SlideShare a Scribd company logo

Peppol online ws. 3 start and agreements

Download as PPTX, PDF
M
mf_sthlm

Presentation from the third online PEPPOL workshop now available. Topics: START protocol and provider agreements.

Technology
1 of 28
PEPPOLWorkshop – START and Agreements Martin Forsberg, Ecru Consulting Mikael Aksamit, Tickstar AB
The PEPPOL project The PEPPOL project is the result of the European Competitiveness and Innovation Programme (CIP) ICT Policy Support Programme (ICTPSP) 2007 and 2009 Call for Proposals Pilot A objective: Enabling EU-wide public eProcurement 50% EU contribution for achieving interoperability Coordinated by the Norwegian Agency for Public Management and eGovernment (Difi) Consortium and scope: 18 beneficiaries from 12 countries Total budget 30,8 M€ 8 work packages, <1.600 person months and 10 M€ on sub-contractors Project start up: 1 May 2008, duration 48 months* *Current project duration is 42 months (+6 months extension subject to European Commission's approval)
Any supplier (incl. SMEs) in the EU can communicateelectronically with any European contracting authority for all procurement processes. The PEPPOL Vision 3
eProcurement
Page 5 Provider Agreements and Governance
Change of plans ,[object Object]
This presentation will only give a short introductionPage 6
Regional domain Regional domain AP AP Contracting Authority Economic Operator SMP SMP SML Coordinating Authority Regional Authority Two levels of governance Provides European wide governance for: the PEPPOL Technical Standards the PEPPOL Service Specifications the PEPPOL SML the PEPPOL Agreements Provides regional governance for: the implementation and use of the transport infrastructure the legal framework for specific AP and SMP agreements specific requirements applicable within a domain
PEPPOL Transport Infrastructure Agreements The aim of the PEPPOL Transport Infrastructure Agreements is to regulate the roles and responsibilities of the actors involved in the governance and operation of the PEPPOL transport infrastructure. Three separate agreements with a common set of annexes. Contact points Definitions Service and Service Levels Technical Standards Regional domain and its specific services and service levels Change Procedures The PEPPOL Governance Model and model agreements
Key principles Inspired by other initiatives, but reflects the uniqueness of the PEPPOL initiative: An open community where interoperability is achieved through common specification and not point-to-point agreements. The PEPPOL Transport Infrastructure Agreements provides governance for the PEPPOL Transport Infrastructure based on: a European wide coordination over all common components of the transport infrastructure; a regional coordination and supervision of the implementation and use of the transport infrastructure within a domain; and open and transparent provision of SML, SMP and AP services based on a common set of agreements as well as common definition of services and service levels.
PEPPOL Transport Infrastructure Agreements PEPPOL Community Agreement “… terms and conditions under which the Parties shall provide governance for the PEPPOL Transport Infrastructure.” A model agreement regulating the “… terms and conditions under which: the PEPPOL AP Provider shall provide the required PEPPOL AP Services; the PEPPOL Regional Authority shall ensure  that the services provided by the PEPPOL AP Provider are provided and maintained in a reliable, professional and state of the art manner, in compliance with all applicable laws and all relevant technical specifications, to ensure consistency across the full PEPPOL Transport Infrastructure .” A model agreement regulating the “… terms and conditions under which: the PEPPOL SMP Provider shall provide the required PEPPOL SMP Services; the PEPPOL Regional Authority shall ensure that the services provided by the PEPPOL SMP Provider are provided and maintained in a reliable, professional and state of the art manner, in compliance  with all applicable laws and all relevant technical specifications, to ensure consistency across the full PEPPOL Transport Infrastructure.” PEPPOL AP Provider Agreement Coordinating Authority I.e. PEPPOL GB Regional Authority E.g. VM SMP Provider E.g. ITELLA AP Provider E.g. ITELLA PEPPOL SMP Provider Agreement
Page 12 START – Secure Trusted Asynchronous Reliable Transport
