Standard Details

Electronic business eXtensible Markup Language (ebXML)

Titre manque

General Information

Status
Published
Current Stage
Ref Project

Buy Standard

Draft
ISO/DIS 15000-2:Version 25-apr-2020 - Electronic business eXtensible Markup Language (ebXML)
English language
49 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
ISO/PRF 15000-2 - Electronic business eXtensible Markup Language (ebXML)
English language
56 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

DRAFT INTERNATIONAL STANDARD
ISO/DIS 15000-2
ISO/TC 154 Secretariat: SAC
Voting begins on: Voting terminates on:
2020-04-16 2020-07-09
Electronic business eXtensible Markup Language
(ebXML) —
Part 2:
Applicability Statement (AS) profile of ebXML messaging
service
ICS: 35.040.50
THIS DOCUMENT IS A DRAFT CIRCULATED
This document is circulated as received from the committee secretariat.
FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
NOT BE REFERRED TO AS AN INTERNATIONAL
STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
FAST TRACK PROCEDURE
BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
Reference number
NATIONAL REGULATIONS.
ISO/DIS 15000-2:2020(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION. ISO 2020
---------------------- Page: 1 ----------------------
ISO/DIS 15000-2:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/DIS 15000-2:2020(E)
Contents

Foreword................................................................................................................................ vii

Introduction ............................................................................................................................. ix

1 Scope ................................................................................................................................... 1

2 Normative References .......................................................................................................... 2

3 Terms and Definitions ........................................................................................................... 4

4 AS4 Conformance Profiles for ebMS V3 Core Specification ................................................. 5

4.1 General .......................................................................................................................... 5

4.2 The AS4 ebHandler Conformance Profile ...................................................................... 5

4.2.1 General .................................................................................................................... 5

4.2.2 Feature Set .............................................................................................................. 5

4.2.3 WS-I Conformance Profiles ..................................................................................... 8

4.2.4 Processing Mode Parameters ................................................................................. 8

4.2.4.1 General ........................................................................................................................................................... 8

4.2.4.2 General P-Mode parameters........................................................................................................................... 8

4.2.4.3 PMode[1].Protocol .......................................................................................................................................... 9

4.2.4.4 PMode[1].BusinessInfo ................................................................................................................................... 9

4.2.4.5 PMode[1].ErrorHandling ................................................................................................................................. 9

4.2.4.6 PMode[1].Reliability ........................................................................................................................................ 9

4.2.4.7 PMode[1].Security ........................................................................................................................................... 9

4.3 The AS4 Light Client Conformance Profile ................................................................... 10

4.3.1 General .................................................................................................................. 10

4.3.2 Feature Set ............................................................................................................ 10

4.3.3 WS-I Conformance Requirements ......................................................................... 12

4.3.4 Processing Mode Parameters ............................................................................... 12

4.3.4.1 General ......................................................................................................................................................... 12

4.3.4.2 General P-Mode parameters......................................................................................................................... 13

4.3.4.3 PMode[1].Protocol ........................................................................................................................................ 13

4.3.4.4 PMode[1].BusinessInfo ................................................................................................................................. 13

4.3.4.5 PMode[1].ErrorHandling ............................................................................................................................... 13

4.3.4.6 Pmode[1].Reliability ...................................................................................................................................... 14

4.3.4.7 PMode[1].Security ......................................................................................................................................... 14

4.4 The AS4 Minimal Client Conformance Profile .............................................................. 15

4.4.1 General .................................................................................................................. 15

4.4.2 Feature Set ............................................................................................................ 15

4.4.3 WS-I Conformance Requirements ......................................................................... 16

4.4.4 Processing Mode Parameters ............................................................................... 16

4.4.4.1 General ......................................................................................................................................................... 16

4.4.4.2 General P-Mode parameters......................................................................................................................... 16

4.4.4.3 PMode[1].Protocol ........................................................................................................................................ 17

4.4.4.4 PMode[1].BusinessInfo ................................................................................................................................. 17

4.4.4.5 PMode[1].ErrorHandling ............................................................................................................................... 17

© ISO 2020 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/DIS 15000-2:2020(E)

4.4.4.6 Pmode[1].Reliability ...................................................................................................................................... 17

4.4.4.7 Pmode[1].Security ......................................................................................................................................... 18

4.5 Conformance Profiles Compatibility ............................................................................. 18

5 AS4 Additional Features ..................................................................................................... 19

5.1 General ........................................................................................................................ 19

5.2 Compression ................................................................................................................ 19

5.3 Reception Awareness features and Duplicate Detection .............................................. 20

5.4 Alternative Pull Authorization ........................................................................................ 21

5.5 Semantics of Receipt in AS4 ........................................................................................ 21

5.6 Sub-channels for Message Pulling ............................................................................... 22

5.7 Additional Features Errors ............................................................................................ 23

