that Gzip is not currently working with the Test Harness.
- For testing our Bearer Tokens do not currently expire.
The current SIF Specification Product Standards can be found here: https://www.a4l.org/page/SIFCertification
Please provide any feedback or comments by February 14, 2020 to John Lovell, Technology Director.