Goals START SecureTrusted Asynchronous Reliable Transport A SOAP-based profile that offers secure and reliable delivery of messages between Access Points. START Access Point (START AP) Communicates in a peer-to-peer manner with other START APs Derives endpoints to other START APs through SMP-lookups Can offer other transport profiles, but MUST always offer START Restricted usage of standards to achieve interoperability
Goals of START Profile A single profile that implementers can follow and therefore gain access to the infrastructure Define a simple, interoperable communications pattern Ensure messages reliable delivered between Access Points Ensure confidentiality using transport-level encryption Ensure integrity and authenticity of received messages by signature validation Content of transferred messages is opaque for the Access Points
Technology in profile 15 START Profile A set of well-known standard, to be strictly used to ensure interoperability SOAP 1.1 WS-Addressing 1.0 WS-Security 1.1 WS-Transfer WS-ReliableMessaging 1.1 SAML 2.0
Typical flow SML SMP Company 2 (C2) Company 1 (C1) 2. START Access Point 2 (AP2) 4. 1. 3. 3 (5). START Access Point 1 (AP1)
Typical flow Message is created by C1 and transferred to AP1, containing necessary identifiers AP1 does a SML/SMP-lookup to find out location of AP2 (where the receiver C2 is located behind) AP1 prepares any tokens it needs to include in transfer and calculates the SAML 2.0 assertions AP1 adds identifiers to SOAP headers and signs message AP1 uses WS-ReliableMessaging and TLS to transfer message to AP2 AP2 can deliver message to C2 in a synchronous or asynchronous manner, in either case a proof-of-delivery needs to be returned at some point to AP1 AP1 log signed proof of delivery
Sequence of a typical flow
Page 19 Security overview Timestamp with 5 minutes expiration Message Authentication and Integrity START AP Certificate must be included SAML 2.0 Assertions Due to the complexity and size of the SOAP-Envelopes, an in-depth analysis will be held during the Face2Face meeting the 18th of April.
Page 20 Types of SAML Assertions Sender-Vouches Used when sender AP itself have authenticated the sender Sender AP both issues and signs the token, authenticating the senders identity Receiving AP must trust the sending AP regarding authentication of sender Holder-of-key Trusted 3rd parties authenticate the sender on behalf of the sending AP SAML assertion issued and signed by a 3rd party
Receiving START AP Page 21 Must validate the message signature and security tokens Test of validity of period (timestamp expiration) Trust in certificate issuer Check revocation status of certificates In return the receiving START AP must sign and include its certificate in any responses. Sending AP have the possibility to verify that returned certificate is the same that was included in SMP reply.
SOAP Faults Page 22 In case of error in the transaction the START AP can return 5 faults Channel Full Fault Unknown Endpoint Security Error Document Type Not Accepted Server Error The detailed information about fault handling in the START specification contains contradictions. A corrigendum will be issued shortly.
Environment Page 23 Previous version of Metro WS Framework contained a bug! It is essential to upgrade Metro, to version 2.1 Similar bug may exist in .NET WCF (unconfirmed!) Environments proven to work GlassFish 2.1.1 with Metro 2.1, Windows and Linux Tomcat 6 with Metro 2.1, Linux
About the certificates Page 24 Three certificates can be issued START AP Certificate SMP Certificate Security Token Service (STS) Certificate START AP Certificate Used to authenticate START AP (both sending and receiving) Can be attached in SMP responses Can be used to authenticate the sender SMP Certificate Used to authenticate response from SMP service Used for client authentication when managing SML Security Token Service Certificate Used in a “holder-of-key”-scenario by a 3rd party
Certificate Hierarchy Page 25 Hierarchy of certificates One Root CA Three Intermediate CAs
Certificate Revocation Page 26 Certificates are issued by Verisign on behalf of the PEPPOL consortium. Certificates can be revoked by the issuer Certificate still looks valid Needs to be checked against revocation list (usually a mechanism not enabled by default in most application servers) Can be solved by: Certificate Revocation List (CRL) Online Certificate Status Protocol (OCSP)
Page 27 Questions…