6 Complementary Requirements for the AS4 Multi-Hop Profile General ............................... 24

6.1 Rationale and Context .................................................................................................. 24

6.2 General Constraints ..................................................................................................... 25

6.3 Processing Mode Parameter ........................................................................................ 26

6.4 AS4 Endpoint Requirements ........................................................................................ 26

7 AS4 Usage Profile of ebMS 3.0 Core Specification ............................................................ 28

7.1 General ........................................................................................................................ 28

7.2 AS4 Usage Rules ......................................................................................................... 28

7.2.1 Core Components / Modules to be Used ............................................................... 28

7.2.2 Bundling rules ........................................................................................................ 29

7.2.3 Security Element.................................................................................................... 30

7.2.4 Signing Messages ................................................................................................. 30

7.2.5 Signing SOAP with Attachments Messages .......................................................... 30

7.2.6 Encrypting Messages ............................................................................................ 30

7.2.7 Encrypting SOAP with Attachments Messages ...................................................... 31

7.2.8 Generating Receipts .............................................................................................. 31

7.2.9 MIME Header and Filename information ............................................................... 32

7.3 AS4 Usage Agreements ............................................................................................... 32

7.4 General ........................................................................................................................ 32

7.4.1 AS4 Usage Agreement Parameters ....................................................................... 33

7.4.2 Controlling Content and Sending of Receipts ........................................................ 33

7.4.3 Error Handling Options .......................................................................................... 33

7.4.4 Securing the PullRequest ...................................................................................... 34

7.4.5 Reception Awareness Parameters ......................................................................... 35

7.4.6 Default Values of Some P-Mode Parameters ........................................................ 36

7.4.7 HTTP Confidentiality and Security ......................................................................... 37

7.4.8 Deployment and Processing requirements for CPAs ............................................. 37

7.4.9 Message Payload and Flow Profile ........................................................................ 38

iv © ISO 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/DIS 15000-2:2020(E)

7.4.10 Additional Deployment or Operational Requirements .......................................... 38

8 Conformance Clauses ........................................................................................................ 39

8.1 General ........................................................................................................................ 39

8.2 AS4 ebHandler Conformance Clause .......................................................................... 39

8.3 AS4 Light Client Conformance Clause ......................................................................... 39

8.4 AS4 Minimal Client Conformance Clause ..................................................................... 39

8.5 AS4 Minimal Sender Conformance Clause .................................................................. 40

8.6 AS2/AS4 ebHandler Conformance Clause ................................................................... 40

8.7 AS4 Multi-Hop Endpoint Conformance Clause ............................................................. 40

Appendix A Sample Messages (Informative) ......................................................................... 41

Appendix A.1 User Message .............................................................................................. 41

Appendix A.2 User Message with Compressed Payload .................................................... 42

Appendix A.3 Non-Repudiation of Receipt (Informative) .................................................... 43

Appendix A.4 Pull Request Signal Message ....................................................................... 44

Appendix B Generating an AS4 Receipt (Informative) ........................................................... 46

Appendix C Document Origin (Informative) ........................................................................... 49

Bibliography ........................................................................................................................... 50

© ISO 2020 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/DIS 15000-2:2020(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies

(ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical

committees. Each member body interested in a subject for which a technical committee has been established

has the right to be represented on that committee. International organizations, governmental and non-

governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International

Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are described in

the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO

documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC

Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent

rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights

identified during the development of the document will be in the Introduction and/or on the ISO list of patent

declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not constitute

an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions

related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization

(WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.

This document was prepared by the OASIS ebXML Messaging Services Technical Committee, originally as “OASIS

AS4 Profile of ebMS 3.0 Version 1.0”, and is submitted to ISO/TC 154, Processes, data elements and documents

in commerce, industry and administration.

This submission is a new ebXML specification that does not cancel or replace any existing part of ISO 15000.

The main changes compared to the previous edition of ISO 15000 are as follows:

• The original ISO 15000-2 (2004) specification for ebXML Messaging (ebMS) has been updated and

refactored into multiple parts, including the “Core” specification for ebMS, submitted separately to

ISO/TC 154 to become ISO 15000-1 (2019).

• This new separate “AS4 Profile of ebMS 3.0 Version 1.0.”, which is to become a new ISO 15000-2 (2019),

provides a select limited profile of the ebMS3 specification sufficient for Web Services business-to-

business messaging applications over the HTTP transport protocol. As described in 48this specification

was originally developed within the OASIS ebXML Messaging Service TC as a separate specification.

• This document profiles the basic (and some optional) ebMS3 features necessary for reliable electronic

messaging and the transactional interactions that support such messaging.

