Kyle Meadors | 13 Jan 18:00 2006

EDIINT-Features scenarios

Since there appears to be consensus in using EDIINT–Features header to announce feature support in trading partner, I have put together the following scenarios. Are these accurate? I have also included the EDIINT–Features draft which was issued last year to IETF. Does it convey all information needed for a robust implementation?

 

Actors: Company Alpha and Trading Partners Bravo and Charley

Initial Condition: Alpha has trading relationship with Bravo and both are using AS2–Version: 1.1 products. TP Charley is schedule to be setup with Alpha.

 

Action 1: Alpha upgrades product to AS2–Version: 1.2 using EDIINT–Features. It supports feature CEM.

Expected Outcome–1: All messages coming out of Alpha contain EDIINT–Features header and AS2–Version: 1.2.

Expected Outcome–2: Bravo ignores and does NOT fail Alpha’s messages and processes them “normally”. Alpha does NOT send CEM messages to Bravo because it does not detect EDIINT–Features support for CEM.

 

Action 2: Bravo upgrades product to AS2–Version: 1.2 using EDIINT–Features. It supports features CEM and MA.

Expected Outcome–1: All messages coming out of Bravo contain EDIINT–Features header and AS2–Version: 1.2.

Expected Outcome–2: Both Alpha and Bravo recognize each other’s support of CEM through EDIINT–Features header, and Bravo recognizes Alpha does NOT support MA.

 

Action 3: Alpha onramps Charley as a trading partner.

Expected Outcome–1: Certificates for both Alpha and Charley MUST be exchanged out–of–band

Expected Outcome–2: After trading begins, Alpha recognizes Charley does NOT support CEM through its messages.

 

Action 4: Alpha issues new certificates.

Expected Outcome–1: Alpha sends new certificates through CEM to Bravo. Bravo follows CEM procedure and upgrades certificates.

Expected Outcome–2: Alpha exchanges new certificates with Charley out–of–band. Charley upgrades new certificates and notifies Alpha of upgrade.

 

Kyle Meadors

Principal, Test Process

Drummond Group Inc.

615.212.0826

 


--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.17/228 - Release Date: 1/12/2006

Draft                  EDI-INT Features Header            August 2005 

 
   Private                                                   K. Meadors 
   Internet-Draft                                   Drummond Group Inc. 
   Document: draft-meadors-ediint-features-                 August 2005 
   header-00.txt 
   Expires: February 2006                                               
   Target Category: Informational                                       

    

                          EDI-INT Features Header 
                draft-meadors-ediint-features-header-00.txt 

   By submitting this Internet-Draft, each author represents
   that any applicable patent or other IPR claims of which he
   or she is aware have been or will be disclosed, and any of
   which he or she becomes aware will be disclosed, in
   accordance with Section 6 of BCP 79. 

Status of this Memo 

   This document is an Internet-Draft and is in full conformance with 
   all provisions of Section 10 of RFC2026.  

   Internet-Drafts are working documents of the Internet Engineering 
   Task Force (IETF), its areas, and its working groups.  Note that      
   other groups may also distribute working documents as Internet-
   Drafts. 

   Internet-Drafts are draft documents valid for a maximum of six months 
   and may be updated, replaced, or obsoleted by other documents at any 
   time.  It is inappropriate to use Internet-Drafts as reference 
   material or to cite them other than as "work in progress." 

   The list of current Internet-Drafts can be accessed at 
        http://www.ietf.org/ietf/1id-abstracts.html 
   The list of Internet-Draft Shadow Directories can be accessed at 
        http://www.ietf.org/shadow.html. 

   Any questions, comments, and reports of defects or ambiguities in 
   this specification may be sent to the mailing list for the EDIINT 
   working group of the IETF, using the address <ietf-ediint <at> imc.org>. 
   Requests to subscribe to the mailing list should be addressed to 
   <ietf-ediint-request <at> imc.org>. 

    
Abstract 

   With the maturity of the EDI-INT standard of AS1, AS2 and AS3, 
   applications and additional features are being built upon the basic 
   secure transport functionality. These features are not necessarily 

 
Meadors                Expires - February 2006               [Page 1] 
Draft                  EDI-INT Features Header            August 2005 

 
   supported by all EDI-INT applications and could cause potential 
   problems with implementations  

Conventions used in this document 

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this 
   document are to be interpreted as described in RFC-2119. 

Feedback Instructions 

   NOTE TO RFC EDITOR:  This section should be removed by the RFC editor 
   prior to publication. 

   If you want to provide feedback on this draft, follow these 
   guidelines: 

   -Send feedback via e-mail to kyle <at> drummondgroup.com, with "EDIINT 
   Features Header" in the Subject field. 

   -Be specific as to what section you are referring to, preferably 
   quoting the portion that needs modification, after which you state 
   your comments. 

   -If you are recommending some text to be replaced with your suggested 
   text, again, quote the section to be replaced, and be clear on the 
   section in question. 

