Secure File Transfer resources
Security Features to consider when developing APIs
Provides guidelines on how to address security features when developing and implementing APIs. It is not intended as a complete and detailed catalogue of measures but should give interested pares hints and best pracce recommendaons on this topic.
OFTP2 Implementation Guideline
The ODETTE File Transfer Protocol 2 (OFTP2) has become one of the most widely used and trusted protocols for secure information exchange over the internet.
This publication contains comprehensive technical guidelines on implementing and operating OFTP2, including use of digital certificates, archiving and integrating into existing IT infrastructures.
Developer guidelines are included for software vendors who wish to add OFTP2 functionality to their products.
Also includes Recommendation for OFTP2 Partner Data Exchange using XML.
(corrections 2024-02)
OFTP2 Interoperability Testing Service
Test Cases
Odette tests OFTP2 software products against established Test Cases to ensure that the software complies with the OFTP2 specification (RFC5024) and inter-operates successfully with reference implementations of OFTP2.
This document describes the tests that an OFTP2 software must successfully pass in order to obtain the certificate of "OFTP2 Tested Software" from Odette.
Includes OFTP2 Partner Data XML Exchange - Functionality Tests
Security Certificate Exchange (SCX)
This publication details Odette recommendations on establishing trust between business partners by enabling the automated exchange and renewal of digital Security Certificates and the use of a Trust Service Status List (TSL). These recommendations cover processes, interfaces and protocols for certificate exchange, trust and verification and for achieving the security levels required by business partners for data exchange processes in their commercial and product development relationships.
Security and Risk Reduction (S2R)
This publication defines common security policies, measures and techniques to be implemented between partners with regards to security certificate use. The recommendations cover roles and responsibilities, common risk schema and classification of data, basic security requirements, password policies and data privacy considerations for business partners across the supply chain.