1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationDD CEN/TS 15121-1:2011Postal Services Hybrid MailPart 1: Secured electronic postal services(SePS) interface specification Concepts,schemas and operationsDD CEN/TS 15121-1:2011 DR
2、AFT FOR DEVELOPMENTNational forewordThis Draft for Development is the UK implementation of CEN/TS15121-1:2011.This publication is not to be regarded as a British Standard.It is being issued in the Draft for Development series of publicationsand is of a provisional nature. It should be applied on thi
3、sprovisional basis, so that information and experience of its practicalapplication can be obtained.Comments arising from the use of this Draft for Developmentare requested so that UK experience can be reported to theinternational organization responsible for its conversion toan international standar
4、d. A review of this publication willbe initiated not later than 3 years after its publication by theinternational organization so that a decision can be taken on itsstatus. Notification of the start of the review period will be made inan announcement in the appropriate issue of Update Standards.Acco
5、rding to the replies received by the end of the review period,the responsible BSI Committee will decide whether to support theconversion into an international Standard, to extend the life of theTechnical Specification or to withdraw it. Comments should be sentto the Secretary of the responsible BSI
6、Technical Committee at BritishStandards House, 389 Chiswick High Road, London W4 4AL.The UK participation in its preparation was entrusted to TechnicalCommittee SVS/4, Postal services.A list of organizations represented on this committee can beobtained on request to its secretary.This publication do
7、es not purport to include all the necessaryprovisions of a contract. Users are responsible for its correctapplication. BSI 2011ISBN 978 0 580 70585 4ICS 03.240Compliance with a British Standard cannot confer immunity fromlegal obligations.This Draft for Development was published under the authority
8、ofthe Standards Policy and Strategy Committee on 31 January 2011.Amendments issued since publicationDate Text affectedDD CEN/TS 15121-1:2011TECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN/TS 15121-1 January 2011 ICS 03.240 English Version Postal Services - Hybrid Mail - P
9、art 1: Secured electronic postal services (SePS) interface specification - Concepts, schemas and operations Postalische Dienstleistungen - Hybride Sendungen - Part 1: Schnittstellen-Spezifikation fr Gesicherte elektronische Postdienste (SePS) - Begriffe, Schemata und Betrieb This Technical Specifica
10、tion (CEN/TS) was approved by CEN on 9 August 2010 for provisional application. The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their comments, particularly on the question whether the CEN/TS can be converted i
11、nto a European Standard. CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS) un
12、til the final decision about the possible conversion of the CEN/TS into an EN is reached. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithua
13、nia, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG Management Centre: Avenue Marnix 17, B-1000 Brussels 2011 CE
14、N All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TS 15121-1:2011: EDD CEN/TS 15121-1:2011CEN/TS 15121-1:2011 (E) 2 Contents Page Foreword 5Introduction .61 Scope 82 Normative references 92.1 UPU standards .92.2 Internet Engineering T
15、ask Force (IETF) documents 92.3 Organization for the Advancement of Structured Information Standards (OASIS) . 103 Terms and definitions 104 Symbols and abbreviations . 135 Key SePS concepts 145.1 Authentication . 145.2 Digital signature verification . 155.3 Error handling . 155.4 Event logging 155.
16、5 Lifecycle management . 165.6 Non-repudiation 165.7 PostMarking 165.8 Processing directives or options 175.9 Protection of confidentiality 175.10 Time stamping . 175.11 Transaction handling . 176 Overview of SePS operations 176.1 General . 176.2 CheckIntegrity . 186.3 Decrypt . 196.4 Encrypt . 196.