Recommended

PEPPOL Online Workshop 1 Overview
PEPPOL Online Workshop 1 OverviewPEPPOL Online Workshop 1 Overview
PEPPOL Online Workshop 1 Overviewmf_sthlm
 
IMPACT OF CONTENTION WINDOW ON CONGESTION CONTROL ALGORITHMS FOR WIRELESS ADH...
IMPACT OF CONTENTION WINDOW ON CONGESTION CONTROL ALGORITHMS FOR WIRELESS ADH...IMPACT OF CONTENTION WINDOW ON CONGESTION CONTROL ALGORITHMS FOR WIRELESS ADH...
IMPACT OF CONTENTION WINDOW ON CONGESTION CONTROL ALGORITHMS FOR WIRELESS ADH...cscpconf
 
Broadcast storms in service provider network, Nafeez Islam
Broadcast storms in service provider network, Nafeez IslamBroadcast storms in service provider network, Nafeez Islam
Broadcast storms in service provider network, Nafeez IslamBangladesh Network Operators Group
 
ICWES15 - Green Path Connection in Multi-Layer Transport Network. Presented b...
ICWES15 - Green Path Connection in Multi-Layer Transport Network. Presented b...ICWES15 - Green Path Connection in Multi-Layer Transport Network. Presented b...
ICWES15 - Green Path Connection in Multi-Layer Transport Network. Presented b...Engineers Australia
 
PEPPOL online WS. 4 and 5 CENBII Transactions in PEPPOL
PEPPOL online WS. 4 and 5 CENBII Transactions in PEPPOLPEPPOL online WS. 4 and 5 CENBII Transactions in PEPPOL
PEPPOL online WS. 4 and 5 CENBII Transactions in PEPPOLmf_sthlm
 
Teaching Students with Emojis, Emoticons, & Textspeak
Teaching Students with Emojis, Emoticons, & TextspeakTeaching Students with Emojis, Emoticons, & Textspeak
Teaching Students with Emojis, Emoticons, & TextspeakShelly Sanchez Terrell
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsLinkedIn
 
Hype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerHype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerLuminary Labs
 

Recommended

PEPPOL Online Workshop 1 Overview
PEPPOL Online Workshop 1 OverviewPEPPOL Online Workshop 1 Overview
PEPPOL Online Workshop 1 Overviewmf_sthlm
 
IMPACT OF CONTENTION WINDOW ON CONGESTION CONTROL ALGORITHMS FOR WIRELESS ADH...
IMPACT OF CONTENTION WINDOW ON CONGESTION CONTROL ALGORITHMS FOR WIRELESS ADH...IMPACT OF CONTENTION WINDOW ON CONGESTION CONTROL ALGORITHMS FOR WIRELESS ADH...
IMPACT OF CONTENTION WINDOW ON CONGESTION CONTROL ALGORITHMS FOR WIRELESS ADH...cscpconf
 
Broadcast storms in service provider network, Nafeez Islam
Broadcast storms in service provider network, Nafeez IslamBroadcast storms in service provider network, Nafeez Islam
Broadcast storms in service provider network, Nafeez IslamBangladesh Network Operators Group
 
ICWES15 - Green Path Connection in Multi-Layer Transport Network. Presented b...
ICWES15 - Green Path Connection in Multi-Layer Transport Network. Presented b...ICWES15 - Green Path Connection in Multi-Layer Transport Network. Presented b...
ICWES15 - Green Path Connection in Multi-Layer Transport Network. Presented b...Engineers Australia
 
PEPPOL online WS. 4 and 5 CENBII Transactions in PEPPOL
PEPPOL online WS. 4 and 5 CENBII Transactions in PEPPOLPEPPOL online WS. 4 and 5 CENBII Transactions in PEPPOL
PEPPOL online WS. 4 and 5 CENBII Transactions in PEPPOLmf_sthlm
 
Teaching Students with Emojis, Emoticons, & Textspeak
Teaching Students with Emojis, Emoticons, & TextspeakTeaching Students with Emojis, Emoticons, & Textspeak
Teaching Students with Emojis, Emoticons, & TextspeakShelly Sanchez Terrell
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsLinkedIn
 
Hype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerHype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerLuminary Labs
 
REST APIs and MQ
REST APIs and MQREST APIs and MQ
REST APIs and MQMatt Leming
 
Qos videoconferencing service
Qos videoconferencing serviceQos videoconferencing service
Qos videoconferencing serviceAhmed M Bader El Din
 
Implementation and Performance Analysis of a UDP Binding for SOAP
Implementation and Performance Analysis of a UDP Binding for SOAPImplementation and Performance Analysis of a UDP Binding for SOAP
Implementation and Performance Analysis of a UDP Binding for SOAPDr. Fahad Aijaz
 
Packet Guide SONET/SDH
Packet Guide SONET/SDHPacket Guide SONET/SDH
Packet Guide SONET/SDHscribd1
 
Unit 5.Transport Layer.pptx
Unit 5.Transport Layer.pptxUnit 5.Transport Layer.pptx
Unit 5.Transport Layer.pptx1136NayanSonawane
 
