A group of B2B industry leaders representing Cisco Systems, the Drummond Group, Extol International, and Sterling Commerce would like to propose the formation of a subproject within the ebXML Messaging Services TC with the intention of developing and publishing a profile of the ebMS v3.0 specification.
This profile will leverage the existing work done by the ebXML MS TC to provide guidance for a standardized methodology for the secure and document-agnostic exchange of B2B payloads using a Web services platform. By constraining the ebMS v3.0 specification and the underlying WS-I profiles for messaging packaging, transport, security, and non-repudiation, the proposed profile will focus on providing an entry-level on-ramp for Web services B2B messaging. The end goal of this profile development is to replicate and strategically extend the existing functional requirements currently satisfied by RFC4130 (AS2) by mapping those requirements onto the Web services platform. We believe that the ebMS v3.0 provides a robust specification and a respected standards body, and much of the work done by this TC can be leveraged for this business need.
The group proposing this profile see the business value of such a profile and are committed to authoring the profile under the guidance and support of the TC. The companies represented above have committed to development of the profile, implementing the profile in product-with-version, and participation in a full matrix interoperability test.
Last year, a group of B2B software vendors had a series of technical discussions to formulate an initial set of functional requirements that would comprise a secure, document-agnostic Web services B2B messaging standard. The following is a summary of those requirements that had general consensus among the participants:
+ All messages must use SOAP 1.1 enveloping structure SOAP 1.1,
+ WS-Security, SOAP w/Attachments, and WS-Addressing were
identified as the fundamental underlying WS-* specifications.
+ WS-I Basic Profile, WS-I Basic Security Profile, and WS-I
Attachments Profile were identified as relevant WS-* profiles to leverage.
+ All business document payloads must be transmitted in the message as
SOAP Attachments and are to be agnostic with respect to any SOAP operations or WSDL definitions.
+ No payloads will be included in the SOAP body element Multiple
+ document payloads may be supported Application of payload compression
+ may be supported, and if so must
occur prior to attaching the document and prior to the application to any message-level security
+ The use of WS-Addressing header constructs in order to facilitate
route and endpoint identification of exchange messages, and to relate request-reply message exchange patterns.
+ Support for message-level security including various combinations of
XML Dsig and/or XML Encryption as governed by WS-Security, constrained to use only X.509 security tokens and detached signatures only.
+ Support for business non-repudiation acknowledgements similar to
RFC3798 (MDN)
+ Support for only the One-Way/Push (synchronous and asynchronous) and
the Two-Way/Push-and-Push (asynchronous only) MEPs.
After reviewing these initial functional requirements, it was readily apparent that these requirements overlapped with the existing protocol specified by RFC4130 (AS2). With the recent publication of the ebMS v3 specification, it was also clear that ebMS v3 shared some common ground with these requirements as well. As such we believe a profile that maps these requirements onto the ebMS v3 specification will not only provide businesses with a simplified on-ramp to Web services B2B messaging (including verticals that might wish to migrate from AS2 to Web services), but could serve as a pre-cursor to a full implementation of the ebMS v3 specification.
The technical discussions further produced an initial generalized roadmap of the evolution of the profile development in different
phases:
Phase I: Basic Web services Transport and Security =E2=80=93 WS-I, SOAP 1= .1, SwA, WS-Security, and WS-Addressing are focal points, with simple document-agnostic message exchange choreograhies with and without business non-repudiation.
Phase II: Advanced Web services B2B Topics =E2=80=93 Quality of Service concerns (Reliable Messaging), Very Large Message exchange, and perhaps more complex message exchange choreographies.
Phase III: Niche Functionality =E2=80=93 SOAP 1.2, Secure Conversations, = and other WS-* specs such as Trust, Identity, Policy, etc.
If these requirements are actualized by our proposed ebMS v3 profile, the phased evolution of this extended functionality could be realized in either a full implementation of the ebMS v3 specification or by extending the initial profile.
We thank this TC ahead of time for considering this proposal and we welcome any comments or feedback.
Sincerely,
Timothy Bennett, Drummond Group
John Voss, Cisco Systems
Mark Denchy, Extol International
Mike Maxwell, Sterling Commerce
This profile will leverage the existing work done by the ebXML MS TC to provide guidance for a standardized methodology for the secure and document-agnostic exchange of B2B payloads using a Web services platform. By constraining the ebMS v3.0 specification and the underlying WS-I profiles for messaging packaging, transport, security, and non-repudiation, the proposed profile will focus on providing an entry-level on-ramp for Web services B2B messaging. The end goal of this profile development is to replicate and strategically extend the existing functional requirements currently satisfied by RFC4130 (AS2) by mapping those requirements onto the Web services platform. We believe that the ebMS v3.0 provides a robust specification and a respected standards body, and much of the work done by this TC can be leveraged for this business need.
The group proposing this profile see the business value of such a profile and are committed to authoring the profile under the guidance and support of the TC. The companies represented above have committed to development of the profile, implementing the profile in product-with-version, and participation in a full matrix interoperability test.
Last year, a group of B2B software vendors had a series of technical discussions to formulate an initial set of functional requirements that would comprise a secure, document-agnostic Web services B2B messaging standard. The following is a summary of those requirements that had general consensus among the participants:
+ All messages must use SOAP 1.1 enveloping structure SOAP 1.1,
+ WS-Security, SOAP w/Attachments, and WS-Addressing were
identified as the fundamental underlying WS-* specifications.
+ WS-I Basic Profile, WS-I Basic Security Profile, and WS-I
Attachments Profile were identified as relevant WS-* profiles to leverage.
+ All business document payloads must be transmitted in the message as
SOAP Attachments and are to be agnostic with respect to any SOAP operations or WSDL definitions.
+ No payloads will be included in the SOAP body element Multiple
+ document payloads may be supported Application of payload compression
+ may be supported, and if so must
occur prior to attaching the document and prior to the application to any message-level security
+ The use of WS-Addressing header constructs in order to facilitate
route and endpoint identification of exchange messages, and to relate request-reply message exchange patterns.
+ Support for message-level security including various combinations of
XML Dsig and/or XML Encryption as governed by WS-Security, constrained to use only X.509 security tokens and detached signatures only.
+ Support for business non-repudiation acknowledgements similar to
RFC3798 (MDN)
+ Support for only the One-Way/Push (synchronous and asynchronous) and
the Two-Way/Push-and-Push (asynchronous only) MEPs.
After reviewing these initial functional requirements, it was readily apparent that these requirements overlapped with the existing protocol specified by RFC4130 (AS2). With the recent publication of the ebMS v3 specification, it was also clear that ebMS v3 shared some common ground with these requirements as well. As such we believe a profile that maps these requirements onto the ebMS v3 specification will not only provide businesses with a simplified on-ramp to Web services B2B messaging (including verticals that might wish to migrate from AS2 to Web services), but could serve as a pre-cursor to a full implementation of the ebMS v3 specification.
The technical discussions further produced an initial generalized roadmap of the evolution of the profile development in different
phases:
Phase I: Basic Web services Transport and Security =E2=80=93 WS-I, SOAP 1= .1, SwA, WS-Security, and WS-Addressing are focal points, with simple document-agnostic message exchange choreograhies with and without business non-repudiation.
Phase II: Advanced Web services B2B Topics =E2=80=93 Quality of Service concerns (Reliable Messaging), Very Large Message exchange, and perhaps more complex message exchange choreographies.
Phase III: Niche Functionality =E2=80=93 SOAP 1.2, Secure Conversations, = and other WS-* specs such as Trust, Identity, Policy, etc.
If these requirements are actualized by our proposed ebMS v3 profile, the phased evolution of this extended functionality could be realized in either a full implementation of the ebMS v3 specification or by extending the initial profile.
We thank this TC ahead of time for considering this proposal and we welcome any comments or feedback.
Sincerely,
Timothy Bennett, Drummond Group
John Voss, Cisco Systems
Mark Denchy, Extol International
Mike Maxwell, Sterling Commerce
