OASIS ebXML Messaging Services TC

Proposal to Profile ebMS v3 (On behalf of Timothy Bennett, Drummond Group)

  • 1.  Proposal to Profile ebMS v3 (On behalf of Timothy Bennett, Drummond Group)

    Posted 02-19-2008 12:00
    To: Ian Jones, Chair of ebXML Messaging Services TC
    
    A group of B2B industry leaders representing Cisco Systems, the
    Drummond Group, Extol International, and Sterling Commerce would like
    to propose the formation of a subproject within the ebXML Messaging
    Services TC with the intention of developing and publishing a profile
    of the ebMS v3.0 specification.
    
    This profile will leverage the existing work done by the ebXML MS TC
    to provide guidance for a standardized methodology for the secure and
    document-agnostic exchange of B2B payloads using a Web services
    platform. By constraining the ebMS v3.0 specification and the
    underlying WS-I profiles for messaging packaging, transport, security,
    and non-repudiation, the proposed profile will focus on providing an
    entry-level on-ramp for Web services B2B messaging. The end goal of
    this profile development is to replicate and strategically extend the
    existing functional requirements currently satisfied by RFC4130 (AS2)
    by mapping those requirements onto the Web services platform. We
    believe that the ebMS v3.0 provides a robust specification and a
    respected standards body, and much of the work done by this TC can be
    leveraged for this business need.
    
    The group proposing this profile see the business value of such a
    profile and are committed to authoring the profile under the guidance
    and support of the TC. The companies represented above have committed
    to development of the profile, implementing the profile in
    product-with-version, and participation in a full matrix
    interoperability test.
    
    Last year, a group of B2B software vendors had a series of technical
    discussions to formulate an initial set of functional requirements
    that would comprise a secure, document-agnostic Web services B2B
    messaging standard. The following is a summary of those requirements
    that had general consensus among the participants:
    
    + All messages must use SOAP 1.1 enveloping structure
    + SOAP 1.1, WS-Security, SOAP w/Attachments, and WS-Addressing were
    identified as the fundamental underlying WS-* specifications.
    + WS-I Basic Profile, WS-I Basic Security Profile, and WS-I
    Attachments Profile were identified as relevant WS-* profiles to
    leverage.
    + All business document payloads must be transmitted in the message as
    SOAP Attachments and are to be agnostic with respect to any SOAP
    operations or WSDL definitions.
    + No payloads will be included in the SOAP body element
    + Multiple document payloads may be supported
    + Application of payload compression may be supported, and if so must
    occur prior to attaching the document and prior to the application to
    any message-level security
    + The use of WS-Addressing header constructs in order to facilitate
    route and endpoint identification of exchange messages, and to relate
    request-reply message exchange patterns.
    + Support for message-level security including various combinations of
    XML Dsig and/or XML Encryption as governed by WS-Security, constrained
    to use only X.509 security tokens and detached signatures only.
    + Support for business non-repudiation acknowledgements similar to
    RFC3798 (MDN)
    + Support for only the One-Way/Push (synchronous and asynchronous) and
    the Two-Way/Push-and-Push (asynchronous only) MEPs.
    
    After reviewing these initial functional requirements, it was readily
    apparent that these requirements overlapped with the existing protocol
    specified by RFC4130 (AS2). With the recent publication of the ebMS v3
    specification, it was also clear that ebMS v3 shared some common
    ground with these requirements as well. As such we believe a profile
    that maps these requirements onto the ebMS v3 specification will not
    only provide businesses with a simplified on-ramp to Web services B2B
    messaging (including verticals that might wish to migrate from AS2 to
    Web services), but could serve as a pre-cursor to a full
    implementation of the ebMS v3 specification.
    
    The technical discussions further produced an initial generalized
    roadmap of the evolution of the profile development in different
    phases:
    
    Phase I: Basic Web services Transport and Security =E2=80=93 WS-I, SOAP 1=
    .1,
    SwA, WS-Security, and WS-Addressing are focal points, with simple
    document-agnostic message exchange choreograhies with and without
    business non-repudiation.
    
    Phase II: Advanced Web services B2B Topics =E2=80=93 Quality of Service
    concerns (Reliable Messaging), Very Large Message exchange, and
    perhaps more complex message exchange choreographies.
    
    Phase III: Niche Functionality =E2=80=93 SOAP 1.2, Secure Conversations, =
    and
    other WS-* specs such as Trust, Identity, Policy, etc.
    
    If these requirements are actualized by our proposed ebMS v3 profile,
    the phased evolution of this extended functionality could be realized
    in either a full implementation of the ebMS v3 specification or by
    extending the initial profile.
    
    We thank this TC ahead of time for considering this proposal and we
    welcome any comments or feedback.
    
    Sincerely,
    
    Timothy Bennett, Drummond Group
    John Voss, Cisco Systems
    Mark Denchy, Extol International
    Mike Maxwell, Sterling Commerce