SIST-TS CEN/TS 15523:2007
(Main)Postal service - Statement of mailing submission
Postal service - Statement of mailing submission
This document specifies a methodology that allows postal operators to define specific statements of mailing submission customised according to their environment and applications.
The document defines information requirements for existing generic postal information processing applications related to major postal functions, namely operations, finance and marketing by specifically identifying the information that could be collected within the mailer’s domain and transmitted to the postal domain.
In addition, this document defines the organisation of data into messages by describing data content, format and communication protocol suitable for communication of data originating in the mailer’s domain.
The specification also provides a detailed analysis and recommendations for implementing application level security threats and countermeasures particularly relevant for postal revenue protection in controlled mail entry settings.
Finally, this document provides several examples of concrete statements of mailing submissions and an example of a secure communication protocol recommended for transmission of such statements.
NOTE The SMS describes letter mail or flats that are submitted for distribution and would not deal explicitly with content of letters or flats whether it concerns customs or any other party that could in principle be interested in knowing the content of these mail entities.
Postalische Dienstleistungen - Übertragung von Daten für Briefanlieferungen
Service postal - Déclaration de dépôt du courrier
Poštne storitve - Izjava o dostavi pisemske pošiljke
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
SIST-TS CEN/TS 15523:2007
01-maj-2007
Poštne storitve - Izjava o dostavi pisemske pošiljke
Postal service - Statement of mailing submission
Postalische Dienstleistungen - Übertragung von Daten für Briefanlieferungen
Service postal - Déclaration de dépôt du courrier
Ta slovenski standard je istoveten z: CEN/TS 15523:2006
ICS:
03.240
SIST-TS CEN/TS 15523:2007 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
TECHNICAL SPECIFICATION
CEN/TS 15523
SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
November 2006
ICS 03.240
English Version
Postal service - Statement of mailing submission
Service postal - Déclaration de dépôt du courrier Postalische Dienstleistungen - Übertragung von Daten für
Briefanlieferungen
This Technical Specification (CEN/TS) was approved by CEN on 23 October 2006 for provisional application.
The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their
comments, particularly on the question whether the CEN/TS can be converted into a European Standard.
CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available
promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS)
until the final decision about the possible conversion of the CEN/TS into an EN is reached.
CEN members are the national standards bodies of Austria, Belgium, Cyprus, Czech Republic, Denmark, Estonia, Finland, France,
Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania,
Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
Management Centre: rue de Stassart, 36 B-1050 Brussels
© 2006 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 15523:2006: E
worldwide for CEN national Members.
---------------------- Page: 2 ----------------------
CEN/TS 15523:2006 (E)
Contents Page
Foreword.4
Introduction .5
1 Scope .8
2 Normative references .8
3 Terms and definitions .9
4 Symbols and Abbreviations .13
5 General Concepts .13
5.1 Mail communication system domains.14
5.2 Parties, agents and their roles .15
5.2.1 Party attribute.16
5.2.2 Agent attribute .17
5.3 Physical objects.17
5.3.1 Mail item.17
5.3.2 Mail entity .17
5.3.3 Mail receptacle .17
5.3.4 Mail set.18
5.3.5 Mailing submission, acceptance and submission group.18
5.4 Informational objects .20
5.4.1 Mail entity attribute.20
5.4.2 Mail receptacle attribute.21
5.4.3 Mail entity set attribute.22
5.4.4 Mail entity set catalogue .22
5.4.5 Statement of mailing submission .22
5.4.6 Electronically exchanged message .23
5.4.7 Observation.23
5.4.8 Observation attribute .23
5.4.9 Expectation.24
5.4.10 Postal product/service .24
5.4.11 Postal product/service attribute.26
5.4.12 Contract and contract attributes.26
5.5 Mailer domain process.26
5.5.1 Message/content preparation.27
5.5.2 List selection.27
5.5.3 List preparation.28
5.5.4 Electronic sortation .28
5.5.5 Printing .28
5.5.6 Insertion.28
5.5.7 Finishing .28
5.5.8 Physical sortation.28
5.5.9 Containerisation.28
5.5.10 Transportation.28
5.5.11 Induction.29
5.6 Interfaces .29
6 Statement of mailing submission (SMS) .30
6.1 SMS structure.30
6.2 Message Content .31
6.2.1 SMS.Header .31
6.2.2 SMS.Submission.34
6.2.3 SMS.Parties .38
6.2.4 SMS.Handover.41
2
---------------------- Page: 3 ----------------------
CEN/TS 15523:2006 (E)
6.2.5 SMS.MailEntitySets .42
6.2.6 SMS.MailEntities.45
6.3 Message Format .50