17、4.1 General . 196.4.2 Delegated Confidentiality Service . 196.5 Locate 196.6 LogEvent 206.7 PostMark 206.8 RetrievePostalAttributes 206.9 RetrieveResults . 206.10 RetrieveSummary . 206.11 Sign 216.12 StartLifecycle 216.13 Verify 217 Common schema types used across SePS operations . 227.1 Introductio
18、n . 227.2 AccessScope and Scopes . 227.3 ClaimedIdentity . 237.4 ClientApplication 267.5 ContentIdentifier . 267.6 ContentMetadata . 267.7 EncryptResponse Option . 277.8 Event 297.9 OriginalContentType 297.10 ParticipatingPartyType . 30DD CEN/TS 15121-1:2011CEN/TS 15121-1:2011 (E) 3 7.11 PostMarkedR
19、eceipt . 317.12 PostMarkedReceipt (XMLDSIG considerations). 367.13 QualifiedDataType . 387.14 SignatureInfoType . 387.15 SignaturePolicyIdentifier 397.16 TransactionKeyType . 407.17 TransactionStatus and TransactionStatusDetailType . 417.18 ValidOperation . 417.19 ValidOption 427.20 Version 427.21 X
20、509InfoType . 428 Detailed specification of SePS operations . 448.1 Introduction 448.2 CheckIntegrity 448.2.1 CheckIntegrity Edit Rules Summary . 448.2.2 CheckIntegrityOptions Request Flags 458.2.3 CheckIntegrity Request Elements . 468.2.4 CheckIntegrity Response Object . 488.3 Decrypt . 518.3.1 Dec
21、rypt Edit Rules Summary . 518.3.2 DecryptOptions Request Flags 528.3.3 Decrypt Request Elements . 538.3.4 Decrypt Response Object . 538.4 Encrypt . 548.4.1 Encrypt Edit Rules Summary . 548.4.2 EncryptOptions Request Flags 558.4.3 Encrypt Request Elements . 568.4.4 Encrypt Response Object . 578.5 Loc
22、ate . 588.5.1 Locate Edit Rules Summary . 588.5.2 LocateOptions Request Flags 588.5.3 Locate Request Elements . 598.5.4 Locate Response Object. 608.6 LogEvent 608.6.1 LogEvent Edit Rules Summary 608.6.2 LogEventOptions Request Flags . 618.6.3 LogEvent Request Elements 618.6.4 LogEvent Response Objec
23、t 628.7 PostMark. 628.7.1 PostMark Edit Rules Summary 628.7.2 PostMarkOptions Request Flags . 638.7.3 Postmark Request Elements 638.7.4 PostMark Response Object 658.8 RetrievePostalAttributes RetrievePostalAttributes Edit Rules Summary 668.9 RetrieveResults . 678.9.1 RetrieveResults Edit Rules Summa
24、ry . 678.9.2 RetrieveResultsOptions Request Flags 688.9.3 RetrieveResults Request Elements . 698.9.4 RetrieveResults Response Object . 708.10 RetrieveSummary 738.10.1 RetrieveSummary Edit Rules Summary 738.10.2 RetrieveSummaryOptions Request Flags . 738.10.3 RetrieveSummary Request Elements 738.10.4
25、 RetrieveSummary Response Object . 748.11 Sign . 758.11.1 Sign Edit Rules Summary . 758.11.2 SignOptions Request Flags 768.11.3 Sign Request Elements . 778.11.4 Sign Response Object 78DD CEN/TS 15121-1:2011CEN/TS 15121-1:2011 (E) 4 8.12 StartLifeCycle 798.12.1 StartLifecycle Edit Rules Summary 798.1
26、2.2 StartLifecycleOptions Request Flags . 798.12.3 StartLifecycle Request Elements 808.12.4 StartLifecycle Response Object 808.13 Verify 818.13.1 Verify Edit Rules Summary 818.13.2 VerifyOptions Request Flags . 818.13.3 Verify Request Elements 838.13.4 Verify Response Object . 87Annex A (normative)
27、SePS XML Schema V1.15 89Annex B (normative) Web Service Description Language (WSDL) V1.15 108Annex C (informative) Examples 117C.1 General . 117C.2 Standalone PostMarkedReceipt over a verified signature . 117C.3 Standalone over data when using PostMark operation . 120C.4 Embedded over a verified sig
28、nature 122C.5 RequesterSignature over TransactionKey for any operation in protected Lifecycle 125C.6 RequesterSignature over OriginalContent when used in a CheckIntegrity operation 126Annex D (informative) European and international standards inter-relationships and evolution . 128Annex E (informati
29、ve) Relevant intellectual property rights (IPR) 129E.1 Introduction . 129E.2 USPS Patents 130Bibliography . 131DD CEN/TS 15121-1:2011CEN/TS 15121-1:2011 (E) 5 Foreword This document (CEN/TS 15121-1:2011) has been prepared by Technical Committee CEN/TC 331 “Postal Services”, the secretariat of which
30、is held by NEN. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. According to the Memorandum of Understanding (MoU) between the UPU and
31、 CEN, signed Oct. 22nd, 2001; 3.3 CEN notifies the following deviation from the source text: The term “postal administration“ meaning a postal service designated by one member country of the UPU was changed according with the wording of the Postal Directive to “postal service“. This document is the
32、equivalent to Part 1 of a multi-part UPU standard, S43: Secured electronic postal services (SePS) interface specification. S43 was originally published as a single part standard covering only one secured electronic postal service, but has been split into parts to allow the standard to be extended to
