The following is to replace the earlier material illustrating the extensibility framework, so it mainly corrects and updates earlier draft material.

The appendix for WSDL 1.1, 2.0 and WS-Policy based Policy is the last one currently planned for version 3.0. It may be ready early next week.

The following is then a "preview" of what the editor's draft may look like for this material in version 3.0.

A. Using CPPA for EDIINT Configuration

The CPPA extensibility framework can be used in creating CPPs and CPAs for the EDIINT (AS1, AS2, and AS3) collaboration protocols [RFC3335],[RFC4130] [AS3] [Compression]

EDIINT protocols are peer-to-peer collaboration protocols using IETF transfer protocols (SMTP, HTTP, FTP), S/MIME security [S/MIME][CMS], and acknowledgments using Message Disposition Notifications [RFC3798].

EDIINT messaging defines its own (signed) acknowledgment message (MDN) and defines a compression option. Because these features are not found in ebXML 2.0 Messaging, it is necessary to add "modules" that document configuration details for these features.

Two new DocExchange binding elements are introduced for the senders and receivers of EDIINT messages, called EdiintReceiverBinding and EdiintSenderBinding. Each of these elements contain the new modules mentioned above as well as modules also used for other messaging protocols, such as in ebXML Messaging.

+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ |EdiintSenderBinding/@version |The value of this attribute identifies the version of the EDIINT specification being used. | | | | | |These values include: 1.0, 1.1, and 1.2 and are used in the ASx-Version header. | | | | | |It has a default value of 1.1, which is the ASx-Version value for compression support. | | | | | |The 1.2 value is used when the EDIINT-Features header is supported. Use of EDIINT-Features is intended to announce supported features instead of using values greater than 1.2 | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |PartyInfo/PartyId |The AS2 and AS3 protocols have special headers ("AS2-To", "AS2-From", "AS3-To", "AS3-From") that identify the participants. The PartyInfo/PartyId values supply these values. In AS1, | | |the Endpoint/@uri values will also contain the identifying email addresses of the parties within the mailto: URLs. | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |SenderCompression/@mechanismType |The mechanismType attribute has a default value of "zlib," which is the value defined by the compression I-D. Any other value | | | | | | is implementation dependent. In a CPA, this value matches ReceiverCompression/@mechanismType. | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |SenderCompression/@version |Used to declare the version of compression support, relevant should future versions emerge. It has a default value of 1.1, which is the ASx-Version value indicating support for | | |compression. In a CPA, this value matches ReceiverCompression/@version. | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |SenderRequestedMDNStyle/HashFunction |The value used in the transfer protocol header | | | | | |Disposition-notification-options: signed-receipt-protocol=optional,pkcs7-signature; signed-receipt-micalg=optional,sha1 | | | | | |In a CPA, the value matches the value in ReceiverRequestedMDNStyle/HashFunction. There can be comma separated list of acceptable hashes as in the parameter: | | |signed-receipt-micalg=optional,sha1,md5. | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |SenderRequestedMDNStyle/@receiptStyle |The receiptType attribute with values "signed" or "unsigned" that indicate whether the MDN is to be signed. If the attribute is omitted, no receipt should be requested, and so no | | |Disposition-notification-to header should be included in the transfer protocol headers. | | | | | |In CPAs, matches value in ReceiverRequestedMDNStyle/@receiptStyle | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |SenderRequestedMDNStyle/@mdnRequested |The attribute mdnRequested is used to indicate whether an MDN is always, never, or sent on a perMessage basis. The default is "perMessage" For the AS2 protocol, if the MDN is to be | | |sent on a separate TCP connection, the "Disposition-Notification-To" header should be included, with values from the mdnDestination attribute below. | | | | | |In CPAs, matches value in ReceiverRequestedMDNStyle/@mdnRequested | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |SenderRequestedMDNStyle/@mdnDestination |The mdnDestination attribute's value is a URL or email address that indicates where the MDN is to be sent, and the value for a header: Receipt-delivery-option: http://www.example.com| | | | | |When asynchronous MDNs are used, the value of the attribute "mdnDestination" is the proposed or agreed upon destination. | | | | | |In CPAs, matches value in ReceiverRequestedMDNStyle/@mdnDestination | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |ServiceBinding/ActionBinding/-BusinessTransaction-Characteristics/@isConfidential |Support for or agreement upon an encrypting digital envelope is declared by setting to a value of either "persistent" or "transient-and-persistent". Either value indicates use of | | |[S/MIME]. The use of SSL/TLS data protection would be indicated by "transient-and-persistent" instead of simply "persistent". | | | | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |EdiintReceiverBinding/-ReceiverDigitalEnvelope/-EncryptionCertificateRef |The encryption certificate that can be or will be used is found by matching this IDREF value to the element whose ID value it equals. | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |EdiintSenderBinding/-SenderDigitalEnvelope/EncryptionSecurity-DetailsRef |Trust anchors for checking the encryption certificate can be located using the EncryptionSecurityDetailsRef IDREF value as part of the SecurityDetails element having an ID value | | |equal to the IDREF value. | | | | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |EdiintReceiverBinding/-ReceiverDigitalEnvelope/Encryption-Algorithm/@oid |The encryption symmetric encryption algorithm is declared using one or more of these attributes; the oid syntax is preferable. | | | | |or |In a CPA, these Receiver values need to match values found at: | | | | |EdiintReceiverBinding/-ReceiverDigitalEnvelope/Encryption-Algorithm/@w3c. |DocExchange/EdiintSenderBinding/- | | | | | |SenderDigitalEnvelope/EncryptionAlgorithm/@oid | | | | | | or | | | | | |DocExchange/EdiintSenderBinding/- | | | | | |SenderDigitalEnvelope/EncryptionAlgorithm /@w3c | | | | | |Example: <EncryptionAlgorithm oid="1.2.840.113549.3.7">DES-EDE3-CBC</EncryptionAlgorithm> | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |EdiintReceiverBinding/-ReceiverDigitalEnvelope/EncryptionAlgorithm/@minimumStrength |The digital envelope's encryption strength supported or agreed upon is indicated using @minimumStrength value. | | | | | | | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |ServiceBinding/ActionBinding/Business-TransactionCharacteristics/-@isNonRepudiationRequired |Digital signature capabilities or agreements for data origin authentication are declared using a "true" value for @isNonRepudiationRequired. | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |ServiceBinding/ActionBinding/Business-TransactionCharacteristics/-@isNonRepudiationReceiptRequired|A true value indicates support for or agreement to use a signed MDN and conducting checks on the returned hash value for the sent message. | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |EdiintSenderBinding/-SenderNonRepudiation/SigningCertificateRef |The SigningCertificate used in data origin authentication is found by finding the Certificate element whose ID equals the IDREF value in this element. | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |EdiintReceiverBinding/-ReceiverNonRepudiation/Signing-SecurityDetailsRef |The receiver indicates trust anchors used in validating trust in the sender's signing certificate. | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |EdiintSenderBinding/SenderNonRepudiation/-HashFunction |Example would be: | | | | | |<HashFunction>SHA1</HashFunction> | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |EdiintSenderBinding/SenderNonRepudiation/-SignatureAlgorithm |Example would be: | | | | | |<SignatureAlgorithm oid="1.2.840.113549.1.1.5">RSA-SHA1</SignatureAlgorithm> | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |EdiintSenderBinding/SenderNonRepudiation-/NonRepudiationProtocol |Example might be: <NonRepudiationProtocol>EDIINT</NonRepudiationProtocol> or <NonRepudiationProtocol>AS2</NonRepudiationProtocol> | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |MessagingCharacteristics/@syncReplyMode |The MDN is viewed as a business acknowledgement or signal, and not as a MSH signal response. For this reason, when MDNs are returned synchronously in AS2, the value for | | |@syncReplyMode should be either "responseOnly" or better "signalsAndResponse" | | | | | |When the MDN is returned in a separate connection, @syncReplyMode should be "none". | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | | | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |Packaging |Packaging formats will conform with the specifications for MIME formats of the offered cryptographic services [RFC3335] and other relevant specifications [RFC3798, S/MIME]. Examples | | |are presented in discussion at end of this table. | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |SimplePart/NamespaceSupported |Available for use with XML payloads.. | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |PersistDuration |This element can be used when there is an agreement on checking for duplicates when using the Message-Id value. This feature is outside of the core EDIINT specifications but is often| | |supported. | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |Transport/TransportReceiver/Endpoint/@uri |Example: <Endpoint uri="https://www.CompanyB.com/AS2" | | | | | | type="allPurpose"/> | | | | | |AS1: The URL uses the "mailto:" scheme to exchange RFC 2822 adresses. | | | | | |AS2: The URL uses either "http:" or "https:" schemes. | | | | | |AS3: The URL uses "ftp:" or "ftps:" to indicate the scheme. | |--------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |Transport/TransportSender/Transport-Protocol/@method |Example: <TransportProtocol version="1.1" method="POST">HTTP</TransportProtocol> | | | | | |POST method is what AS2 uses. For AS3, the method might be STOR or RETR. | +-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