 
Table of Contents 

   1. Introduction...................................................2 
   2. EDIINT Features Header Syntax..................................3 
   3. Implementation and Processing..................................3 
   4. EDI-INT Applications...........................................3 
   5. Security Considerations........................................4 
   6. References.....................................................4 
      6.1 Normative References.......................................4 
      6.2 Informative References.....................................4 
   Author's Address..................................................4 

    
1. Introduction 

   EDI-INT applications provide for a secure means of payload document 
   transport. The original intent was for transport of a single EDI or 
   XML document. However, as AS1 [AS1], AS2 [AS2] and AS3 [AS3] matured, 
   other features and application logic were implemented upon EDI-INT 
   standards. Since these features go beyond but do not violate the 

 
Meadors                Expires - February 2006               [Page 2] 
Draft                  EDI-INT Features Header            August 2005 

 
   basic premise of EDI-INT, a means is needed to communicate to trading 
   partners features which are supported by the originating user agent. 
   The EDIINT Features header indicates the capability of the user agent 
   to support the listed feature with its trading partner without out-
   of-band communication and agreement. 

2. EDIINT Features Header Syntax 

   The EDIINT Features header can appear in the header section of an 
   AS1, AS2 and AS3 message. Its BNF syntax is listed below. 

   Feature = "EDIINT-Features: " Feature-Name 1*("," Feature-Name) 

   Feature-Name = Feature-Token 

   Feature-Token = %d48-57 /  ; 0-9 
                  %d65- 
                        90 /  ; A-Z 
                  %d97-122 / ; a-z 
                  "-" 

   The Feature-Token allows for feature names to be specified and can 
   only contain alphanumeric characters along with the hyphen. Feature 
   names are case-insensitive. 

3. Implementation and Processing 

   The EDIINT Features header indicates the originating user agent is 
   capable of supporting the features listed. The feature header MUST be 
   present in all messages transmitted by the user agent and not just 
   messages which utilize the feature. Upon examination of the feature 
   header, the trading partner SHOULD assume the user agent is capable 
   of receiving messages utilizing any of the features listed. 

   The features listed MUST be supported by existing IETF RFC or RFC-
   track Internet-draft standards. These standards MUST describe the 
   feature name which is listed in the header and the means which it 
   should be used. 

    
4. EDI-INT Applications 

   Since AS1 uses email and the EDIINT Features header is not a 
   registered header with IANA, the header MUST be preceded by a "X-" to 
   be used. If the receiving trading partner does not support EDIINT 
   Features, it can choose to ignore the header because of the "X-". 
   Because AS2 and AS3 utilize transports of HTTP and FTP, respectively, 
   which allow the application to ignore headers which it does not 
   recognize, the addition of the EDIINT Features header in AS2 and AS3 

 

Meadors                Expires - February 2006               [Page 3] 
Draft                  EDI-INT Features Header            August 2005 

 
   can be done without affecting trading partners who have not 
   implemented the header. 

   AS2 and AS3 applications currently use a version header, AS2-Version 
   and AS3-Version, respectively, to indicate functional support. The 
   EDIINT Features header tremendously improves the purpose and function 
   of the old version header. However, to provide a connection from the 
   old version header and the EDIINT Features header, AS2 and AS3 
   applications which implement the EDIINT Features header MUST use the 
   version value of "1.2" to indicate the support of the Feature header. 
   Also, since version "1.1" indicates the implementation supports 
   compression [COMPRESS] and "1.2" builds upon "1.1", AS2-Version or 
   AS3-Version of "1.2" MUST support compression regardless of whether 
   it is mentioned as a feature in the EDIINT Features header. 

5. Security Considerations 

   Because headers are often un-encrypted, it may be possible for the 
   feature header to be altered. Trading partners MAY consult out-of-
   band to confirm feature support. 

6. References 
6.1 Normative References 

   [AS1] RFC3335 “MIME-based Secure Peer-to-Peer Business Data 
      Interchange over the Internet using SMTP”, T. Harding, R. 
      Drummond, C. Shih, 2002. 

   [AS2] RFC4130 “MIME-based Secure Peer-to-Peer Business Data 
      Interchange over the Internet using HTTP”, D. Moberg, R. 
      Drummond, 2005. 

   [AS3] draft-ietf-ediint-as3-03.txt “MIME-based Secure Peer-to-Peer 
      Business Data Interchange over the Internet using FTP”, T. 
      Harding, R. Scott, 2005. 

   [COMPRESS] draft-ietf-ediint-compression-04.txt “Compressed Data for 
      EDIINT”, T. Harding, 2005. 

6.2 Informative References 

   [RFC2828] RFC2828 “Internet Security Glossary”, R. Shirley, May 2000. 

   [RFC2119] RFC2119 “Key Words for Use in RFC's to Indicate Requirement 
      Levels”, S.Bradner, March 1997. 