Protocol For Streaming Media
Protocol For Streaming MediaProtocol For Streaming Media
Protocol For Streaming MediaKaniska Mandal
 
Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)Peter R. Egli
 
Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)Peter R. Egli
 
An Integrated Solution for Runtime Compliance Governance in SOA
An Integrated Solution for Runtime Compliance Governance in SOAAn Integrated Solution for Runtime Compliance Governance in SOA
An Integrated Solution for Runtime Compliance Governance in SOAAliaksandr Birukou
 
CCNA v6.0 ITN - Chapter 09
CCNA v6.0 ITN - Chapter 09CCNA v6.0 ITN - Chapter 09
CCNA v6.0 ITN - Chapter 09Irsandi Hasan
 
Whitepaper shenick optimizing_4_g_networks-2
Whitepaper shenick optimizing_4_g_networks-2Whitepaper shenick optimizing_4_g_networks-2
Whitepaper shenick optimizing_4_g_networks-2Vaibhav Srivastava
 
Mplswc2006 white paper-v1.1
Mplswc2006 white paper-v1.1Mplswc2006 white paper-v1.1
Mplswc2006 white paper-v1.1Sean Andersen
 
D06.VoLTE Interfaces , Protocols & IMS Stack.pdf
D06.VoLTE Interfaces , Protocols & IMS Stack.pdfD06.VoLTE Interfaces , Protocols & IMS Stack.pdf
D06.VoLTE Interfaces , Protocols & IMS Stack.pdfElyDaliman
 
VoLTE Interfaces , Protocols & IMS Stack Explained
VoLTE Interfaces , Protocols & IMS Stack ExplainedVoLTE Interfaces , Protocols & IMS Stack Explained
VoLTE Interfaces , Protocols & IMS Stack ExplainedVikas Shokeen
 
EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHOD
EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHODEXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHOD
EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHODijcseit
 
EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHOD
EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHODEXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHOD
EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHODijcseit
 
Communication between PLC different vendors using OPC server improved with ap...
Communication between PLC different vendors using OPC server improved with ap...Communication between PLC different vendors using OPC server improved with ap...
Communication between PLC different vendors using OPC server improved with ap...TELKOMNIKA JOURNAL
 
Service provider and content aware network provider cross layer optimisation ...
Service provider and content aware network provider cross layer optimisation ...Service provider and content aware network provider cross layer optimisation ...
Service provider and content aware network provider cross layer optimisation ...Alpen-Adria-Universität
 
Extended distributed uml based protocol
Extended distributed uml based protocolExtended distributed uml based protocol
Extended distributed uml based protocolijcseit
 
Attach flow &amp; srb
Attach flow &amp; srbAttach flow &amp; srb
Attach flow &amp; srbMausam Panchal
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxnull - The Open Security Community
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

More Related Content

Similar to Peppol online ws. 3 start and agreements

REST APIs and MQ
REST APIs and MQREST APIs and MQ
REST APIs and MQMatt Leming
 
Implementation and Performance Analysis of a UDP Binding for SOAP
Implementation and Performance Analysis of a UDP Binding for SOAPImplementation and Performance Analysis of a UDP Binding for SOAP
Implementation and Performance Analysis of a UDP Binding for SOAPDr. Fahad Aijaz
 
Packet Guide SONET/SDH
Packet Guide SONET/SDHPacket Guide SONET/SDH
Packet Guide SONET/SDHscribd1
 
Protocol For Streaming Media
Protocol For Streaming MediaProtocol For Streaming Media
Protocol For Streaming MediaKaniska Mandal
 
Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)Peter R. Egli
 
Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)Peter R. Egli
 
An Integrated Solution for Runtime Compliance Governance in SOA
An Integrated Solution for Runtime Compliance Governance in SOAAn Integrated Solution for Runtime Compliance Governance in SOA
An Integrated Solution for Runtime Compliance Governance in SOAAliaksandr Birukou
 
CCNA v6.0 ITN - Chapter 09
CCNA v6.0 ITN - Chapter 09CCNA v6.0 ITN - Chapter 09
CCNA v6.0 ITN - Chapter 09Irsandi Hasan
 
Whitepaper shenick optimizing_4_g_networks-2
Whitepaper shenick optimizing_4_g_networks-2Whitepaper shenick optimizing_4_g_networks-2
Whitepaper shenick optimizing_4_g_networks-2Vaibhav Srivastava
 