33、 cover other services based on the same concepts, schemas and operations. Part 1 defines these concepts, schemas and operations. Part 2 defines EPCM Services, and uses the specification of Part 1. The specification is complemented by five annexes. Annex A and Annex B are normative; Annex C, Annex D
34、and Annex E are informative. The specification contains a Bibliography. According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic,
35、Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom. DD CEN/TS 15121-1:2011CEN/TS 15121-1:2011 (E) 6 Introduct
36、ion This interface specification describes a standardized way for postal services or its system development teams to build a secured electronic postal services (SePS) capability which can be offered to customers as part of an electronic service inventory. A SePS is a postal service which is accessed
37、 electronically through the use of an interface based on an appropriate subset of the operations (verbs) specified in this document. Together these define a set of standardized application layer software security services aimed at facilitating the introduction and integration of the following capabi
38、lities into a target customers business applications: digital signature verification; certificate status verification; timestamping of verified signatures (i.e. a PostMarkedReceipt); receipt issuance; content timestamping; digital signature creation; capture of signature intent (context and user com
39、mitment); creation of encrypted envelopes; decryption of encrypted envelopes; evidence logging of all SePS events; logging of user events deemed relevant to the business transaction; tying together of SePS events into a business transaction Lifecycle; retrieval of evidence data in support of dispute
40、 resolution and future challenges in a non-repudiation context. Individual SePS services may support different subsets of the defined operations. For example, the electronic postal certification mark (EPCM) service, defined in part B of the standard (see UPU standard S43b) uses the CheckIntegrity, P
41、ostMark, RetrieveResults, Sign and Verify operations to support the capture and reproduction of evidence data attesting to the fact that a business transaction was conducted and completed in an environment of integrity and trustworthiness. The process of integrating SePS features into an automated a
42、pplication is termed “SePS-enabling” the target application. Each call to a SePS can be looked at as a non-repudiable SePS event or SePS transaction within the applications overall business workflow. These non-repudiable events can be logically linked and tracked within an applications business work
43、flow to provide additional business context to an arbitrator should a challenge to the events authenticity be presented by any of the involved parties. This specification describes the SePS interface standard and contains four main clauses and five annexes: DD CEN/TS 15121-1:2011CEN/TS 15121-1:2011
44、(E) 7 Clause No Description of content 5 Key SePS concepts: introduces a number of key concepts which are drawn on in the remainder of the specification; 6 Overview of SePS operations: provides an overview of the standard operations, supported by the schema defined in Annex A, which can be combined
45、to implement secured electronic postal services which comply with this specification; 7 Common schema types used across SePS operations: defines common WSDL element types that are sent to and returned from the SePS; 8 Detailed specification of SePS operations: provides a detailed definition of the o
46、perations which were introduced in Clause 6; Annex A (normative) SePS XML Schema V1.15: provides the formal XML Schema for the SePS interface; Annex B (normative) Web Service Description Language (WSDL) V1.15: provides the formal WSDL specification of the SePS interface; Annex C Examples: provides s
47、pecific examples illustrating the various constructs used within the interface; Annex D (informative) European and international standards inter-relationships and evolution: provides background information on other signature standards which exist in the same domain as the SePS interface specificatio
48、n. Their influence and role in shaping this standard and its evolution is also covered; Annex E (informative) Relevant intellectual property rights (IPR): provides information about intellectual property rights whose use has been reported as possibly being implied by certain implementations of the specification. The implementation of part or
