SIST-TS CEN/TS 15121-1:2012
(Main)Postal Services - Hybrid Mail - Part 1: Secured electronic postal services (SePS) interface specification - Concepts, schemas and operations
Postal Services - Hybrid Mail - Part 1: Secured electronic postal services (SePS) interface specification - Concepts, schemas and operations
This document specifies a standard XML interface that will enable software applications to call a secured electronic postal service (SePS), provided by a postal service, which is based on the concepts, schemas and operations described herein.
The specification provides:
- a definition of standard operations which can be combined to support secured electronic postal services;
- a full description of all mandatory and optional request parameters required for use of these operations;
- a full description of all response elements and the detailed circumstances under which they are returned.
The specification also describes the functionality and edit rules of the actual technical specification artifacts, which are represented by an XML Schema (XSD) and an associated Web Services Definition Language (WSDL) specification. The versions of these applicable at the date of publication of this version of the specification are contained in this document as Annex A and Annex B respectively. These can also be obtained in electronic format from the UPU Technical Standards CD-ROM or from the UPU Standards Secretariat.
In case of any conflict between Annex A and other provisions of this specification, Annex A shall be regarded as definitive.
The SePS schema specification in Annex A is discreet and version specific. Postal Services are free to select which discrete interface versions they support. However, except in the case of upgrades to V1.15 adopted to ensure cross-border compatibility, postal services who upgrade from older versions of the schema (e.g. from V1.14) to a newer one are required to support backward compatibility of previously supported versions of the SePS interface specification as it applies to both processing requests/responses and honoring previously issued PostMarkedReceipts. Individual posts are free to address this backward compatibility challenge as they see fit.
Postalische Dienstleistungen - Hybride Sendungen - Part 1: Schnittstellen-Spezifikation für Gesicherte elektronische Postdienste (SePS) - Begriffe, Schemata und Betrieb
Poštne storitve - Hibridna pošta - 1. del: Specifikacija vmesnika varovane elektronske poštne storitve (SePS) - Koncepti, sheme in delovanje
Ta dokument določa standardni vmesnik XML, ki omogoča, da programske aplikacije pokličejo varovano elektronsko poštno storitev (SePS), ki jo zagotavljajo poštne storitve, in temelji na tu opisanih konceptih, shemah in operacijah. Specifikacija podaja: - definicijo standardnih operacij, ki se lahko kombinirajo za podporo varovane elektronske poštne storitve; - popoln opis vseh obveznih in izbirnih parametrov zahtevka, ki so potrebni za uporabo teh operacij; - popoln opis vseh elementov odgovora in podrobnih okoliščin, v katerih se vrnejo. Specifikacija opisuje tudi funkcionalnost in pravila urejanja dejanskih artefaktov tehnične specifikacije, ki so predstavljeni s shemo XML (XSD) in povezano specifikacijo jezika za definicijo spletnih storitev (WSDL). Njihove različice, veljavne na datum objave te različice specifikacije, so navedene v tem dokumentu kot dodatek A oziroma dodatek B. Lahko se dobijo v elektronskem formatu na CD-ROM-u tehničnih standardov UPU ali v sekretariatu za standarde UPU. V primeru nasprotij med dodatkom A in drugimi določbami te specifikacije za definitivnega velja dodatek A. Specifikacija sheme SePS v dodatku A je ločena in specifična za posamezno različico. Poštne storitve lahko svobodno izbirajo, katere ločene različice vmesnikov