• This document noted the availability of several newer methodologies, represented by normative

references and nonnormative bibilographic references included here, that were not available as of the

2004 version.
vi © ISO 2020 – All rights reserved
---------------------- Page: 6 ----------------------
ISO/DIS 15000-2:2020(E)
A list of all parts in the ISO 15000 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www.iso.org/members.html.
© ISO 2020 – All rights reserved vii
---------------------- Page: 7 ----------------------
ISO/DIS 15000-2:2020(E)
Introduction

Historically, the platform for mission-critical business-to-business (B2B) transactions has steadily

moved from proprietary value-added networks (VANs) to Internet-based protocols free from the data

transfer fees imposed by the VAN operators. This trend has been accelerated by lower costs and

product ownership, a maturing of technology, internationalization, widespread interoperability, and

marketplace momentum. The exchange of EDI business documents over the Internet has substantially

increased along with a growing presence of XML and other document types such as binary and text

files.

The Internet messaging services standards that have emerged provide a variety of options for end

users to consider when deciding which standard to adopt. These include pre-Internet protocols, the

EDIINT series of IETF RFC 3355 AS1, IETF RFC 4130 AS2 and IETF RFC 4823 AS3, simple XML

over HTTP, government specific frameworks, OASIS ebMS 2.0, and Web Services variants. As

Internet messaging services standards have matured, new standards are emerging that leverage prior

B2B messaging services knowledge for applicability to Web Services messaging.

The emergence of the OASIS ebMS 3.0 Standard, now ISO 15000-1:2019, represents a leap forward

in Web Services B2B messaging services by meeting the challenge of composing many Web Services

standards into a single comprehensive specification for defining the secure and reliable exchange of

documents using Web Services. The ebMS 3.0 standard composes the fundamental Web Services

standards W3C SOAP 1.1, W3C SOAP 1.2, W3C SOAP with Attachments, OASIS WS-Security 1.0

and 1.1, W3C WS-Addressing, and the OASIS reliable messaging standards WS-Reliability 1.1 and

WS-ReliableMessaging - currently at version 1.2, together with guidance for the packaging of

messages and receipts along with definitions of messaging choreographies for orchestrating

document exchanges.

Like AS2, ebMS 3.0 brings together many existing standards that govern the packaging, security, and

transport of electronic data under the umbrella of a single specification document. While ebMS 3.0

represents a leap forward in reducing the complexity of Web Services B2B messaging, the

specification still contains numerous options and comprehensive alternatives for addressing a variety

of scenarios for exchanging data over a Web Services platform.

In order to fully take advantage of the AS2 success story, this profile of the ebMS 3.0 specification has

been developed. Using ebMS 3.0 as a base, a subset of functionality has been defined along with

implementation guidelines adopted based on the “just-enough” design principles and AS2 functional

requirements to trim down ebMS 3.0 into a more simplified and AS2-like specification for Web

Services B2B messaging. The main benefits of AS4 compared to AS2 are:
● Compatibility with Web services standards.
● Message pulling capability.
● A built-in Receipt mechanism

AS4 also provides a Minimal Client conformance profile that supports data exchanges that have

lower-end requirements and do not require (the equivalent of) some of the more advanced capabilities

of AS2 and ebMS 3.0, such as support for multiple payloads, message receipts and signing or

encryption of messages and receipts.
Profiling ebMS V3 means:
● Defining a subset of ebMS V3 options to be supported by the AS4 handler.

● Deciding which types of message exchanges shall be supported, and how these exchanges

should be conducted (level of security, binding to HTTP, etc.).

● Deciding of AS4-specific message contents and practices (how to make use of the ebMS

message header fields, in an AS4 context).
viii © ISO 2020 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/DIS 15000-2:2020(E)
● Deciding of some operational best practices, for the end-user.
The overall goal of a profile for a standard is to ensure interoperability by:

● Establishing particular usage and practices of the standard within a community of users.

● Defining the subset of features in this standard that needs to be supported by an

implementation.

Two kinds of profiles are usually to be considered when profiling an existing standard:

1. Conformance Profiles. These define the different ways a product can conform to a standard,

based on specific ways to implement this standard. A conformance profile is usually associated

with a specific conformance clause. Conformance profiles are of prime interest for product

managers and developers: they define a precise subset of features to be supported.

2. Usage Profiles (also called Deployment Profiles). These define how a standard should be

used by a community of users, in order to ensure best compatibility with business practices

and interoperability. Usage profiles are of prime interest for IT end-users: they define how to

configure the use of a standard (and related product) as well as how to bind this standard to

business applications. A usage profile usually points at required or compatible conformance

profile(s).
AS4 is defined as a combination of:

● Three primary AS4 conformance profiles (see section 4) that define three subsets of ebMS V3

features, at least one of which is to be supported by an AS4 implementation.
● A set of additional features (see section 17).

● An optional complementary conformance profile (see section 22) that specifies how to use AS4

endpoints with ebMS 3.0 intermediaries. This is based on a simplified subset of the multi-hop

messaging feature defined in the OASIS ebMS 3.0 Part 2, Advanced Features specification.

