OASIS Business Document Exchange (BDXR) TC

Hello,

If the TC is meeting this week,  I would like to attend and briefly
discuss with you some topics related to BDX SMP.

1. Client authentication

SMP 2.0 section 5.6.1 already allows client authentication, but leaves
it to implementations or user communities:  “Likewise, client-side
authentication MAY be supported by a Service Metadata Publishing service
pending infrastructure requirements and policies.”  This requirement has
come up as a priority in some projects. Does the TC have information on
known requirements in other communities and on adopted solutions for
client-side authentication?  Should this remain left to implementations
or is there a need for standardized solutions?  This is mentioned in TC
meeting minutes as a topic for an SMP 2.1.

2.  SMP use not involving BDXL

While SMP is designed for, and typically used in, four-corner networks
in combination with BDXL using the identity of the final (“c4”)
recipient as entry point, other use cases are possible. In some
situations the identity of the access service (“c3”) is known from other
registries or catalogs and usable as discovery key instead of the final
recipient. Small, closed networks could even use a single “well-known”
SMP.  Is there an interest in further describing/specifying such use case?

3.  Application-specific certificates

SMP 2.0 allows multiple types of certificates to be associated with an
Endpoint. One requirement that comes up from time to time is to store
application level certificates, specifically end-to-end (c4) encryption
certificates. Is the TC aware of other users where this requirement has
come up? Should this remain left to implementations or is there a case
for standardized solutions?

4. SMP for information on senders

SMP is typically used by senders to discover messaging configuration
information about receivers.  Some networks are looking at discovering
information about senders, for example, sender certificates.  There are
many known alternative solutions; I’m interested in any situations where
SMP was considered.

5.  Guidance on matching party identifier to certificates

Some communities want to define constraints  on the use of identity data
in ParticipantID and information in the certificate.  Could there be a
defined set of constraints that SMP clients and server should be able to
(optionally) support?  This would facilitate and increase choice of
solution providers.  Not specifically an SMP question, also applies to
messaging.

Best regards,

Pim

Original Message:
Sent: 6/2/2025 3:46:00 PM
From: Pim van der Eijk
Subject: SMP questions

Hello,

If the TC is meeting this week,  I would like to attend and briefly
discuss with you some topics related to BDX SMP.

1. Client authentication

SMP 2.0 section 5.6.1 already allows client authentication, but leaves
it to implementations or user communities:  “Likewise, client-side
authentication MAY be supported by a Service Metadata Publishing service
pending infrastructure requirements and policies.”  This requirement has
come up as a priority in some projects. Does the TC have information on
known requirements in other communities and on adopted solutions for
client-side authentication?  Should this remain left to implementations
or is there a need for standardized solutions?  This is mentioned in TC
meeting minutes as a topic for an SMP 2.1.

2.  SMP use not involving BDXL

While SMP is designed for, and typically used in, four-corner networks
in combination with BDXL using the identity of the final (“c4”)
recipient as entry point, other use cases are possible. In some
situations the identity of the access service (“c3”) is known from other
registries or catalogs and usable as discovery key instead of the final
recipient. Small, closed networks could even use a single “well-known”
SMP.  Is there an interest in further describing/specifying such use case?

3.  Application-specific certificates

SMP 2.0 allows multiple types of certificates to be associated with an
Endpoint. One requirement that comes up from time to time is to store
application level certificates, specifically end-to-end (c4) encryption
certificates. Is the TC aware of other users where this requirement has
come up? Should this remain left to implementations or is there a case
for standardized solutions?

4. SMP for information on senders

SMP is typically used by senders to discover messaging configuration
information about receivers.  Some networks are looking at discovering
information about senders, for example, sender certificates.  There are
many known alternative solutions; I’m interested in any situations where
SMP was considered.

5.  Guidance on matching party identifier to certificates

Some communities want to define constraints  on the use of identity data
in ParticipantID and information in the certificate.  Could there be a
defined set of constraints that SMP clients and server should be able to
(optionally) support?  This would facilitate and increase choice of
solution providers.  Not specifically an SMP question, also applies to
messaging.

Best regards,

Pim

Original Message:
Sent: 6/3/2025 3:29:00 AM
From: Sander Fieten
Subject: RE: SMP questions

Hi Pim,

these are interesting questions with regards to the use of the SMP specification and it would be good to discuss if and how these can be addressed in a new version of the specification. As we have a TC meeting scheduled for tomorrow, this would be a good opportunity to have a first talk on this.

--

Groet,
Viele Grüße,
Regards,

Sander Fieten

T: +31 6 51 50 78 86
W: www.chasquis-consulting.com

Holodeck B2B | AS4 | SMP | eDelivery Consultancy

Original Message:
Sent: 6/2/2025 3:46:00 PM
From: Pim van der Eijk
Subject: SMP questions

Hello,

If the TC is meeting this week,  I would like to attend and briefly
discuss with you some topics related to BDX SMP.

1. Client authentication

SMP 2.0 section 5.6.1 already allows client authentication, but leaves
it to implementations or user communities:  “Likewise, client-side
authentication MAY be supported by a Service Metadata Publishing service
pending infrastructure requirements and policies.”  This requirement has
come up as a priority in some projects. Does the TC have information on
known requirements in other communities and on adopted solutions for
client-side authentication?  Should this remain left to implementations
or is there a need for standardized solutions?  This is mentioned in TC
meeting minutes as a topic for an SMP 2.1.

2.  SMP use not involving BDXL

While SMP is designed for, and typically used in, four-corner networks
in combination with BDXL using the identity of the final (“c4”)
recipient as entry point, other use cases are possible. In some
situations the identity of the access service (“c3”) is known from other
registries or catalogs and usable as discovery key instead of the final
recipient. Small, closed networks could even use a single “well-known”
SMP.  Is there an interest in further describing/specifying such use case?

3.  Application-specific certificates

SMP 2.0 allows multiple types of certificates to be associated with an
Endpoint. One requirement that comes up from time to time is to store
application level certificates, specifically end-to-end (c4) encryption
certificates. Is the TC aware of other users where this requirement has
come up? Should this remain left to implementations or is there a case
for standardized solutions?

4. SMP for information on senders

SMP is typically used by senders to discover messaging configuration
information about receivers.  Some networks are looking at discovering
information about senders, for example, sender certificates.  There are
many known alternative solutions; I’m interested in any situations where
SMP was considered.

5.  Guidance on matching party identifier to certificates

Some communities want to define constraints  on the use of identity data
in ParticipantID and information in the certificate.  Could there be a
defined set of constraints that SMP clients and server should be able to
(optionally) support?  This would facilitate and increase choice of
solution providers.  Not specifically an SMP question, also applies to
messaging.

Best regards,

Pim