podpirajo. Vendar pa morajo, razen pri nadgradnjah v V1.15, sprejetih za zagotavljanje čezmejne skladnosti, poštne storitve, ki nadgrajujejo starejše različice sheme (npr. od V1.14) z novejšo, podpirati vzvratno združljivost s predhodno podprtimi različicami specifikacije vmesnika SePS, ker velja za obdelavo zahtevkov/odgovorov in za plačilo predhodno izdanih frankiranih računov. Posamezne pošte lahko vprašanje vzvratne združljivosti obravnavajo svobodno, kot se jim zdi primerno. Za podporo zahteve po vzvratni združljivosti se lahko uporabi element različice, ki je prisoten v vsakem zahtevku in vključen v frankiran račun. Zahteva po vzvratni združljivosti ne velja za čezmejne scenarije, pri katerih je bil za zagotavljanje združljivosti sprejet V1.15. Specifikacija vmesnika SePS vključuje platformo za digitalni podpis, ki podpira osnovne operacije kriptografskih storitev in celovit okvir za izvajanje dokaznih, overjenih in nezavrnitvenih storitev. Specifikacija zagotavlja neprekinjeno podporo starejšim binarnim podpisom CMS/PKCS7. Ta pristop omogoča, da aplikacije lahko kompenzirajo moči obeh protokolov, in je lahko opora pri prehajanju od enega k drugemu. Shema bo še naprej izmenljivo podpirala uporabo artefaktov CMS/PKCS7 in XMLDSIG. Izvedbe SePS lahko svobodno podpirajo standard »Sintaksa in obdelava podpisa XML« (tj. XMLDSIG) za vse elemente, ki trenutno prenašajo vsebino PKCS7. Izbira enega ali drugega formata je podprta v obeh prevladujočih formatih podpisov v okviru te domene. Podprta je tudi enkripcija XML. Specifikacija: - je v skladu z IETF RFC 3161 glede žetona časovnega žiga, vrednosti časovnega žiga in drugih atributov časovnega žiga; - je v skladu z vsemi obveznimi zahtevami (tj. tistimi, ki so v besedilu kvalificirane kot »zahtevane« ali »mora«) IETF RFC 3126 in ETSI TS 101 733, kot veljajo za elektronske podpise - celota (tj. ES-C); - je v skladu s postavitvijo IETF RFC 2630 ASN.1 za vse objekte PKCS, uporabljene v specifikaciji; - podpira formatiranje podpisa XMLDSIG, kot je opredeljeno v IETF RFC 3275; - je v skladu z IETF RFC 2560 glede elementa za validacijo podatkov. Ta različica specifikacije ne zajema: - opisa vprašanj glede medoperabilnosti med več izvedbami poštnih SePS, pri katerih življenjski cikel poslovne transakcije zahteva sodelovanje več kot ene izvedbe SePS pri čezmejnem scenariju, ki vključuje dve ali več poštnih storitev; - vprašanj glede uporabe SePS.
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
SIST-TS CEN/TS 15121-1:2012
01-januar-2012
Poštne storitve - Hibridna pošta - 1. del: Specifikacija vmesnika varovane
elektronske poštne storitve (SePS) - Koncepti, sheme in delovanje
Postal Services - Hybrid Mail - Part 1: Secured electronic postal services (SePS)
interface specification - Concepts, schemas and operations
Postalische Dienstleistungen - Hybride Sendungen - Part 1: Schnittstellen-Spezifikation
für Gesicherte elektronische Postdienste (SePS) - Begriffe, Schemata und Betrieb
Ta slovenski standard je istoveten z: CEN/TS 15121-1:2011
ICS:
03.240 Poštne storitve Postal services
SIST-TS CEN/TS 15121-1:2012 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST-TS CEN/TS 15121-1:2012
---------------------- Page: 2 ----------------------
SIST-TS CEN/TS 15121-1:2012
TECHNICAL SPECIFICATION
CEN/TS 15121-1
SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
January 2011
ICS 03.240
English Version
Postal Services - Hybrid Mail - Part 1: Secured electronic postal
services (SePS) interface specification - Concepts, schemas
and operations
Postalische Dienstleistungen - Hybride Sendungen - Part 1:
Schnittstellen-Spezifikation für Gesicherte elektronische
Postdienste (SePS) - Begriffe, Schemata und Betrieb
This Technical Specification (CEN/TS) was approved by CEN on 9 August 2010 for provisional application.
