IEC 62351-11:2016 pdf download.Power systems management and associated information exchange - Data and communications security
1 Scope
This part of IEC 62351 specifies schema, procedures, and algorithms for securing XML documents that are used within the scope of the IEC as well as documents in other domains (e.g. IEEE, proprietary, etc.). This part is intended to be referenced by standards if secure exchanges are required, unless there is an agreement between parties in order to use other recognized secure exchange mechanisms.
This part of IEC 62351 utilizes well-known W3C standards for XML document security and provides profiling of these standards and additional extensions. The IEC 62351-11 extensions provide the capability to provide:
● Header: the header contains information relevant to the creation of the secured document such as the Date and Time when IEC 62351-11 was created.
● A choice of encapsulating the original XML document in an encrypted (Encrypted) or non-encrypted (nonEncrypted) format. If encryption is chosen, there is a mechanism provided to express the information required to actually perform encryption in an interoperable manner (EncryptionInfo).
● AccessControl: a mechanism to express access control information regarding information contained in the original XML document.
● Body: is used to contain the original XML document that is being encapsulated.
● Signature: a signature that can be used for the purposes of authentication and tamper detection.
The general structure is shown in Figure 1.
5 XML Documents
In order to provide adequate security, there needs to be an understanding of the environment of use that this specification is addressing:
● Documents at rest: When XML documents are stored (e.g. at rest),tamper detection is a minimum requirement. If the document contains sensitive information, then the confidentiality of that information needs to be protected through the use of authenticated encryption. In order to accomplish both objectives, this means that the un-encrypted document needs a signature and the encrypted document also needs its own signature/integrity protection. The protection of XML documents at rest is out-of-scope of this standard and should be implemented through local means.
● Documents in transit: The protection of documents in transit requires tamper detection and authentication as minimum requirements. If the document contains sensitive information, then the confidentiality of that information needs to be protected through the use of authenticated encryption. In order to accomplish both objectives, this means that the un-encrypted document needs a signature and the encrypted document also needs its own signature/integrity protection.
● Documents in transition: In the domain of the IEC, the recipients of XML documents typically decrypt and parse the information from those documents into a database. The information from the database can then be re-exported to a third actor, in any form (including another XML document). If sensitive or confidential information was provided in the initial document, there is no technological mechanism to prevent the application from exporting that information and defining access controls.IEC 62351-11 pdf download.