|
Not a lot of comments on this thread. But
to summarize… 3 in favor of Option 2 (Features header)
and use of AS2–Version 1.2 1 in favor Option 3 where filtering is
done on a message Still does not fully address the initial
start–up conditions as Richard pointed out, but perhaps that just can not
be done without some manual setup. Since this EDIINT WG will likely be closing
relatively soon, I hope we can get some more to weigh in on this. Do others
object to Option 2 (with AS2–Version 1.2)? For those AS2 vendors supporting Option 2, would this impact your
product, including those deployed in existing supply chains? Are their
significant backward compatibility problems with this choice? Kyle Meadors DGI From: Tim McCarthy
[mailto:TMcCarthy@xxxxxxxxxxxxx] Seems to me that a combination of features
2 and 4 would provide everything we’d need. From:
owner-ietf-ediint@xxxxxxxxxxxx [mailto:owner-ietf-ediint@xxxxxxxxxxxx] On Behalf Of Richard Bigelow These are my comments. Option 2 is
preferred. This memo essentially supports John Duker's memo of Dec. 5,
Features Profile in AS2. 1. This option requires that implementers
of feature 1.n also implement all earlier features. Is that
reasonable? What if 1.5 is difficult and many vendors don't want to do
it, but many want to support 1.6? Not recommended. 2. The features header allows the
partner A receiving the message to know the other partner's (B's)
capabilities. So when A sends to B, A knows what is allowed. A can
also check B's AS2-version; 1.1 does not allow any of the controlled features,
but does allow compression. A should update some state for every message
received from B. B might stop supporting some feature. Recommended. A possible variant of (2) is that a
partner could send some message to all its trading partners when its
capabilities change. This message would have headers only, no
content. It might be useful to send this capabilities message to partners
that would rarely receive normal messages. 3. This option allows receivers to ignore
messages they don't understand, and to detect those messages without looking
for unknown headers. But it does not provide a mechanism for the sender
to know whether a receiver can receive the message. Suppose we had done
compression this way. A could send a compressed file to B, and B could
ignore it based on the feature header, but then the file is lost. B could
return a new MDN code indicating unsupported-feature, and A could then send the
uncompressed file, in this example. In other cases, A would have to use
some other mechanism. A could remember that B rejected the file and not
try that feature again, but how would A know if B upgraded and can now support
the feature? The original intent of the features header was that the
sender could know in advance if the receiver supports the feature. 3 is
not recommended. 4. Before sending a message to B, A should
ask B for B's capabilities, and check if B supports the feature. Since B
might stop supporting a feature, A should ask each time. This is ok for
rare messages, like CEM, but not for common ones, like Multiple Attachments.
Not recommended. None of these protocols fully addresses
the initial case. Before any messages are exchanged, how do the partners
know each other's capabilities? Each partner must assume that the other
supports only the basic 1.0 AS2 protocol. Hopefully, they will be
able to exchange normal messages, which will contain at least the 1.2 version
header. They can then use option 2 to discover each other
capabilities. This probably works for most features. For CEM,
either they must first exchange test messages that are unencrypted and unsigned
to establish CEM capability, or exchange initial certificates manually. Alternatively, the partners would
configure each other manually the first time. Thereafter, they would be
automatically updated on each other's capabilities. Richard Bigelow From:
owner-ietf-ediint@xxxxxxxxxxxx [mailto:owner-ietf-ediint@xxxxxxxxxxxx] On Behalf Of Kyle Meadors I am needing the opinion of the AS2 community on the use of
a feature profiles within AS2. Back in 2002, compression was added as an extra
feature. Using "AS2–Version: 1.1" in a message indicated the UA
could support compression even if the actual message did not contain the
compressed envelope. This assisted implementers in knowing if their trading
partners could support compression. 1. Use AS2–Version header to indicate UA support of
profiles (e.g. 1.2 indicates CEM, 1.3 indicates CEM, Reliability). Works like
compression (e.g. “1.2” indicates capability of CEM but not an actual
CEM message). 2. Use a new header, e.g. EDIINT–Features. The
features header shows all features supported by UA (e.g. EDIINT–Features:
CEM, multiple–attachment) but like AS2–Version does not indicate
every message contains profile. 3. Use a new header for each feature which is present ONLY
in the message using that feature. For example, “CEM–Profile”
for CEM messages. This could allow receiving UA to filter in only profiles it
recognizes. 4. Create a “Capability Query” AS2 Message which returns a Capability
MDN. MDN indicates what features receiving
UA can support. Kyle Meadors Principal, Test Process Drummond Group Inc. 615.212.0826 -- -- --
|
Draft EDI-INT Features Header August 2005
Private K. Meadors
Internet-Draft Drummond Group Inc.
Document: draft-meadors-ediint-features- August 2005
header-00.txt
Expires: February 2006
Target Category: Informational
EDI-INT Features Header
draft-meadors-ediint-features-header-00.txt
By submitting this Internet-Draft, each author represents
that any applicable patent or other IPR claims of which he
or she is aware have been or will be disclosed, and any of
which he or she becomes aware will be disclosed, in
accordance with Section 6 of BCP 79.
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Any questions, comments, and reports of defects or ambiguities in
this specification may be sent to the mailing list for the EDIINT
working group of the IETF, using the address <ietf-ediint@xxxxxxx>.
Requests to subscribe to the mailing list should be addressed to
<ietf-ediint-request@xxxxxxx>.