The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their
comments, particularly on the question whether the CEN/TS can be converted into a European Standard.
CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available
promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS)
until the final decision about the possible conversion of the CEN/TS into an EN is reached.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland,
Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2011 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 15121-1:2011: E
worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
SIST-TS CEN/TS 15121-1:2012
CEN/TS 15121-1:2011 (E)
Contents Page
Foreword .5
Introduction .6
1 Scope .8
2 Normative references .9
2.1 UPU standards .9
2.2 Internet Engineering Task Force (IETF) documents .9
2.3 Organization for the Advancement of Structured Information Standards (OASIS) . 10
3 Terms and definitions . 10
4 Symbols and abbreviations . 13
5 Key SePS concepts . 14
5.1 Authentication . 14
5.2 Digital signature verification . 15
5.3 Error handling . 15
5.4 Event logging . 15
5.5 Lifecycle management . 16
5.6 Non-repudiation . 16
5.7 PostMarking . 16
5.8 Processing directives or options . 17
5.9 Protection of confidentiality . 17
5.10 Time stamping . 17
5.11 Transaction handling . 17
6 Overview of SePS operations . 17
6.1 General . 17
6.2 CheckIntegrity . 18
6.3 Decrypt . 19
6.4 Encrypt . 19
6.4.1 General . 19
6.4.2 Delegated Confidentiality Service . 19
6.5 Locate . 19
6.6 LogEvent . 20
6.7 PostMark . 20
6.8 RetrievePostalAttributes . 20
6.9 RetrieveResults . 20
6.10 RetrieveSummary . 20
6.11 Sign . 21
6.12 StartLifecycle . 21
6.13 Verify . 21
7 Common schema types used across SePS operations . 22
7.1 Introduction . 22
7.2 AccessScope and Scopes . 22
7.3 ClaimedIdentity . 23
7.4 ClientApplication . 26
7.5 ContentIdentifier . 26
7.6 ContentMetadata . 26
7.7 EncryptResponse Option . 27
7.8 Event . 29
7.9 OriginalContentType . 29
7.10 ParticipatingPartyType . 30
2
---------------------- Page: 4 ----------------------
SIST-TS CEN/TS 15121-1:2012
CEN/TS 15121-1:2011 (E)
7.11 PostMarkedReceipt . 31
7.12 PostMarkedReceipt (XMLDSIG considerations). 36
7.13 QualifiedDataType . 38
7.14 SignatureInfoType . 38
7.15 SignaturePolicyIdentifier . 39
7.16 TransactionKeyType . 40
7.17 TransactionStatus and TransactionStatusDetailType . 41
7.18 ValidOperation . 41
7.19 ValidOption . 42
7.20 Version. 42
7.21 X509InfoType . 42
8 Detailed specification of SePS operations . 44
8.1 Introduction . 44
8.2 CheckIntegrity . 44
8.2.1 CheckIntegrity Edit Rules Summary . 44
8.2.2 CheckIntegrityOptions Request Flags . 45
8.2.3 CheckIntegrity Request Elements . 46
8.2.4 CheckIntegrity Response Object . 48
8.3 Decrypt . 51
8.3.1 Decrypt Edit Rules Summary . 51
8.3.2 DecryptOptions Request Flags . 52
8.3.3 Decrypt Request Elements . 53
8.3.4 Decrypt Response Object . 53
8.4 Encrypt . 54
8.4.1 Encrypt Edit Rules Summary . 54
8.4.2 EncryptOptions Request Flags . 55
8.4.3 Encrypt Request Elements . 56
8.4.4 Encrypt Response Object . 57
8.5 Locate . 58
8.5.1 Locate Edit Rules Summary . 58
8.5.2 LocateOptions Request Flags . 58
8.5.3 Locate Request Elements . 59
8.5.4 Locate Response Object. 60
8.6 LogEvent . 60
8.6.1 LogEvent Edit Rules Summary . 60
8.6.2 LogEventOptions Request Flags . 61
8.6.3 LogEvent Request Elements . 61
8.6.4 LogEvent Response Object . 62
8.7 PostMark. 62
8.7.1 PostMark Edit Rules Summary . 62
8.7.2 PostMarkOptions Request Flags . 63
8.7.3 Postmark Request Elements . 63