● An AS4 Usage Profile (see section 26) that defines how to use an AS4-compliant
implementation in order to achieve similar functions as specified in AS2.
The three primary AS4 conformance profiles (CP) are defined below:

(1) The AS4 ebHandler CP. This conformance profile supports both Sending and Receiving roles, and for each

role both message pushing and message pulling.

(2) The AS4 Light Client CP. This conformance profile supports both Sending and Receiving roles, but only

message pushing for Sending and message pulling for Receiving. In other words, it does not support incoming

HTTP requests, and may have no fixed IP address.

(3) The AS4 Minimal Client CP. Like the Light Client CP, this conformance profile does not support the push

transport channel binding for the Receiving role and therefore does not require HTTP server capabilities. As its

name indicates, this CP omits all but a minimal set of features.
Compatible existing conformance profiles for ebMS V3 are:

● Gateway RM V3 or Gateway RX V3: a Message Service Handler (MSH) implementing any of

these profiles will also be conforming to the AS4 ebHandler CP (the reverse is not true).

NOTE: Full compliance to AS4 actually requires and/or authorizes a message handler

to implement a few additional features beyond the above Conformance Profiles, as

described in the Conformance Section 38. These additional features are described in

Section 17.
© ISO 2020 – All rights reserved ix
---------------------- Page: 9 ----------------------
ISO/DIS 15000-2:2020(E)
1 Scope

This document describes the ISO/IEC 15000 AS4 Profile, which is Part 2 of the ISO/IEC 15000 series

of International Standards. The AS4 Profile provides a subset of the functionality ISO/15000 ebXML

Messaging Services Version 3.0 Core Specification, which is Part 1 of the ISO/IEC 15000:2019 series,

along with implementation guidelines based on the “just-enough” design principles and electronic data

interchange functional requirements to trim down ebMS 3.0 into a more simplified specification for

Web Services business-to-business messaging.
It specifies:

- Three Conformance Profiles of the ISO/15000 ebXML Messaging Services Version 3.0 Core

Specification (see section 4)
- A number of AS4 Additional Features (see section 17).
- Complementary Requirements for the AS4 Multi-Hop Profile (see section 22).

- AS4 Usage Profile of ebXML Messaging Services Version 3.0 Core Specification (see section 26)

40provides some non-normative sample messages to support implementation.

This International Standard is applicable to all types of organizations (e.g., commercial enterprises,

government agencies, not-for-profit organizations) that exchange documents or data electronically

using messaging.
© ISO 2020 – All rights reserved 1
---------------------- Page: 10 ----------------------
ISO/DIS 15000-2:2020(E)
2 Normative References

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments)

applies.

ISO 15000-1: 2019. Electronic business eXtensible Markup Language (ebXML) — Part 1: Messaging

Service 3.0 Core Specification.

INTERNET ENGINEERING TASK FORCE (IETF). RFC 1952. GZIP file format specification version

4.3. IETF RFC. May 1996. http://tools.ietf.org/html/rfc1952

INTERNET ENGINEERING TASK FORCE (IETF). RFC 2045. Multipurpose Internet Mail Extensions

(MIME) Part One: Format of Internet Message Bodies. IETF RFC. November 1996.
http://www.ietf.org/rfc/rfc2045.txt
INTERNET ENGINEERING TASK FORCE (IETF). RFC 2616. Hypertext Transfer Protocol –

HTTP/1.1. IETF RFC. June 1999. Available from http://www.ietf.org/rfc/rfc2616.txt

OASIS. OASIS ebXML Business Signals Schema, 21 December 2006. OASIS Standard.
http://docs.oasis-open.org/ebxml-bp/ebbp-signals-2.0

OASIS. OASIS ebXML Messaging Services Version 3.0: Part 2, Advanced Features. Committee

Specification 01, 19 May 2011. OASIS Committee Specification. http://docs.oasis-open.org/ebxml-

msg/ebms/v3.0/part2/201004/ebms-v3-part2.odt

OASIS. Web Services Security: SOAP Message Security 1.1. OASIS Standard incorporating

Approved Errata. 1 November 2006. Available from http://docs.oasis-open.org/wss/v1.1/wss-v1.1-

spec-errata-os-SOAPMessageSecurity.pdf

OASIS. Web Services Security UsernameToken Profile 1.1. OASIS Standard. 1 February 2006.

Available from http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-UsernameTokenProfile.pdf.