Mplswc2006 white paper-v1.1
Mplswc2006 white paper-v1.1Mplswc2006 white paper-v1.1
Mplswc2006 white paper-v1.1Sean Andersen
 
D06.VoLTE Interfaces , Protocols & IMS Stack.pdf
D06.VoLTE Interfaces , Protocols & IMS Stack.pdfD06.VoLTE Interfaces , Protocols & IMS Stack.pdf
D06.VoLTE Interfaces , Protocols & IMS Stack.pdfElyDaliman
 
VoLTE Interfaces , Protocols & IMS Stack Explained
VoLTE Interfaces , Protocols & IMS Stack ExplainedVoLTE Interfaces , Protocols & IMS Stack Explained
VoLTE Interfaces , Protocols & IMS Stack ExplainedVikas Shokeen
 
EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHOD
EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHODEXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHOD
EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHODijcseit
 
EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHOD
EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHODEXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHOD
EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHODijcseit
 
Communication between PLC different vendors using OPC server improved with ap...
Communication between PLC different vendors using OPC server improved with ap...Communication between PLC different vendors using OPC server improved with ap...
Communication between PLC different vendors using OPC server improved with ap...TELKOMNIKA JOURNAL
 
Service provider and content aware network provider cross layer optimisation ...
Service provider and content aware network provider cross layer optimisation ...Service provider and content aware network provider cross layer optimisation ...
Service provider and content aware network provider cross layer optimisation ...Alpen-Adria-Universität
 
Extended distributed uml based protocol
Extended distributed uml based protocolExtended distributed uml based protocol
Extended distributed uml based protocolijcseit
 

Similar to Peppol online ws. 3 start and agreements (20)

REST APIs and MQ
REST APIs and MQREST APIs and MQ
REST APIs and MQ
 
Qos videoconferencing service
Qos videoconferencing serviceQos videoconferencing service
Qos videoconferencing service
 
Implementation and Performance Analysis of a UDP Binding for SOAP
Implementation and Performance Analysis of a UDP Binding for SOAPImplementation and Performance Analysis of a UDP Binding for SOAP
Implementation and Performance Analysis of a UDP Binding for SOAP
 
Packet Guide SONET/SDH
Packet Guide SONET/SDHPacket Guide SONET/SDH
Packet Guide SONET/SDH
 
Unit 5.Transport Layer.pptx
Unit 5.Transport Layer.pptxUnit 5.Transport Layer.pptx
Unit 5.Transport Layer.pptx
 
Protocol For Streaming Media
Protocol For Streaming MediaProtocol For Streaming Media
Protocol For Streaming Media
 
Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)
 
Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)Overview of SCTP (Stream Control Transmission Protocol)
Overview of SCTP (Stream Control Transmission Protocol)
 
An Integrated Solution for Runtime Compliance Governance in SOA
An Integrated Solution for Runtime Compliance Governance in SOAAn Integrated Solution for Runtime Compliance Governance in SOA
An Integrated Solution for Runtime Compliance Governance in SOA
 
CCNA v6.0 ITN - Chapter 09
CCNA v6.0 ITN - Chapter 09CCNA v6.0 ITN - Chapter 09
CCNA v6.0 ITN - Chapter 09
 
Whitepaper shenick optimizing_4_g_networks-2
Whitepaper shenick optimizing_4_g_networks-2Whitepaper shenick optimizing_4_g_networks-2
Whitepaper shenick optimizing_4_g_networks-2
 
Mplswc2006 white paper-v1.1
Mplswc2006 white paper-v1.1Mplswc2006 white paper-v1.1
Mplswc2006 white paper-v1.1
 
D06.VoLTE Interfaces , Protocols & IMS Stack.pdf
D06.VoLTE Interfaces , Protocols & IMS Stack.pdfD06.VoLTE Interfaces , Protocols & IMS Stack.pdf
D06.VoLTE Interfaces , Protocols & IMS Stack.pdf
 
VoLTE Interfaces , Protocols & IMS Stack Explained
VoLTE Interfaces , Protocols & IMS Stack ExplainedVoLTE Interfaces , Protocols & IMS Stack Explained
VoLTE Interfaces , Protocols & IMS Stack Explained
 
EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHOD
EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHODEXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHOD
EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHOD
 
EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHOD
EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHODEXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHOD
EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHOD
 
Communication between PLC different vendors using OPC server improved with ap...
Communication between PLC different vendors using OPC server improved with ap...Communication between PLC different vendors using OPC server improved with ap...
Communication between PLC different vendors using OPC server improved with ap...
 
Service provider and content aware network provider cross layer optimisation ...
Service provider and content aware network provider cross layer optimisation ...Service provider and content aware network provider cross layer optimisation ...
Service provider and content aware network provider cross layer optimisation ...
 
Extended distributed uml based protocol
Extended distributed uml based protocolExtended distributed uml based protocol
Extended distributed uml based protocol
 
Attach flow &amp; srb
Attach flow &amp; srbAttach flow &amp; srb
Attach flow &amp; srb
 

Recently uploaded

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 

Recently uploaded (20)

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 

Peppol online ws. 3 start and agreements

  • 1. PEPPOLWorkshop – START and Agreements Martin Forsberg, Ecru Consulting Mikael Aksamit, Tickstar AB
  • 2. The PEPPOL project The PEPPOL project is the result of the European Competitiveness and Innovation Programme (CIP) ICT Policy Support Programme (ICTPSP) 2007 and 2009 Call for Proposals Pilot A objective: Enabling EU-wide public eProcurement 50% EU contribution for achieving interoperability Coordinated by the Norwegian Agency for Public Management and eGovernment (Difi) Consortium and scope: 18 beneficiaries from 12 countries Total budget 30,8 M€ 8 work packages, <1.600 person months and 10 M€ on sub-contractors Project start up: 1 May 2008, duration 48 months* *Current project duration is 42 months (+6 months extension subject to European Commission's approval)
  • 3. Any supplier (incl. SMEs) in the EU can communicateelectronically with any European contracting authority for all procurement processes. The PEPPOL Vision 3
  • 5. Page 5 Provider Agreements and Governance
  • 6.
  • 7. This presentation will only give a short introductionPage 6
  • 8. Regional domain Regional domain AP AP Contracting Authority Economic Operator SMP SMP SML Coordinating Authority Regional Authority Two levels of governance Provides European wide governance for: the PEPPOL Technical Standards the PEPPOL Service Specifications the PEPPOL SML the PEPPOL Agreements Provides regional governance for: the implementation and use of the transport infrastructure the legal framework for specific AP and SMP agreements specific requirements applicable within a domain
  • 9. PEPPOL Transport Infrastructure Agreements The aim of the PEPPOL Transport Infrastructure Agreements is to regulate the roles and responsibilities of the actors involved in the governance and operation of the PEPPOL transport infrastructure. Three separate agreements with a common set of annexes. Contact points Definitions Service and Service Levels Technical Standards Regional domain and its specific services and service levels Change Procedures The PEPPOL Governance Model and model agreements
  • 10.
  • 11. Key principles Inspired by other initiatives, but reflects the uniqueness of the PEPPOL initiative: An open community where interoperability is achieved through common specification and not point-to-point agreements. The PEPPOL Transport Infrastructure Agreements provides governance for the PEPPOL Transport Infrastructure based on: a European wide coordination over all common components of the transport infrastructure; a regional coordination and supervision of the implementation and use of the transport infrastructure within a domain; and open and transparent provision of SML, SMP and AP services based on a common set of agreements as well as common definition of services and service levels.
  • 12. PEPPOL Transport Infrastructure Agreements PEPPOL Community Agreement “… terms and conditions under which the Parties shall provide governance for the PEPPOL Transport Infrastructure.” A model agreement regulating the “… terms and conditions under which: the PEPPOL AP Provider shall provide the required PEPPOL AP Services; the PEPPOL Regional Authority shall ensure  that the services provided by the PEPPOL AP Provider are provided and maintained in a reliable, professional and state of the art manner, in compliance with all applicable laws and all relevant technical specifications, to ensure consistency across the full PEPPOL Transport Infrastructure .” A model agreement regulating the “… terms and conditions under which: the PEPPOL SMP Provider shall provide the required PEPPOL SMP Services; the PEPPOL Regional Authority shall ensure that the services provided by the PEPPOL SMP Provider are provided and maintained in a reliable, professional and state of the art manner, in compliance  with all applicable laws and all relevant technical specifications, to ensure consistency across the full PEPPOL Transport Infrastructure.” PEPPOL AP Provider Agreement Coordinating Authority I.e. PEPPOL GB Regional Authority E.g. VM SMP Provider E.g. ITELLA AP Provider E.g. ITELLA PEPPOL SMP Provider Agreement