8.7.4 PostMark Response Object . 65
8.8 RetrievePostalAttributes RetrievePostalAttributes Edit Rules Summary . 66
8.9 RetrieveResults . 67
8.9.1 RetrieveResults Edit Rules Summary . 67
8.9.2 RetrieveResultsOptions Request Flags . 68
8.9.3 RetrieveResults Request Elements . 69
8.9.4 RetrieveResults Response Object . 70
8.10 RetrieveSummary . 73
8.10.1 RetrieveSummary Edit Rules Summary . 73
8.10.2 RetrieveSummaryOptions Request Flags . 73
8.10.3 RetrieveSummary Request Elements . 73
8.10.4 RetrieveSummary Response Object . 74
8.11 Sign . 75
8.11.1 Sign Edit Rules Summary . 75
8.11.2 SignOptions Request Flags. 76
8.11.3 Sign Request Elements . 77
8.11.4 Sign Response Object . 78
3
---------------------- Page: 5 ----------------------
SIST-TS CEN/TS 15121-1:2012
CEN/TS 15121-1:2011 (E)
8.12 StartLifeCycle . 79
8.12.1 StartLifecycle Edit Rules Summary . 79
8.12.2 StartLifecycleOptions Request Flags . 79
8.12.3 StartLifecycle Request Elements . 80
8.12.4 StartLifecycle Response Object . 80
8.13 Verify . 81
8.13.1 Verify Edit Rules Summary . 81
8.13.2 VerifyOptions Request Flags . 81
8.13.3 Verify Request Elements . 83
8.13.4 Verify Response Object . 87
Annex A (normative) SePS XML Schema V1.15 . 89
Annex B (normative) Web Service Description Language (WSDL) V1.15 . 108
Annex C (informative) Examples . 117
C.1 General . 117
C.2 Standalone PostMarkedReceipt over a verified signature . 117
C.3 Standalone over data when using PostMark operation . 120
C.4 Embedded over a verified signature . 122
C.5 RequesterSignature over TransactionKey for any operation in protected Lifecycle . 125
C.6 RequesterSignature over OriginalContent when used in a CheckIntegrity operation . 126
Annex D (informative) European and international standards inter-relationships and evolution . 128
Annex E (informative) Relevant intellectual property rights (IPR) . 129
E.1 Introduction . 129
E.2 USPS Patents . 130
Bibliography . 131
4
---------------------- Page: 6 ----------------------
SIST-TS CEN/TS 15121-1:2012
CEN/TS 15121-1:2011 (E)
Foreword
This document (CEN/TS 15121-1:2011) has been prepared by Technical Committee CEN/TC 331 “Postal
Services”, the secretariat of which is held by NEN.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
nd
According to the Memorandum of Understanding (MoU) between the UPU and CEN, signed Oct. 22 , 2001;
3.3 CEN notifies the following deviation from the source text:
The term "postal administration" meaning a postal service designated by one member country of the UPU
was changed according with the wording of the Postal Directive to "postal service".
This document is the equivalent to Part 1 of a multi-part UPU standard, S43: Secured electronic postal
services (SePS) interface specification. S43 was originally published as a single part standard covering only
one secured electronic postal service, but has been split into parts to allow the standard to be extended to
cover other services based on the same concepts, schemas and operations. Part 1 defines these concepts,
schemas and operations.
Part 2 defines EPCM Services, and uses the specification of Part 1.
The specification is complemented by five annexes. Annex A and Annex B are normative; Annex C, Annex D
and Annex E are informative. The specification contains a Bibliography.
According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following
countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus,
Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia,
Spain, Sweden, Switzerland and the United Kingdom.