6.4 Communication Protocol.51
6.5 Communication channel security.51
7 Application Security.52
7.1 Introduction.52
7.2 Threats and Vulnerabilities.52
7.3 Applications and Message Level Security.57
7.4 Security Services and Message-level Countermeasures.59
7.5 Application-level Countermeasures .60
7.5.1 Access and Usage Controls.61
7.5.2 Countermeasures against Counterfeiting.61
7.5.3 Countermeasures against Duplication (copying) .62
7.5.4 Countermeasures against Inappropriate Induction.63
7.5.5 Countermeasures against Miss-Application .63
7.5.6 Countermeasures against Collusion.64
7.5.7 Countermeasures against Impersonation .65
7.5.8 Obliteration countermeasures .66
7.5.9 Countermeasures against inappropriate Refund Request .66
Annex A (informative) Examples of SMS documents.67
Annex B (informative) Text of the XML Schema for SMS.81
Annex C (informative) Example of a protocol for secure communication of EEM.89
Bibliography.92
3
---------------------- Page: 4 ----------------------
CEN/TS 15523:2006 (E)
Foreword
This document (CEN/TS 15523:2006) has been prepared by Technical Committee CEN/TC 331 “Postal
service”, the secretariat of which is held by NEN, in collaboration with UPU.
NOTE This document has been prepared by experts coming from the Technical Committee CEN/TC 331 “Postal
Services” and UPU, under the frame of the Memorandum of Understanding between UPU and CEN.
1)
The UPU’s contribution to the specification was made, by the UPU Standards Board and its subgroups, in
accordance with the rules given in Part V of the "General information on UPU standards".
According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following
countries are bound to announce this CEN Technical Specification: Austria, Belgium, Cyprus, Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden,
Switzerland and United Kingdom.
1)
The UPU's Standards Board develops and maintains a growing number of standards to improve the exchange of postal-related
information between posts, and promotes the compatibility of UPU and international postal initiatives. It works closely with posts,
customers, suppliers and other partners, including various international organizations. The Standards Board ensures that coherent
standards are developed in areas such as electronic data interchange (EDI), mail encoding, postal forms and meters. UPU standards are
published in accordance with the rules given in Part VII of the General information on UPU standards, which can be freely downloaded
from the UPU world-wide web site (www.upu.int).
4
---------------------- Page: 5 ----------------------
CEN/TS 15523:2006 (E)
Introduction
Widespread proliferation of electronic, internet-based data communications provides a cost-effective platform
for integrating a global mail communication system. The essence of such an integration is an automated
exchange of computerised information between mailer’s, postal and recipient’s domains. Within each of these
domains there is a wealth of information that has been or could be collected, computerised and subsequently
communicated to other domains to enhance the overall mail system. This information is typically information
about mail entities and it allows for effective control and management of the entire mail distribution network.
Most commercial-purpose mail is created and finished with the help or under control of computer-driven
equipment. Mail-descriptive computerised data is a by-product of the mail creation/finishing process and it has
significant value for both postal operators and their agents and frequently for mail recipients. Specifically,
when a plurality of mail items (designated as a mailing submission) are prepared for induction into a postal
distribution network by a mailer, it is only natural that the mailing submission should be accompanied by an
electronic document (or computer file) that is commonly referred to as a statement of mailing submission. The
main goal of the statement of mailing submission (SMS) is to provide support information for mission-critical
applications in the mail communication system, and specifically for applications in the postal domain. The
most important applications in the postal domain come from operations (mail entry/induction,
processing/sorting, transportation and delivery), postal marketing (maintenance of existing products and
services, design of new postal products and services, customer relationship management and management of
quality of service), and finance (revenue management including collection and protection of revenue).
The main purpose of the present Technical Specification is to define basic concepts associated with the
statement of mailing submission (framed using methodology of an entity-relationship model), and then to
define the content, message structure and protocol that can be used by mailers or their agents to
communicate to posts information supporting major postal applications, and also to provide a detailed analysis
of application-level security.
