search

steve-community / steve

SteVe - OCPP server implementation in Java
GNU General Public License v3.0
797 stars 391 forks source link

OCPP 1.6-J Security #100

Open V2G-UK opened 5 years ago

V2G-UK commented 5 years ago

The OCA have just back ported OCPP 2.0 features to OCPP 1.6-J only. Do the SteVe team have any plans to support this new part of the standard? See:

http://www.v2g-evse.com/2018/12/18/open-charge-alliance-enhances-ocpp-1-6-security/

Secure communication and operation is a critical aspect of Electric Vehicle Charging Infrastructure.

To further assist the industry the Open Charge Alliance now publishes a white paper to describe a standard way to address security using OCPP 1.6-J.

According to the new "white paper":

This document is for OCPP 1.6-J (JSON over WebSockets) only, OCPP-S (SOAP) is NOT supported. This document was started, as it is seen as a simple stap to port OCPP 2.0 security to OCPP 1.6. But as OCPP 2.0 only support JSON over WebSockets (not SOAP), this document is also written for OCPP 1.6-J only. Adding SOAP to this document would have taken a lot of work and review by security experts.

This document is based on OCPP 2.0. To help developers that are implementing both 1.6J security improvement and OCPP 2.0, we have kept the Use Case numbering from OCPP 2.0. So when implementing for example Use Case N01, it is the same use case in this document as in the 2.0 specification.

goekay commented 5 years ago

Do the SteVe team have any plans to support this new part of the standard?

theoretically, yes, but cannot say when. we need some time to dissect the new spec.

in the mean time, you can use TLS with steve for communication with your SOAP or JSON stations already. just install the necessary certificates in your java keystore and in your charging stations. then, you can use the path prefixes wss:// for JSON and https:// for SOAP stations. however, a certificate management as described in the new spec is not present.

lategoodbye commented 1 year ago

Since this feature is requested regularly, maybe we should discuss some specific points here: