2006-01-13 17:00:30 GMT
Since there appears to be consensus in using EDIINT–Features header to announce feature support in trading partner, I have put together the following scenarios. Are these accurate? I have also included the EDIINT–Features draft which was issued last year to IETF. Does it convey all information needed for a robust implementation?
Actors: Company Alpha and Trading Partners Bravo and Charley
Initial Condition: Alpha has trading relationship with Bravo and both are using AS2–Version: 1.1 products. TP Charley is schedule to be setup with Alpha.
Action 1: Alpha upgrades product to AS2–Version: 1.2 using EDIINT–Features. It supports feature CEM.
Expected Outcome–1: All messages coming out of Alpha contain EDIINT–Features header and AS2–Version: 1.2.
Expected Outcome–2: Bravo ignores and does NOT fail Alpha’s messages and processes them “normally”. Alpha does NOT send CEM messages to Bravo because it does not detect EDIINT–Features support for CEM.
Action 2: Bravo upgrades product to AS2–Version: 1.2 using EDIINT–Features. It supports features CEM and MA.
Expected Outcome–1: All messages coming out of Bravo contain EDIINT–Features header and AS2–Version: 1.2.
Expected Outcome–2: Both Alpha and Bravo recognize each other’s support of CEM through EDIINT–Features header, and Bravo recognizes Alpha does NOT support MA.
Action 3: Alpha onramps Charley as a trading partner.
Expected Outcome–1: Certificates for both Alpha and Charley MUST be exchanged out–of–band
Expected Outcome–2: After trading begins, Alpha recognizes Charley does NOT support CEM through its messages.
Action 4: Alpha issues new certificates.
Expected Outcome–1: Alpha sends new certificates through CEM to Bravo. Bravo follows CEM procedure and upgrades certificates.
Expected Outcome–2: Alpha exchanges new certificates with Charley out–of–band. Charley upgrades new certificates and notifies Alpha of upgrade.
Principal, Test Process
Drummond Group Inc.
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.17/228 - Release Date: 1/12/2006
Draft EDI-INT Features Header August 2005 Private K. Meadors Internet-Draft Drummond Group Inc. Document: draft-meadors-ediint-
features- August 2005 header-00.txt Expires: February 2006 Target Category: Informational EDI-INT Features Header draft-meadors-ediint-features-header-00.txt By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Any questions, comments, and reports of defects or ambiguities in this specification may be sent to the mailing list for the EDIINT working group of the IETF, using the address <ietf-ediint <at> imc.org>. Requests to subscribe to the mailing list should be addressed to <ietf-ediint-request <at> imc.org>. Abstract With the maturity of the EDI-INT standard of AS1, AS2 and AS3, applications and additional features are being built upon the basic secure transport functionality. These features are not necessarily Meadors Expires - February 2006 [Page 1] Draft EDI-INT Features Header August 2005 supported by all EDI-INT applications and could cause potential problems with implementations Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119. Feedback Instructions NOTE TO RFC EDITOR: This section should be removed by the RFC editor prior to publication. If you want to provide feedback on this draft, follow these guidelines: -Send feedback via e-mail to kyle <at> drummondgroup.com, with "EDIINT Features Header" in the Subject field. -Be specific as to what section you are referring to, preferably quoting the portion that needs modification, after which you state your comments. -If you are recommending some text to be replaced with your suggested text, again, quote the section to be replaced, and be clear on the section in question. Table of Contents 1. Introduction...................................................2 2. EDIINT Features Header Syntax..................................3 3. Implementation and Processing..................................3 4. EDI-INT Applications...........................................3 5. Security Considerations........................................4 6. References.....................................................4 6.1 Normative References.......................................4 6.2 Informative References.....................................4 Author's Address..................................................4 1. Introduction EDI-INT applications provide for a secure means of payload document transport. The original intent was for transport of a single EDI or XML document. However, as AS1 [AS1], AS2 [AS2] and AS3 [AS3] matured, other features and application logic were implemented upon EDI-INT standards. Since these features go beyond but do not violate the Meadors Expires - February 2006 [Page 2] Draft EDI-INT Features Header August 2005 basic premise of EDI-INT, a means is needed to communicate to trading partners features which are supported by the originating user agent. The EDIINT Features header indicates the capability of the user agent to support the listed feature with its trading partner without out- of-band communication and agreement. 