  • 13. Page 12 START – Secure Trusted Asynchronous Reliable Transport
  • 14. Goals START SecureTrusted Asynchronous Reliable Transport A SOAP-based profile that offers secure and reliable delivery of messages between Access Points. START Access Point (START AP) Communicates in a peer-to-peer manner with other START APs Derives endpoints to other START APs through SMP-lookups Can offer other transport profiles, but MUST always offer START Restricted usage of standards to achieve interoperability
  • 15. Goals of START Profile A single profile that implementers can follow and therefore gain access to the infrastructure Define a simple, interoperable communications pattern Ensure messages reliable delivered between Access Points Ensure confidentiality using transport-level encryption Ensure integrity and authenticity of received messages by signature validation Content of transferred messages is opaque for the Access Points
  • 16. Technology in profile 15 START Profile A set of well-known standard, to be strictly used to ensure interoperability SOAP 1.1 WS-Addressing 1.0 WS-Security 1.1 WS-Transfer WS-ReliableMessaging 1.1 SAML 2.0
  • 17. Typical flow SML SMP Company 2 (C2) Company 1 (C1) 2. START Access Point 2 (AP2) 4. 1. 3. 3 (5). START Access Point 1 (AP1)
  • 18. Typical flow Message is created by C1 and transferred to AP1, containing necessary identifiers AP1 does a SML/SMP-lookup to find out location of AP2 (where the receiver C2 is located behind) AP1 prepares any tokens it needs to include in transfer and calculates the SAML 2.0 assertions AP1 adds identifiers to SOAP headers and signs message AP1 uses WS-ReliableMessaging and TLS to transfer message to AP2 AP2 can deliver message to C2 in a synchronous or asynchronous manner, in either case a proof-of-delivery needs to be returned at some point to AP1 AP1 log signed proof of delivery
  • 19. Sequence of a typical flow
  • 20. Page 19 Security overview Timestamp with 5 minutes expiration Message Authentication and Integrity START AP Certificate must be included SAML 2.0 Assertions Due to the complexity and size of the SOAP-Envelopes, an in-depth analysis will be held during the Face2Face meeting the 18th of April.
  • 21. Page 20 Types of SAML Assertions Sender-Vouches Used when sender AP itself have authenticated the sender Sender AP both issues and signs the token, authenticating the senders identity Receiving AP must trust the sending AP regarding authentication of sender Holder-of-key Trusted 3rd parties authenticate the sender on behalf of the sending AP SAML assertion issued and signed by a 3rd party
  • 22. Receiving START AP Page 21 Must validate the message signature and security tokens Test of validity of period (timestamp expiration) Trust in certificate issuer Check revocation status of certificates In return the receiving START AP must sign and include its certificate in any responses. Sending AP have the possibility to verify that returned certificate is the same that was included in SMP reply.
  • 23. SOAP Faults Page 22 In case of error in the transaction the START AP can return 5 faults Channel Full Fault Unknown Endpoint Security Error Document Type Not Accepted Server Error The detailed information about fault handling in the START specification contains contradictions. A corrigendum will be issued shortly.
  • 24. Environment Page 23 Previous version of Metro WS Framework contained a bug! It is essential to upgrade Metro, to version 2.1 Similar bug may exist in .NET WCF (unconfirmed!) Environments proven to work GlassFish 2.1.1 with Metro 2.1, Windows and Linux Tomcat 6 with Metro 2.1, Linux
  • 25. About the certificates Page 24 Three certificates can be issued START AP Certificate SMP Certificate Security Token Service (STS) Certificate START AP Certificate Used to authenticate START AP (both sending and receiving) Can be attached in SMP responses Can be used to authenticate the sender SMP Certificate Used to authenticate response from SMP service Used for client authentication when managing SML Security Token Service Certificate Used in a “holder-of-key”-scenario by a 3rd party
  • 26. Certificate Hierarchy Page 25 Hierarchy of certificates One Root CA Three Intermediate CAs
  • 27. Certificate Revocation Page 26 Certificates are issued by Verisign on behalf of the PEPPOL consortium. Certificates can be revoked by the issuer Certificate still looks valid Needs to be checked against revocation list (usually a mechanism not enabled by default in most application servers) Can be solved by: Certificate Revocation List (CRL) Online Certificate Status Protocol (OCSP)
  • 29. eProcurementwithout borders in Europe www.peppol.eu