5
---------------------- Page: 7 ----------------------
SIST-TS CEN/TS 15121-1:2012
CEN/TS 15121-1:2011 (E)
Introduction
This interface specification describes a standardized way for postal services or its system development teams
to build a secured electronic postal services (SePS) capability which can be offered to customers as part of an
electronic service inventory.
A SePS is a postal service which is accessed electronically through the use of an interface based on an
appropriate subset of the operations (verbs) specified in this document. Together these define a set of
standardized application layer software security services aimed at facilitating the introduction and integration
of the following capabilities into a target customer’s business applications:
digital signature verification;
certificate status verification;
timestamping of verified signatures (i.e. a PostMarkedReceipt);
receipt issuance;
content timestamping;
digital signature creation;
capture of signature intent (context and user commitment);
creation of encrypted envelopes;
decryption of encrypted envelopes;
evidence logging of all SePS events;
logging of user events deemed relevant to the business transaction;
tying together of SePS events into a business transaction Lifecycle;
retrieval of evidence data in support of dispute resolution and future challenges in a non-repudiation
context.
Individual SePS services may support different subsets of the defined operations. For example, the electronic
postal certification mark (EPCM) service, defined in part B of the standard (see UPU standard S43b) uses the
CheckIntegrity, PostMark, RetrieveResults, Sign and Verify operations to support the capture and
reproduction of evidence data attesting to the fact that a business transaction was conducted and completed
in an environment of integrity and trustworthiness.
The process of integrating SePS features into an automated application is termed “SePS-enabling” the target
application. Each call to a SePS can be looked at as a non-repudiable SePS event or SePS transaction within
the application’s overall business workflow. These non-repudiable events can be logically linked and tracked
within an application’s business workflow to provide additional business context to an arbitrator should a
challenge to the event’s authenticity be presented by any of the involved parties.
This specification describes the SePS interface standard and contains four main clauses and five annexes:
6
---------------------- Page: 8 ----------------------
SIST-TS CEN/TS 15121-1:2012
CEN/TS 15121-1:2011 (E)
Clause No Description of content
5 Key SePS concepts: introduces a number of key concepts which are drawn on in the remainder
of the specification;
6 Overview of SePS operations: provides an overview of the standard operations, supported by
the schema defined in Annex A, which can be combined to implement secured electronic postal
services which comply with this specification;
7 Common schema types used across SePS operations: defines common WSDL element types
that are sent to and returned from the SePS;
8 Detailed specification of SePS operations: provides a detailed definition of the operations which
were introduced in Clause 6;
Annex A (normative) SePS XML Schema V1.15: provides the formal XML Schema for the SePS interface;
Annex B (normative) Web Service Description Language (WSDL) V1.15: provides the formal WSDL
specification of the SePS interface;
Annex C Examples: provides specific examples illustrating the various constructs used within the
interface;
Annex D (informative) European and international standards inter-relationships and evolution: provides
background information on other signature standards which exist in the same domain as the
SePS interface specification. Their influence and role in shaping this standard and its evolution
is also covered;
Annex E (informative) Relevant intellectual property rights (IPR): provides information about intellectual
property rights whose use has been reported as possibly being implied by certain
implementations of the specification.
The implementation of part or all of this specification might involve the use of intellectual property that is the
subject of patent and/or trademark rights. It is the responsibility of users of the standard to conduct any
1)
necessary searches and to ensure that any pertinent rights are in the public domain; are licensed or are
avoided. Neither CEN nor the UPU can accept any responsibility in case of infringement, on the part of users
of this document, of any third party intellectual property rights. Nevertheless, document users and owners of
such rights are encouraged to advise the Secretariat of the UPU Standards Board and/or of CEN/TC 331 of
any explicit claim that any technique or solution described herein is protected by such rights in any CEN or
UPU member country. Any such claims will, without prejudice, be documented in the next update of this
standard, or otherwise at the discretion of the Standards Board, respectively CEN/TC 331. Annex E of this
document lis
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.