|
Since there appears to be consensus in using EDIINT–Features
header to announce feature support in trading partner, I have put together the
following scenarios. Are these accurate? I have also included the EDIINT–Features
draft which was issued last year to IETF. Does it convey all information needed
for a robust implementation? Actors: Company Alpha and Trading Partners Bravo and Charley Initial Condition: Alpha has trading relationship with Bravo
and both are using AS2–Version: 1.1 products. TP Charley is schedule to
be setup with Alpha. Action 1: Alpha upgrades product to AS2–Version: 1.2
using EDIINT–Features. It supports feature CEM. Expected Outcome–1: All messages coming out of Alpha contain
EDIINT–Features header and AS2–Version: 1.2. Expected Outcome–2: Bravo ignores and does NOT fail Alpha’s
messages and processes them “normally”. Alpha does NOT send CEM
messages to Bravo because it does not detect EDIINT–Features support for
CEM. Action 2: Bravo upgrades product to AS2–Version: 1.2
using EDIINT–Features. It supports features CEM and MA. Expected Outcome–1: All messages coming out of Bravo contain
EDIINT–Features header and AS2–Version: 1.2. Expected Outcome–2: Both Alpha and Bravo recognize
each other’s support of CEM through EDIINT–Features header, and Bravo
recognizes Alpha does NOT support MA. Action 3: Alpha onramps Charley as a trading partner. Expected Outcome–1: Certificates for both Alpha and
Charley MUST be exchanged out–of–band Expected Outcome–2: After trading begins, Alpha
recognizes Charley does NOT support CEM through its messages. Action 4: Alpha issues new certificates. Expected Outcome–1: Alpha sends new certificates
through CEM to Bravo. Bravo follows CEM procedure and upgrades certificates. Expected Outcome–2: Alpha exchanges new certificates
with Charley out–of–band. Charley upgrades new certificates and
notifies Alpha of upgrade. Kyle Meadors Principal, Test Process Drummond Group Inc. 615.212.0826 --
|
Draft EDI-INT Features Header August 2005
Private K. Meadors
Internet-Draft Drummond Group Inc.
Document: draft-meadors-ediint-features- August 2005
header-00.txt
Expires: February 2006
Target Category: Informational
EDI-INT Features Header
draft-meadors-ediint-features-header-00.txt
By submitting this Internet-Draft, each author represents
that any applicable patent or other IPR claims of which he
or she is aware have been or will be disclosed, and any of
which he or she becomes aware will be disclosed, in
accordance with Section 6 of BCP 79.
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Any questions, comments, and reports of defects or ambiguities in
this specification may be sent to the mailing list for the EDIINT
working group of the IETF, using the address <ietf-ediint@xxxxxxx>.
Requests to subscribe to the mailing list should be addressed to
<ietf-ediint-request@xxxxxxx>.
Abstract
With the maturity of the EDI-INT standard of AS1, AS2 and AS3,
applications and additional features are being built upon the basic
secure transport functionality. These features are not necessarily
Meadors Expires - February 2006 [Page 1]
Draft EDI-INT Features Header August 2005
supported by all EDI-INT applications and could cause potential
problems with implementations
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119.
Feedback Instructions
NOTE TO RFC EDITOR: This section should be removed by the RFC editor
prior to publication.
If you want to provide feedback on this draft, follow these
guidelines:
-Send feedback via e-mail to kyle@xxxxxxxxxxxxxxxxx, with "EDIINT
Features Header" in the Subject field.
-Be specific as to what section you are referring to, preferably
quoting the portion that needs modification, after which you state
your comments.
-If you are recommending some text to be replaced with your suggested
text, again, quote the section to be replaced, and be clear on the
section in question.
Table of Contents
1. Introduction...................................................2
2. EDIINT Features Header Syntax..................................3
3. Implementation and Processing..................................3
4. EDI-INT Applications...........................................3
5. Security Considerations........................................4
6. References.....................................................4
6.1 Normative References.......................................4
6.2 Informative References.....................................4
Author's Address..................................................4
1. Introduction
EDI-INT applications provide for a secure means of payload document
transport. The original intent was for transport of a single EDI or
XML document. However, as AS1 [AS1], AS2 [AS2] and AS3 [AS3] matured,
other features and application logic were implemented upon EDI-INT
standards. Since these features go beyond but do not violate the
Meadors Expires - February 2006 [Page 2]
Draft EDI-INT Features Header August 2005
basic premise of EDI-INT, a means is needed to communicate to trading
partners features which are supported by the originating user agent.