Abstract
With the maturity of the EDI-INT standard of AS1, AS2 and AS3,
applications and additional features are being built upon the basic
secure transport functionality. These features are not necessarily
Meadors Expires - February 2006 [Page 1]
Draft EDI-INT Features Header August 2005
supported by all EDI-INT applications and could cause potential
problems with implementations
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119.
Feedback Instructions
NOTE TO RFC EDITOR: This section should be removed by the RFC editor
prior to publication.
If you want to provide feedback on this draft, follow these
guidelines:
-Send feedback via e-mail to kyle@xxxxxxxxxxxxxxxxx, with "EDIINT
Features Header" in the Subject field.
-Be specific as to what section you are referring to, preferably
quoting the portion that needs modification, after which you state
your comments.
-If you are recommending some text to be replaced with your suggested
text, again, quote the section to be replaced, and be clear on the
section in question.
Table of Contents
1. Introduction...................................................2
2. EDIINT Features Header Syntax..................................3
3. Implementation and Processing..................................3
4. EDI-INT Applications...........................................3
5. Security Considerations........................................4
6. References.....................................................4
6.1 Normative References.......................................4
6.2 Informative References.....................................4
Author's Address..................................................4
1. Introduction
EDI-INT applications provide for a secure means of payload document
transport. The original intent was for transport of a single EDI or
XML document. However, as AS1 [AS1], AS2 [AS2] and AS3 [AS3] matured,
other features and application logic were implemented upon EDI-INT
standards. Since these features go beyond but do not violate the
Meadors Expires - February 2006 [Page 2]
Draft EDI-INT Features Header August 2005
basic premise of EDI-INT, a means is needed to communicate to trading
partners features which are supported by the originating user agent.
The EDIINT Features header indicates the capability of the user agent
to support the listed feature with its trading partner without out-
of-band communication and agreement.
2. EDIINT Features Header Syntax
The EDIINT Features header can appear in the header section of an
AS1, AS2 and AS3 message. Its BNF syntax is listed below.
Feature = "EDIINT-Features: " Feature-Name 1*("," Feature-Name)
Feature-Name = Feature-Token
Feature-Token = %d48-57 / ; 0-9
%d65-
90 / ; A-Z
%d97-122 / ; a-z
"-"
The Feature-Token allows for feature names to be specified and can
only contain alphanumeric characters along with the hyphen. Feature
names are case-insensitive.
3. Implementation and Processing
The EDIINT Features header indicates the originating user agent is
capable of supporting the features listed. The feature header MUST be
present in all messages transmitted by the user agent and not just
messages which utilize the feature. Upon examination of the feature
header, the trading partner SHOULD assume the user agent is capable
of receiving messages utilizing any of the features listed.
The features listed MUST be supported by existing IETF RFC or RFC-
track Internet-draft standards. These standards MUST describe the
feature name which is listed in the header and the means which it
should be used.
4. EDI-INT Applications
Since AS1 uses email and the EDIINT Features header is not a
registered header with IANA, the header MUST be preceded by a "X-" to
be used. If the receiving trading partner does not support EDIINT
Features, it can choose to ignore the header because of the "X-".
Because AS2 and AS3 utilize transports of HTTP and FTP, respectively,
which allow the application to ignore headers which it does not
recognize, the addition of the EDIINT Features header in AS2 and AS3
Meadors Expires - February 2006 [Page 3]
Draft EDI-INT Features Header August 2005
can be done without affecting trading partners who have not
implemented the header.
AS2 and AS3 applications currently use a version header, AS2-Version
and AS3-Version, respectively, to indicate functional support. The
EDIINT Features header tremendously improves the purpose and function
of the old version header. However, to provide a connection from the
old version header and the EDIINT Features header, AS2 and AS3
applications which implement the EDIINT Features header MUST use the
version value of "1.2" to indicate the support of the Feature header.
Also, since version "1.1" indicates the implementation supports
compression [COMPRESS] and "1.2" builds upon "1.1", AS2-Version or
AS3-Version of "1.2" MUST support compression regardless of whether
it is mentioned as a feature in the EDIINT Features header.
5. Security Considerations
Because headers are often un-encrypted, it may be possible for the
feature header to be altered. Trading partners MAY consult out-of-
band to confirm feature support.
6. References
6.1 Normative References
[AS1] RFC3335 “MIME-based Secure Peer-to-Peer Business Data
Interchange over the Internet using SMTP”, T. Harding, R.
Drummond, C. Shih, 2002.
[AS2] RFC4130 “MIME-based Secure Peer-to-Peer Business Data
Interchange over the Internet using HTTP”, D. Moberg, R.
Drummond, 2005.
[AS3] draft-ietf-ediint-as3-03.txt “MIME-based Secure Peer-to-Peer
Business Data Interchange over the Internet using FTP”, T.
Harding, R. Scott, 2005.
[COMPRESS] draft-ietf-ediint-compression-04.txt “Compressed Data for
EDIINT”, T. Harding, 2005.
6.2 Informative References
[RFC2828] RFC2828 “Internet Security Glossary”, R. Shirley, May 2000.
[RFC2119] RFC2119 “Key Words for Use in RFC's to Indicate Requirement
Levels”, S.Bradner, March 1997.
Author's Address
Meadors Expires - February 2006 [Page 4]
Draft EDI-INT Features Header August 2005
Kyle Meadors
Drummond Group Inc.
4700 Bryant Irvin Court, Suite 303
Fort Worth, TX 76107 USA
Email: kyle@xxxxxxxxxxxxxxxxx
Copyright Notice
Copyright (C) The Internet Society 2005. This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Meadors Expires - February 2006 [Page 5]