OASIS. Web Services Security X.509 Certificate Token Profile 1.1. OASIS Standard incorporating

Approved Errata. 1 November 2006. Available from http://docs.oasis-open.org/wss/v1.1/wss-v1.1-

spec-errata-os-x509TokenProfile.pdf

WEB SERVICES INTEROPERABILITY ORGANIZATION. WS-I Attachments Profile Version 1.0, WS-I

Final Material. 20 April 2004. Available from http://www.ws-i.org/Profiles/AttachmentsProfile-1.0.html

WEB SERVICES INTEROPERABILITY ORGANIZATION. Basic Profile Version 2.0, WS-I Final

Material. 9 November 2010. Available from http://ws-i.org/Profiles/BasicProfile-2.0-2010-11-09.html

...

INTERNATIONAL ISO
STANDARD 15000-2
First edition
Electronic business eXtensible
Markup Language (ebXML) —
Part 2:
Applicability Statement (AS) profile of
ebXML messaging service
PROOF/ÉPREUVE
Reference number
ISO 15000-2:2020(E)
ISO 2020
---------------------- Page: 1 ----------------------
ISO 15000-2:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii PROOF/ÉPREUVE © ISO 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO 15000-2:2020(E)
Contents

Foreword ................................................................................................................................. vi

Introduction ............................................................................................................................. vii

1 Scope ................................................................................................................................ 1

2 Normative references ........................................................................................................ 2

3 Terms and definitions......................................................................................................... 4

4 AS4 conformance profiles for ISO 15000-1:— .................................................................. 5

4.1 General ...................................................................................................................... 5

4.2 The AS4 ebHandler conformance profile .................................................................... 5

4.2.1 General ............................................................................................................... 5

4.2.2 Feature set .......................................................................................................... 5

4.2.3 WS-I conformance profiles .................................................................................. 8

4.2.4 Processing mode parameters ............................................................................. 8

General ....................................................................................................................................................... 8

General P-Mode parameters .................................................................................................................. 8

PMode[1].Protocol ...................................................................................................................................... 9

PMode[1].BusinessInfo ............................................................................................................................... 9

PMode[1].ErrorHandling ............................................................................................................................. 9

PMode[1].Reliability .................................................................................................................................. 10

PMode[1].Security ..................................................................................................................................... 10

4.3 The AS4 light client conformance profile .................................................................. 10

4.3.1 General ............................................................................................................. 10

4.3.2 Feature set ........................................................................................................ 11

4.3.3 WS-I conformance requirements ....................................................................... 13

4.3.4 Processing mode parameters ........................................................................... 13

General ..................................................................................................................................................... 13

General P-Mode parameters..................................................................................................................... 13

PMode[1].Protocol .................................................................................................................................... 14

PMode[1].BusinessInfo ............................................................................................................................. 14

PMode[1].ErrorHandling ........................................................................................................................... 14

Pmode[1].Reliability .................................................................................................................................. 14

PMode[1].Security ..................................................................................................................................... 14

4.4 The AS4 minimal client conformance profile ............................................................ 15

4.4.1 General ............................................................................................................. 15

4.4.2 Feature set ........................................................................................................ 15

4.4.3 WS-I conformance requirements ....................................................................... 16

4.4.4 Processing mode parameters ........................................................................... 18

© ISO 2020 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO 15000-2:2020(E)

General ...................................................................................................................................................... 18

General P-Mode parameters ..................................................................................................................... 18

PMode[1].Protocol ..................................................................................................................................... 18

PMode[1].BusinessInfo .............................................................................................................................. 19

PMode[1].ErrorHandling ............................................................................................................................ 19

Pmode[1].Reliability ................................................................................................................................... 19

Pmode[1].Security ..................................................................................................................................... 19

4.5 Conformance profiles compatibility ........................................................................... 19

5 AS4 additional features ................................................................................................... 21

5.1 General ..................................................................................................................... 21

5.2 Compression ............................................................................................................ 21

5.3 Reception awareness features and duplicate detection ........................................... 23

5.4 Alternative pull authorization .................................................................................... 24

5.5 Semantics of receipt in AS4 ...................................................................................... 24

5.6 Sub-channels for message pulling ........................................................................... 25

5.7 Additional features errors ......................................................................................... 26

6 Complementary requirements for the AS4 multi-hop profile ............................................ 27

6.1 General ..................................................................................................................... 27

6.2 Rationale and context ............................................................................................... 27

6.3 General constraints .................................................................................................. 28

6.4 Processing mode parameter .................................................................................... 29

6.5 AS4 Endpoint requirements ...................................................................................... 29

7 AS4 usage profile of ISO 15000-1 ................................................................................... 31

7.1 General ..................................................................................................................... 31

7.2 AS4 usage rules ....................................................................................................... 31

7.2.1 Core components / modules to be used ............................................................ 31

7.2.2 Bundling rules ................................................................................................... 32

7.2.3 Security element................................................................................................ 33

