OSCI in practice
Secure communication

OSCI Transport: Double envelope

What makes OSCI so secure and distinguishes it from SSL/TLS is called the "double envelope principle". Figuratively speaking, an OSCI message is like a letter with two envelopes.

The two sides of the cover

The outer en velope contains all the necessary data for the transport, the current routing slip (receipt) for the previous communication process and another envelope with the content data. The inner envelope contains the technical data of the message and consists of at least one container with content. While many messages in the XÖV environment have this simple format, EGVP messages have two containers.

History of an OSCI message
EGVP message history in two containers

Containers and elements

In more technical terms, it sounds like this: In an OSCI message, the data to be transmitted is stored in the "ContentPackage" element. The "ContentPackage" element can contain any number of content data containers (ContentContainer), which in turn contain several contents (elements of the "Content" type). The "Content" element contains the actual content data.

The definition of the specialist data and its structure takes place in various committees, which regularly publish new versions of the XÖV standards published in the XRepository. In addition to the structure of the message content - usually an XML structure in the XÖV - the information on where to find which content in the message determines whether the communication partners can understand each other. It is therefore necessary to document which content data is stored in which containers and content and which requirements must be met with regard to encryption, signatures, algorithms, key lengths and certificates to be used. These requirements form the transport profile. The creation of a registration concept for the DVDV requires this information.

The OSCI transport protocol then carries out the transport itself. The outer envelope contains all the data required for the transport, such as the certificates used with the public keys. The current routing slip for the message is also always included. The routing slip documents the history of the message, so to speak. It is used to prove whether and when communication has taken place. This includes when the message was sent by whom to whom and whether and when it was received.

The technical components acting in the roles of sender and receiver have access to the content of the outer envelope. If the content data is encrypted, the transmitted information remains hidden from the sender/receiver components or they only "see" a seemingly chaotic sequence of characters.

In the description of the "principle of the double envelope", we described the various roles, which is why we would now like to briefly discuss the 4-corner model.

The 4-corner model

The 4-corner model is used in register modernization and at EU level to describe communication in which two communication partners (author, reader) do not exchange messages directly, but via another partner (sender or recipient).

The roles bear joint responsibility for the overall process, but can delegate some of their tasks to third parties. However, responsibility cannot be delegated. It also enables systematic recognition,

  • which tasks a process consists of,
  • how the tasks are distributed among different roles,
  • how the roles interact,
  • which requirements arise for the various roles and
  • where spheres of influence end and where transitions take place.

The 4-corner model is technology-independent and uses roles to describe areas of influence without restricting implementation. The tasks of a role can be performed by several organizations. Overall responsibility and thus control must be clearly assigned (usually to one organization). An organization can take on tasks or hold responsibility in several roles.

4-Corner Model for OSCI Communication
The 4-corner model in OSCI communication

Why not simply use SSL/TLS?

With all technical definitions, the question arises as to why a new standard was defined for secure communication with OSCI instead of relying on existing standards (e.g. SSL or TLS). TLS stands for Transport Layer Security and is the name under which the SSL (Secure Sockets Layer) protocol was standardized by the Internet Engineering Task Force (IETF) in 1997. The terms TLS and SSL are often used interchangeably.

In relation to the 4-corner model, the sender-receiver communication is safeguarded without the sender and receiver having any influence or knowledge of it. It is not possible to secure the communication between author and reader in a targeted manner. Without further cryptographic protection of the data to be transmitted, it is available to the sender and receiver in plain text. The inner envelope known from OSCI 1.2 is missing here and must be "recreated".

Above all, TLS does not provide receipts or routing slips for individual messages in order to be able to prove whether and when communication took place between which parties. And certainly not whether a specific message/information was sent or received. It is also not documented which cryptographic protection was used between sender and recipient during message transmission.

While it is possible to check who sent/received an OSCI message with whom and under what cryptographic protection even after it has been received, this is not possible with TLS. Communication via OSCI is therefore significantly more secure than communication via TLS.

Good to know: Find out everything you need to know about the standard for secure communication with public authorities in our free OSCI white paper.

Share post