The EDIINT collaboration messaging protocol is specified in three application statements, AS1, AS2 and AS3, that differ primarily in which IETF transfer protocol is used. AS1, AS2, and AS3 use SMTP, HTTP/HTTPS, and FTP/FTP-over-SSL respectively. Similar Packaging documentation is used for all transfer protocols. The details of packaging depend upon the specific security and mdn response modes of operation that are selected.

Some simple types referenced in Packaging could be:

<SimplePart id="X12SimplePart" mimetype="application/EDI-X12"/>

<SimplePart id="MdnText" mimetype="text/plain"/>

<SimplePart id="MdnMessage" mimetype="message/disposition-notification"/>

A signed MDN Packaging element could be then documented as:

<Packaging id="SignedMdn">

<ProcessingCapabilities generate="true" parse="true"/>

<CompositeList>

<Composite id="MdnComposite" mimeparameters="report-type=disposition-notification"

mimetype="multipart/report">

<Constituent excludedFromSignature="false" idref="MdnText" maxOccurs="1"

minOccurs="1"/>

<Constituent excludedFromSignature="false" idref="MdnMessage" maxOccurs="1"

minOccurs="1"/>

</Composite>

<Encapsulation id="DefaultEncapsulation3" mimetype="application/pkcs7-signature">

<Constituent excludedFromSignature="false" idref="MdnComposite" maxOccurs="1"

minOccurs="1"/>

</Encapsulation>

<Composite id="DefaultComposite4"

mimeparameters="protocol=&quot;application/pkcs7-signature&quot;"

mimetype="multipart/signed">

<Constituent excludedFromSignature="false" idref="DefaultEncapsulation3"

maxOccurs="1" minOccurs="1"/>

</Composite>

</CompositeList>

</Packaging>

Examples of packaging are included in the package of examples and sample referenced business process descriptions accompanying this specification.

SSL and PKI aspects for Transport Security are documented by means of components of the TransportServerSecurity or TransportClientSecurity, such as ServerCertificateRef, ClientCertificateRef, ClientSecurityDetailsRef, ServerSecurityDetailsRef.

Examples of this standard PKI documentation are included in the package of examples and sample referenced business process descriptions accompanying this specification.