The following section describes information requirements supporting major postal processes.
Postal operations information requirements
Mail entry/induction process is a controlled acceptance process that is designed to enable transfer of typically
medium or large size mailings (e. g. mailings containing more than several hundred mail items) from mailers
or their agents to postal operators. Mail entry process involves verification of mail make-up (i.e. check of the
information present on mail entities for its postal process friendliness) and verification of payment. The
process is based on comparison of information created or otherwise known to postal acceptance personnel
against information supplied by mailer. Critical data elements supporting mailing submission entry are:
Mailing submission composition such as number of mail entities of various kind contained in the
submission;
Type and identities of mail entities included into submission;
Gross and net weight of mail entities included into submission and gross and net weight of the
submission itself;
Worksharing information if mailing submission has been pre-sorted or contains mail pre-barcoded by
mailer or its agents. This information includes geographic distribution (number and type of mail entities for
each postal code), postal codes assigned to and marked on each mail entity as well as information
concerning quantity, location and markings for all non-qualified (or residual) entities;
Payment information including accounting information and postage information for various categories of
postal products included in the mailing and totals for each category;
5
---------------------- Page: 6 ----------------------
CEN/TS 15523:2006 (E)
Identity of the SMS associated with the mailing submission;
Security information such as key certificates as described in the present specification (Annex D).
Mail processing information requirements support cost-effective mail sorting. In addition to the information
identified above, the mail sort-supporting electronic information may include identities of all mail entities
included in the submission linked with their associated address information including postal codes.
Mail transportation information requirements support cost-effective transportation of mail entities and
aggregates between postal processing and delivery offices. Thus, in addition to the information identified in
the previous sections, mail transportation-supporting information may include (if they are known during mail
preparation process) identities and scheduling data for various transportation vehicles (trucks, railroad cars,
aircrafts and boats) that will be used for transporting mailing submission.
Mail delivery process information requirements support cost-effective delivery of mail. In addition to the
information described above mail delivery-supporting information may include number, identity and type of
mail entities that require special delivery or handling (e.g. proof of delivery or return receipt).
Postal marketing information requirements
Marketing information is mainly concerned with a detailed description of a mailer’s use of various postal
products and services offered by a postal operator. These may include:
Number of first class mail items included in the submission;
Number of second class mail items included in the submission;
Number of special rate mail items (e.g. overweight or oversize);
Number of mail items that require special delivery (e.g. registered, certified, time-specific delivery etc.);
Number of items that require forwarding services or address correction;
Preferred delivery instructions, redirection and address services (e.g. address hygiene).
Postal finance information requirements
Postal financial applications require an effective payment mechanism for the services by mailers or their
agents. These include automatic generation of all required accounting and funds transfer data and its
supporting documentation for billing and remittance processing. Finance information should include as a
minimum data elements that allow to:
Create, delete and update customer accounts (e.g. unique account IDs);
Identify products and services used by the mailer together with their current tariffs;
Identify mail attributes (e.g. item count, weight, volume) for specific postal products and services;
Support payment for Business Reply and other recipient-paid services;
Automate the receipt and processing of payments (e.g. by using Electronic Funds Transfer);
Automate the processing of all legitimate refunds to mailers;
All required management and control supporting reports.
6
---------------------- Page: 7 ----------------------
CEN/TS 15523:2006 (E)
Methodology
The methodology adopted for the organisation of SMS begins with a data structure describing all practical
knowable information about mailing submission. This data structure containing all-inclusive information is a
sort of a “super” file or “super” message. The specification describes how to collapse (or cluster) this super
message into new data structures suitable for particular postal applications. This is done by eliminating the
non-essential information depending on the informational needs and requirements of postal applications.
Selection (or adaptation) of data elements, their formats and communication protocols for various specific
applications and environments for the SMS from the ones described in the present specification are left to
postal operators and their customers. It was felt that no group of experts would have sufficiently detailed
knowledge of a broad variety of existing and future postal applications and technical environments in order to
accommodate even the most common ones. For this reason, it was decided that providing a definition of a
super, all-inclusive and adaptable message and the methodology of collapsing it into application-specific
messages (statements) would be the best choice. Similarly, timing considerations for various possible
messages that could be exchanged between mailer and postal domains are outside of the scope of the
present specification. Messages that are defined and described here can be arranged to be created by
mailers and communicated to postal operators before, during or after the actual induction process takes place,
depending on the value and the intended use of the communicated information. The specification leaves the
choice of timing considerations to postal operators and their customers.