The EDIINT Features header indicates the capability of the user agent
to support the listed feature with its trading partner without out-
of-band communication and agreement.
2. EDIINT Features Header Syntax
The EDIINT Features header can appear in the header section of an
AS1, AS2 and AS3 message. Its BNF syntax is listed below.
Feature = "EDIINT-Features: " Feature-Name 1*("," Feature-Name)
Feature-Name = Feature-Token
Feature-Token = %d48-57 / ; 0-9
%d65-
90 / ; A-Z
%d97-122 / ; a-z
"-"
The Feature-Token allows for feature names to be specified and can
only contain alphanumeric characters along with the hyphen. Feature
names are case-insensitive.
3. Implementation and Processing
The EDIINT Features header indicates the originating user agent is
capable of supporting the features listed. The feature header MUST be
present in all messages transmitted by the user agent and not just
messages which utilize the feature. Upon examination of the feature
header, the trading partner SHOULD assume the user agent is capable
of receiving messages utilizing any of the features listed.
The features listed MUST be supported by existing IETF RFC or RFC-
track Internet-draft standards. These standards MUST describe the
feature name which is listed in the header and the means which it
should be used.
4. EDI-INT Applications
Since AS1 uses email and the EDIINT Features header is not a
registered header with IANA, the header MUST be preceded by a "X-" to
be used. If the receiving trading partner does not support EDIINT
Features, it can choose to ignore the header because of the "X-".
Because AS2 and AS3 utilize transports of HTTP and FTP, respectively,
which allow the application to ignore headers which it does not
recognize, the addition of the EDIINT Features header in AS2 and AS3
Meadors Expires - February 2006 [Page 3]
Draft EDI-INT Features Header August 2005
can be done without affecting trading partners who have not
implemented the header.
AS2 and AS3 applications currently use a version header, AS2-Version
and AS3-Version, respectively, to indicate functional support. The
EDIINT Features header tremendously improves the purpose and function
of the old version header. However, to provide a connection from the
old version header and the EDIINT Features header, AS2 and AS3
applications which implement the EDIINT Features header MUST use the
version value of "1.2" to indicate the support of the Feature header.
Also, since version "1.1" indicates the implementation supports
compression [COMPRESS] and "1.2" builds upon "1.1", AS2-Version or
AS3-Version of "1.2" MUST support compression regardless of whether
it is mentioned as a feature in the EDIINT Features header.
5. Security Considerations
Because headers are often un-encrypted, it may be possible for the
feature header to be altered. Trading partners MAY consult out-of-
band to confirm feature support.
6. References
6.1 Normative References
[AS1] RFC3335 “MIME-based Secure Peer-to-Peer Business Data
Interchange over the Internet using SMTP”, T. Harding, R.
Drummond, C. Shih, 2002.
[AS2] RFC4130 “MIME-based Secure Peer-to-Peer Business Data
Interchange over the Internet using HTTP”, D. Moberg, R.
Drummond, 2005.
[AS3] draft-ietf-ediint-as3-03.txt “MIME-based Secure Peer-to-Peer
Business Data Interchange over the Internet using FTP”, T.
Harding, R. Scott, 2005.
[COMPRESS] draft-ietf-ediint-compression-04.txt “Compressed Data for
EDIINT”, T. Harding, 2005.
6.2 Informative References
[RFC2828] RFC2828 “Internet Security Glossary”, R. Shirley, May 2000.
[RFC2119] RFC2119 “Key Words for Use in RFC's to Indicate Requirement
Levels”, S.Bradner, March 1997.
Author's Address
Meadors Expires - February 2006 [Page 4]
Draft EDI-INT Features Header August 2005
Kyle Meadors
Drummond Group Inc.
4700 Bryant Irvin Court, Suite 303
Fort Worth, TX 76107 USA
Email: kyle@xxxxxxxxxxxxxxxxx
Copyright Notice
Copyright (C) The Internet Society 2005. This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Meadors Expires - February 2006 [Page 5]