7.2.4 Signing messages ............................................................................................. 33

7.2.5 Signing SOAP with attachments messages ...................................................... 34

7.2.6 Encrypting messages ........................................................................................ 34

7.2.7 Encrypting SOAP with attachments messages ................................................. 35

7.2.8 Generating receipts ........................................................................................... 35

7.2.9 MIME header and filename information ............................................................. 37

7.3 AS4 usage agreements ............................................................................................ 37

7.3.1 General ............................................................................................................. 37

iv © ISO 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO 15000-2:2020(E)

7.3.2 AS4 usage agreement parameters ................................................................... 37

7.3.3 Controlling content and sending of receipts ...................................................... 37

7.3.4 Error handling options ....................................................................................... 38

7.3.5 Securing the pull request .................................................................................. 39

7.3.6 Reception awareness parameters ..................................................................... 41

7.3.7 Default values of some P-Mode parameters ..................................................... 41

7.3.8 HTTP confidentiality and security ...................................................................... 42

7.3.9 Deployment and processing requirements for CPAs ......................................... 43

7.3.10 Message payload and flow profile ..................................................................... 43

7.3.11 Additional deployment or operational requirements .......................................... 44

8 Conformance statements ............................................................................................... 45

8.1 General .................................................................................................................... 45

8.2 AS4 ebHandler conformance ................................................................................... 45

8.3 AS4 light client conformance .................................................................................... 45

8.4 AS4 Minimal client conformance .............................................................................. 46

8.5 AS4 minimal sender conformance............................................................................ 46

8.6 AS2/AS4 ebHandler conformance............................................................................ 46

8.7 AS4 Multi-Hop endpoint conformance ...................................................................... 46

Annex A Sample messages (informative) ........................................................................... 47

A.1 General .................................................................................................................... 47

A.2 User message .............................................................................................................. 47

A.3 User message with compressed payload ..................................................................... 48

A.4 Non-repudiation of receipt ............................................................................................ 49

A.5 Pull request signal message ......................................................................................... 50

Annex B Generating an AS4 receipt (informative) ............................................................... 52

Bibliography ............................................................................................................................ 55

© ISO 2020 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO 15000-2:2020(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO

collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see

www.iso.org/iso/foreword.html.

This document was prepared by the OASIS ebXML Messaging Services Technical Committee (as “OASIS

AS4 Profile of ebMS 3.0 Version 1.0”) and drafted in accordance with its editorial rules. It was assigned

to Technical Committee ISO/TC 154, Processes, data elements and documents in commerce, industry and

administration and adopted under the "fast-track procedure".
A list of all parts in the ISO 15000 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www.iso.org/members.html.
vi © ISO 2020 – All rights reserved
---------------------- Page: 6 ----------------------
ISO 15000-2:2020(E)
Introduction

Historically, the platform for mission-critical business-to-business (B2B) transactions has steadily

moved from proprietary value-added networks (VANs) to Internet-based protocols free from the data

transfer fees imposed by the VAN operators. This trend has been accelerated by lower costs and product

ownership, a maturing of technology, internationalization, widespread interoperability, and

marketplace momentum. The exchange of electronic data interchange (EDI) business documents over

the Internet has substantially increased along with a growing presence of extensible markup language

(XML) and other document types such as binary and text files.

The Internet messaging services standards that have emerged provide a variety of options for end users

to consider when deciding which standard to adopt. These include pre-Internet protocols, the EDIINT

series of IETF RFC 3355 AS1, IETF RFC 4130 AS2 and IETF RFC 4823 AS3, simple XML over hypertext

transport protocol (HTTP), government specific frameworks, OASIS ebXML messaging (ebMS) 2.0, and

web services variants. As Internet messaging services standards have matured, new standards are

emerging that leverage prior B2B messaging services knowledge for applicability to web services

messaging.

The emergence of the OASIS ebMS 3.0 Standard, now ISO 15000-1:—, represents a leap forward in Web

Services B2B messaging services by meeting the challenge of composing many web services standards

into a single comprehensive specification for defining the secure and reliable exchange of documents

using web services. ISO 15000-1:— composes the fundamental web services standards W3C SOAP 1.1,

W3C SOAP 1.2, W3C SOAP with Attachments, OASIS WS-Security 1.0 and 1.1, W3C WS-Addressing, and

the OASIS reliable messaging standards WS-Reliability 1.1 and WS-ReliableMessaging - currently at

version 1.2, together with guidance for the packaging of messages and receipts along with definitions of

messaging choreographies for orchestrating document exchanges.

Like AS2, ISO 15000-1:— brings together many existing standards that govern the packaging, security,

and transport of electronic data under the umbrella of a single specification document. While ISO

15000-1:— represents a leap forward in reducing the complexity of web services B2B messaging, the

specification still contains numerous options and comprehensive alternatives for addressing a variety of

scenarios for exchanging data over a web services platform.