2. EDIINT Features Header Syntax The EDIINT Features header can appear in the header section of an AS1, AS2 and AS3 message. Its BNF syntax is listed below. Feature = "EDIINT-Features: " Feature-Name 1*("," Feature-Name) Feature-Name = Feature-Token Feature-Token = %d48-57 / ; 0-9 %d65- 90 / ; A-Z %d97-122 / ; a-z "-" The Feature-Token allows for feature names to be specified and can only contain alphanumeric characters along with the hyphen. Feature names are case-insensitive. 3. Implementation and Processing The EDIINT Features header indicates the originating user agent is capable of supporting the features listed. The feature header MUST be present in all messages transmitted by the user agent and not just messages which utilize the feature. Upon examination of the feature header, the trading partner SHOULD assume the user agent is capable of receiving messages utilizing any of the features listed. The features listed MUST be supported by existing IETF RFC or RFC- track Internet-draft standards. These standards MUST describe the feature name which is listed in the header and the means which it should be used. 4. EDI-INT Applications Since AS1 uses email and the EDIINT Features header is not a registered header with IANA, the header MUST be preceded by a "X-" to be used. If the receiving trading partner does not support EDIINT Features, it can choose to ignore the header because of the "X-". Because AS2 and AS3 utilize transports of HTTP and FTP, respectively, which allow the application to ignore headers which it does not recognize, the addition of the EDIINT Features header in AS2 and AS3 Meadors Expires - February 2006 [Page 3] Draft EDI-INT Features Header August 2005 can be done without affecting trading partners who have not implemented the header. AS2 and AS3 applications currently use a version header, AS2-Version and AS3-Version, respectively, to indicate functional support. The EDIINT Features header tremendously improves the purpose and function of the old version header. However, to provide a connection from the old version header and the EDIINT Features header, AS2 and AS3 applications which implement the EDIINT Features header MUST use the version value of "1.2" to indicate the support of the Feature header. Also, since version "1.1" indicates the implementation supports compression [COMPRESS] and "1.2" builds upon "1.1", AS2-Version or AS3-Version of "1.2" MUST support compression regardless of whether it is mentioned as a feature in the EDIINT Features header. 5. Security Considerations Because headers are often un-encrypted, it may be possible for the feature header to be altered. Trading partners MAY consult out- of- band to confirm feature support. 6. References 6.1 Normative References [AS1] RFC3335 MIME-based Secure Peer-to-Peer Business Data Interchange over the Internet using SMTP, T. Harding, R. Drummond, C. Shih, 2002. [AS2] RFC4130 MIME-based Secure Peer-to-Peer Business Data Interchange over the Internet using HTTP, D. Moberg, R. Drummond, 2005. [AS3] draft-ietf-ediint-as3-03.txt MIME-based Secure Peer-to-Peer Business Data Interchange over the Internet using FTP, T. Harding, R. Scott, 2005. [COMPRESS] draft-ietf-ediint-compression-04.txt Compressed Data for EDIINT, T. Harding, 2005. 6.2 Informative References [RFC2828] RFC2828 Internet Security Glossary, R. Shirley, May 2000. [RFC2119] RFC2119 Key Words for Use in RFC's to Indicate Requirement Levels, S.Bradner, March 1997. Author's Address Meadors Expires - February 2006 [Page 4] Draft EDI-INT Features Header August 2005 Kyle Meadors Drummond Group Inc. 4700 Bryant Irvin Court, Suite 303 Fort Worth, TX 76107 USA Email: kyle <at> drummondgroup.com Copyright Notice Copyright (C) The Internet Society 2005. This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Meadors Expires - February 2006 [Page 5]