7
---------------------- Page: 8 ----------------------
CEN/TS 15523:2006 (E)
1 Scope
This document specifies a methodology that allows postal operators to define specific statements of mailing
submission customised according to their environment and applications.
The document defines information requirements for existing generic postal information processing applications
related to major postal functions, namely operations, finance and marketing by specifically identifying the
information that could be collected within the mailer’s domain and transmitted to the postal domain.
In addition, this document defines the organisation of data into messages by describing data content, format
and communication protocol suitable for communication of data originating in the mailer’s domain.
The specification also provides a detailed analysis and recommendations for implementing application-level
security threats and countermeasures particularly relevant for postal revenue protection in controlled mail
entry settings.
Finally, this document provides several examples of concrete statements of mailing submissions and an
example of a secure communication protocol recommended for transmission of such statements.
NOTE The SMS describes letter mail or flats that are submitted for distribution and would not deal explicitly with
content of letters or flats whether it concerns customs or any other party that could in principle be interested in knowing the
content of these mail entities.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, or references to a version number, only the edition cited applies. For undated references and
where there is no reference to a version number, the latest edition of the referenced document (including any
amendments) applies.
EN 14615:2005, Postal services - Digital postage marks - Applications, security and design
ISO 10126-2:1991, Banking – Procedures for message encipherment (wholesale) – Part 2: DEA algorithm
ISO/IEC 9798-3:1998, Information technology -- Security techniques -- Entity authentication -- Part 3:
Mechanisms using digital signature techniques
ISO/IEC 15418, Information technology -- EAN/UCC Application Identifiers and Fact Data Identifiers and
Maintenance
ISO/IEC 15434, Information technology -- Automatic identification and data capture techniques -- Syntax for
high-capacity ADC media
ISO/IEC 15459-1, Information technology -- Unique identifiers -- Part 1: Unique identifiers for transport units
UPU S25, Data constructs for the communication of information on postal items, batches and receptacles
UPU S27, Framework for communication of information about postal items, batches and receptacles
UPU S36-4, Digital Postage Marks (DPM) - Applications, Security& Design
UPU M33, Postal item attributes and the communication of item information
UPU M34, Mail aggregate attributes and the communication of aggregate information - Part A: General
concepts and attribute definitions
8
---------------------- Page: 9 ----------------------
CEN/TS 15523:2006 (E)
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
address list selection
process of selecting a mailing address for the intended recipient of the message
3.2
agent
entity involved in a mail communication process that does not have a legal status
3.3
agent attribute
characteristic of the agent which is or can be represented by a data value
3.4
bank
party that facilitates payment (exchange of funds) between parties for mail entity creation, finishing,
consolidation, transportation and delivery
3.5
communication domain
set of parties, agents, and processes that together play a specific functional role (such as sender, channel or
recipient) in a mail communication system
3.6
consolidator
party that is responsible for consolidating mail entities from a given creator together with mail entities from
other creators
3.7
containerisation
process of assembling together and putting mail entities into receptacles for transportation
3.8
contract
agreement between two or more parties, normally enforceable by law. In the context of the statement of
mailing submission one party to the contract is the mail originator (or a party or agent authorised by the mail
originator) and another is a postal operator (or a party or agent authorised by the postal operator)
3.9
contract attribute
characteristic of a contract which is or can be represented by a data value
3.10
controlled acceptance/entry mail (CAM/CEM)
mail entity or mail aggregate that is examined by postal personnel before being accepted for processing for
the purpose of compliance with postal regulations concerning proper payment (accounting) and mail make up
3.11
creator
party that is responsible for production (creation) of a mail item, a mail entity or a mail entity set
3.12
delivery clerk (letter carrier, mail carrier)
human agent in a mail communication system who is responsible for delivering mail entities into recipient mail
box (receptacle) or directly into the hands of the mail recipient
9
---------------------- Page: 10 ----------------------
CEN/TS 15523:2006 (E)
3.13
electronic sortation
process of sorting a list of mailing addresses into groups having common characteristics (such as identical
postal codes)
3.14
electronically exchanged
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.