In order to fully take advantage of the AS2 success story, this profile of ISO 15000-1:— has been

developed. Using ISO 15000-1:— as a base, a subset of functionality has been defined along with

implementation guidelines adopted based on the “just-enough” design principles and AS2 functional

requirements to trim down ISO 15000-1:— into a more simplified and AS2-like specification for web

services B2B messaging. The main benefits of AS4 compared to AS2 are:
● compatibility with web services standards;
● message pulling capability;
● a built-in receipt mechanism.

AS4 also provides a minimal client conformance profile that supports data exchanges that have lower-

end requirements and do not require (the equivalent of) some of the more advanced capabilities of AS2

and ISO 15000-1:—, such as support for multiple payloads, message receipts and signing or encryption

of messages and receipts.
© ISO 2020 – All rights reserved vii
---------------------- Page: 7 ----------------------
ISO 15000-2:2020(E)
Profiling ISO 15000-1:— means:
● defining a subset of ISO 15000-1:— options to be supported by the AS4 handler;

● deciding which types of message exchanges shall be supported, and how these exchanges should

be conducted (level of security, binding to HTTP, etc.);

● deciding of AS4-specific message contents and practices (how to make use of the ebMS message

header fields, in an AS4 context);
● deciding of some operational best practices, for the end-user.
The overall goal of a profile for a standard is to ensure interoperability by:

● establishing particular usage and practices of the standard within a community of users;

● defining the subset of features in this document that needs to be supported by an

implementation.

Two kinds of profiles are usually considered when profiling an existing standard:

1. Conformance profiles. These define the different ways a product can conform to a standard,

based on specific ways to implement this document. A conformance profile is usually associated

with a specific conformance statement. Conformance profiles are of prime interest for product

managers and developers: they define a precise subset of features to be supported.

2. Usage profiles (also called deployment profiles). These define how a standard should be used

by a community of users, in order to ensure best compatibility with business practices and

interoperability. Usage profiles are of prime interest for IT end-users: they define how to

configure the use of a standard (and related product) as well as how to bind this document to

business applications. A usage profile usually points at required or compatible conformance

profile(s).
AS4 is defined as a combination of:

● three primary AS4 conformance profiles (see Clause 4) that define three subsets of

ISO 15000-1:— features, at least one of which is to be supported by an AS4 implementation;

● a set of additional features (see Clause 5);

● an optional complementary conformance profile (see Clause 6) that specifies how to use AS4

endpoints with ISO 15000-1:— intermediaries. This is based on a simplified subset of the multi-

hop messaging feature defined in the ebMS 3.0 Part 2, Advanced Features specification;

● an AS4 usage profile (see Clause 7) that defines how to use an AS4-compliant implementation in

order to achieve similar functions as specified in AS2.
The three primary AS4 conformance profiles (CP) are the following:

(1) The AS4 ebHandler CP. This conformance profile supports both sending and receiving roles,

and for each role both message pushing and message pulling;

(2) The AS4 light client CP. This conformance profile supports both sending and receiving roles,

but only message pushing for sending and message pulling for receiving. In other words, it does

not support incoming HTTP requests, and may have no fixed IP address.
viii © ISO 2020 – All rights reserved
---------------------- Page: 8 ----------------------
ISO 15000-2:2020(E)

(3) The AS4 minimal client CP. Like the light client CP, this conformance profile does not support

the push transport channel binding for the receiving role and therefore does not require HTTP

server capabilities. As its name indicates, this CP omits all but a minimal set of features.

Compatible existing conformance profiles for ISO 15000-1:— are the following:

● Gateway RM V3 or Gateway RX V3: a message service handler (MSH) implementing any of these

profiles will also be conforming to the AS4 ebHandler CP (the reverse is not true).

Full compliance to AS4 actually requires and/or authorizes a message handler to implement a

few additional features beyond these conformance profiles, as described in clause 8. These

additional features are described in Clause 5.
© ISO 2020 – All rights reserved ix
---------------------- Page: 9 ----------------------
INTERNATIONALE STANDARD ISO 15000-2:2020(E)
Electronic business eXtensible Markup Language
(ebXML) —
Part 2:
Applicability Statement (AS) profile of ebXML messaging
service
1 Scope

This document describes the AS4 Profile, which provides a subset of the functionality of ISO 15000-1:—,

along with implementation guidelines based on the “just-enough” design principles and electronic data

interchange functional requirements to trim down ISO 15000-1:— into a more simplified specification

for web services business-to-business messaging.
It specifies:
- three conformance profiles of ISO 15000-1:— (see Clause 4);
- a number of AS4 additional features (see Clause 5);
- complementary requirements for the AS4 multi-hop profile (see Clause 6);
- AS4 usage profile of ISO 15000-1:— (see Clause 7);
- definitions of conformance (see Clause 8).
Annex A provides some sample messages to support implementation.
Annex B provides a sample XSLT stylesheet to generate an AS4 receipt.

This document is applicable to all types of organizations (e.g., commercial enterprises, government

agencies, not-for-profit organizations) that exchange documents or data electronically using messaging.