    
Author's Address 

 

Meadors                Expires - February 2006               [Page 4] 
Draft                  EDI-INT Features Header            August 2005 

 
   Kyle Meadors 
   Drummond Group Inc. 
   4700 Bryant Irvin Court, Suite 303 
   Fort Worth, TX  76107 USA 
   Email: kyle <at> drummondgroup.com 

    
Copyright Notice 
   Copyright (C) The Internet Society 2005.  This document is subject 
   to the rights, licenses and restrictions contained in BCP 78, and 
   except as set forth therein, the authors retain all their rights. 

   This document and the information contained herein are provided on an 
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 

 

Meadors                Expires - February 2006               [Page 5] 

Surendra.Kashyap | 13 Jan 18:26 2006

RE: EDIINT-Features scenarios

In the Action 4,

 

Assumption: Alpha is planning to use the same certificate with Bravo and Charley for signing the message.

 

With CEM, Alpha would be able to communicate with Bravo, the effective date/time of new certificate in CEM and things happen automatically. However, in the case of Charley it being manual there may be timing issue. Adding some additional scenarios that actually handles the “Certificate Change” itself would be helpful. Especially, if there is a potential need for a product to maintain two certificates at the same time until both TPs has been migrated to new certificate.

 

 

** This should not be an issue when Alpha maintains different certificate to sign the message when sending message to different TPs.

 

 

From: Kyle Meadors [mailto:kyle <at> drummondgroup.com]
Sent: Friday, January 13, 2006 11:01 AM
To: ietf-ediint <at> imc.org
Subject: EDIINT-Features scenarios

 

Since there appears to be consensus in using EDIINT–Features header to announce feature support in trading partner, I have put together the following scenarios. Are these accurate? I have also included the EDIINT–Features draft which was issued last year to IETF. Does it convey all information needed for a robust implementation?

 

Actors: Company Alpha and Trading Partners Bravo and Charley

Initial Condition: Alpha has trading relationship with Bravo and both are using AS2–Version: 1.1 products. TP Charley is schedule to be setup with Alpha.

 

Action 1: Alpha upgrades product to AS2–Version: 1.2 using EDIINT–Features. It supports feature CEM.

Expected Outcome–1: All messages coming out of Alpha contain EDIINT–Features header and AS2–Version: 1.2.

Expected Outcome–2: Bravo ignores and does NOT fail Alpha’s messages and processes them “normally”. Alpha does NOT send CEM messages to Bravo because it does not detect EDIINT–Features support for CEM.

 

Action 2: Bravo upgrades product to AS2–Version: 1.2 using EDIINT–Features. It supports features CEM and MA.

Expected Outcome–1: All messages coming out of Bravo contain EDIINT–Features header and AS2–Version: 1.2.

Expected Outcome–2: Both Alpha and Bravo recognize each other’s support of CEM through EDIINT–Features header, and Bravo recognizes Alpha does NOT support MA.

 

Action 3: Alpha onramps Charley as a trading partner.

Expected Outcome–1: Certificates for both Alpha and Charley MUST be exchanged out–of–band

Expected Outcome–2: After trading begins, Alpha recognizes Charley does NOT support CEM through its messages.

 

Action 4: Alpha issues new certificates.

Expected Outcome–1: Alpha sends new certificates through CEM to Bravo. Bravo follows CEM procedure and upgrades certificates.

Expected Outcome–2: Alpha exchanges new certificates with Charley out–of–band. Charley upgrades new certificates and notifies Alpha of upgrade.

 

Kyle Meadors

Principal, Test Process

Drummond Group Inc.

615.212.0826

 


--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.17/228 - Release Date: 1/12/2006

Rik Drummond | 24 Jan 05:58 2006

WG Last Call for AS3


This is the last call for AS3. If you have any final comments or changes
please make them now.

Best Regards, 
Rik Drummond
Chair EDIINT

Internet-Drafts | 24 Jan 21:50 2006
Picon

I-D ACTION:draft-ietf-ediint-as3-04.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Electronic Data Interchange-Internet Integration Working Group of the IETF.

	Title		: FTP Transport for Secure Peer-to-Peer Business Data Interchange over the Internet
	Author(s)	: T. Harding, R. Scott
	Filename	: draft-ietf-ediint-as3-04.txt
	Pages		: 32
	Date		: 2006-1-24
	
This Applicability Statement (AS) describes how to exchange structured
  business data securely using the File Transfer Protocol (FTP) for XML,
  Binary, Electronic Data Interchange (EDI - ANSI X12 or UN/EDIFACT), or
  other data used for business-to-business data interchange for which
  MIME packaging can be accomplished using standard MIME content-types.
  Authentication and data confidentiality are obtained by using
  Cryptographic Message Syntax (S/MIME) security body parts.
  Authenticated acknowledgements employ multipart/signed replies to the
  original message.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ediint-as3-04.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of the message.  
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-ediint-as3-04.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

Internet-Drafts can also be obtained by e-mail.

Send a message to:
	mailserv <at> ietf.org.
In the body type:
	"FILE /internet-drafts/draft-ietf-ediint-as3-04.txt".
	
NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.
		
		
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
Attachment: message/external-body, 134 bytes
Attachment (draft-ietf-ediint-as3-04.txt): message/external-body, 68 bytes

Gmane