© ISO 2020 – All rights reserved 1
---------------------- Page: 10 ----------------------
ISO 15000-2:2020(E)
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 15000-1:—. Electronic business eXtensible Markup Language (ebXML) — Part 1: Messaging Service

3.0 Core Specification.

INTERNET ENGINEERING TASK FORCE (IETF). RFC 1952. GZIP file format specification version 4.3. IETF

RFC. May 1996. http://tools.ietf.org/html/rfc1952

INTERNET ENGINEERING TASK FORCE (IETF). RFC 2045. Multipurpose Internet Mail Extensions (MIME)

Part One: Format of Internet Message Bodies. IETF RFC. November 1996.
http://www.ietf.org/rfc/rfc2045.txt

INTERNET ENGINEERING TASK FORCE (IETF). RFC 2616. Hypertext Transfer Protocol — HTTP/1.1. IETF

RFC. June 1999. Available from http://www.ietf.org/rfc/rfc2616.txt

OASIS. OASIS ebXML Business Signals Schema, 21 December 2006. OASIS Standard. http://docs.oasis-

open.org/ebxml-bp/ebbp-signals-2.0

OASIS. OASIS ebXML Messaging Services Version 3.0: Part 2, Advanced Features. Committee Specification

01, 19 May 2011. OASIS committee specification. Available at http://docs.oasis-open.org/ebxml-

msg/ebms/v3.0/part2/201004/ebms-v3-part2.odt

OASIS. Web Services Security: SOAP Message Security 1.1. OASIS Standard incorporating Approved Errata.

1 November 2006. Available from http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-errata-os-

SOAPMessageSecurity.pdf

OASIS. Web Services Security UsernameToken Profile 1.1. OASIS Standard. 1 February 2006. Available

from http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-UsernameTokenProfile.pdf.

OASIS. Web Services Security X.509 Certificate Token Profile 1.1. OASIS Standard incorporating Approved

Errata. 1 November 2006. Available from http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-errata-

os-x509TokenProfile.pdf

WEB SERVICES INTEROPERABILITY ORGANIZATION. WS-I Attachments Profile Version 1.0, WS-I Final

Material. 20 April 2004. Available from http://www.ws-i.org/Profiles/AttachmentsProfile-1.0.html

WEB SERVICES INTEROPERABILITY ORGANIZATION. Basic Profile Version 2.0, WS-I Final Material. 9

November 2010. Available from http://ws-i.org/Profiles/BasicProfile-2.0-2010-11-09.html

WEB SERVICES INTEROPERABILITY ORGANIZATION. Basic Security Profile Version 1.1, WS-I Final Mate-

rial. 24 January 2010. Available from http://www.ws-i.org/Profiles/BasicSecurityProfile-1.1.html

WORLD WIDE WEB CONSORTIUM (W3C). SOAP Version 1.2 Part 1: Messaging Framework. W3C Recom-

mendation. 27 April 2007. Available from http://www.w3.org/TR/soap12-part1/

WORLD WIDE WEB CONSORTIUM (W3C). SOAP Messages with Attachments, W3C Note. 11 December

2000. Available from http://www.w3.org/TR/SOAP-attachments

WORLD WIDE WEB CONSORTIUM (W3C). Web Services Addressing 1.0 – Core. W3C Recommendation. 9

May 2006. Available from http://www.w3.org/TR/2006/REC-ws-addr-core-20060509/
2 © ISO 2020 – All rights reserved
---------------------- Page: 11 ----------------------
ISO 15000-2:2020(E)

WORLD WIDE WEB CONSORTIUM (W3C). Extensible Markup Language (XML) 1.0. W3C Recommenda-

tion 26 November 2008. Available from http://www.w3.org/TR/REC-xml/

WORLD WIDE WEB CONSORTIUM (W3C). XML Signature Syntax and Processing (Second Edition). W3C

Recommendation. 10 June 2008. Available from http://www.w3.org/TR/xmldsig-core/

WORLD WIDE WEB CONSORTIUM (W3C). XML Encryption Syntax and Processing. 10 December, 2002.

Available from http://www.w3.org/TR/xmlenc-core/
© ISO 2020 – All rights reserved 3
---------------------- Page: 12 ----------------------
ISO 15000-2:2020(E)
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 15000-1:— apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at http://www.electropedia.org/
4 © ISO 2020 – All rights reserved
---------------------- Page: 13 ----------------------
ISO 15000-2:2020(E)
4 AS4 conformance profiles for ISO 15000-1:—
4.1 General

AS4 is more than a conformance profile, in the sense given in the OASIS ebXML Messaging Services,

Version 3.0: Conformance Profiles OASIS committee specification. It is a combination of a conformance

profile and a usage profile, as explained in the Introduction. Consequently, only this clause is conforming

to the format recommended in the OASIS
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.