1、 ETSI TS 102 640-6-2 V1.1.1 (2011-09) Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 6: Interoperability Profiles; Sub-part 2: REM-MD BUSDOX Interoperability Profile Technical Specification ETSI ETSI TS 102 640-6-2 V1.1.1 (2011-09) 2Reference DTS/ESI-000069-3
2、 Keywords e-commerce, electronic signature, email, security, trust services ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06
3、) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the referen
4、ce version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change
5、 of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright N
6、otification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2011. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks o
7、f ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 102 640-6-2 V1.1.1 (2011-09) 3Con
8、tents Intellectual Property Rights 4g3Foreword . 4g3Introduction 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 6g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 7g34 Mapping of terms and definitions 7g35 Functional GAP analysis be
9、tween REM and BUSDOX 9g36 Covered Scenarios 9g36.1 REM+BUSDOX to pure BUSDOX . 10g36.2 Pure BUSDOX to REM+BUSDOX . 10g37 Profiles specifications. 11g37.1 Common specifications 11g37.1.1 Identifiers 11g37.1.1.1 REM-MD Participant Identifiers . 12g37.1.1.2 Document Identifiers for REM-MDs 13g37.1.1.3
10、Process Identifiers for REM-MDs . 13g37.2 REM+BUSDOX to pure BUSDOX . 14g37.2.1 Senders original message profile 14g37.2.2 SML and SMP profiling . 16g37.2.2.1 URL to access to SMP composition 17g37.2.2.2 Service Metadata Retrieval from SMP 18g37.2.2.3 BUSDOX Headers and REM Headers/Metadata 19g37.2.
11、3 LIME Profile . 20g37.2.4 BUSDOX message composition . 21g37.2.5 Generating REM-MD message . 21g37.2.6 Evidence . 21g37.3 BUSDOX to REM-MD+BUSDOX . 22g37.3.1 SML and SMP Profiling . 25g37.3.1.1 URL to access to SMP composition 25g37.3.1.2 REM-MD Service Metadata store to SMP 26g37.3.1.3 Service Met
12、adata Retrieval from SMP 26g37.3.1.4 BUSDOX Headers and REM Headers/Metadata 27g37.3.2 LIME Profile . 27g37.3.3 Generating REM-MD message . 27g37.3.4 Evidence . 27g3History 28g3ETSI ETSI TS 102 640-6-2 V1.1.1 (2011-09) 4Intellectual Property Rights IPRs essential or potentially essential to the pres
13、ent document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in re
14、spect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/ipr.etsi.org). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of
15、other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). The p
16、resent document is part 6, sub-part 2 of a multi-part deliverable. Full details of the entire series can be found in part 1 1. Introduction The summarised scope of each part and sub-part can be found in part 1 1 of this multi-part deliverable. ETSI ETSI TS 102 640-6-2 V1.1.1 (2011-09) 51 Scope The p
17、resent document specifies requirements for achieving interoperability between the Registered Electronic Mail systems that are compliant with TS 102 640 (REM henceforth) specification 1 to 5 and systems that are compliant with “Business Document Exchange Network service metadata and transport specifi
18、cation“ (BUSDOX henceforth) 6 to 11. The approach used for this purpose is to define all the necessary mappings between the two specifications taking into account also the objective to maintain and preserve the main advantages and positive features present in both the realities as pursued in the Tec
19、hnical Specifications. The present document is structured as follows: Clause 4: Mapping of terms and definitions. Clause 5: Functional GAP analysis between REM and BUSDOX. Clause 6: Covered Scenarios: REM+BUSDOX to BUSDOX and BUSDOX to REM+BUSDOX. Clause 7: Profile specification for the interaction
20、scenarios defined in clause 6. 2 References References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the reference document (
21、including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long t
22、erm validity. 2.1 Normative references The following referenced documents are necessary for the application of the present document. 1 ETSI TS 102 640-1: “Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 1: Architecture“. 2 ETSI TS 102 640-2: “Electronic Signat
23、ures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 2: Data requirements, Formats and Signatures for REM“. 3 ETSI TS 102 640-3: “Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 3: Information Security Policy Requirements for REM Management D
24、omains“. 4 ETSI TS 102 640-4: “Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 4: REM-MD Conformance Profiles“. 5 ETSI TS 102 640-5: “Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 5: REM-MD Interoperability Profiles“.
25、6 BUSDOX START: “Secure Trusted Asynchronous Reliable Transport (START) v 1.0.0 WP8 2009-12-22“. 7 BUSDOX METADATA PUB: “Service Metadata Publishing v 1.0.0 WP8 2009-12-23“. 8 BUSDOX METADATA LOC: “Service Metadata Locator Profile v 1.0.0 WP8 2009-12-21“. 9 BUSDOX LIME: “Lightweight Message Exchange
26、 Profile v 1.0.0 WP8 2009-12-22“. ETSI ETSI TS 102 640-6-2 V1.1.1 (2011-09) 610 BUSDOX PEPPOL: “PEPPOL Identifier Schemes v 1.0.0 WP8 2009-12-23“. 11 BUSDOX COMMON DEFINITIONS: “Business Document Exchange Network - Common Definitions v 1.0.0 WP8 2009-11-27“. 12 W3C WS-Transfer: “Web Services Transfe
27、r (WS-Transfer)“ - W3C Working Draft 5 August 2010. NOTE: Available at http:/www.w3.org/TR/2010/WD-ws-transfer-20100805. 13 W3C WS-Addressing: “Web Services Addressing (WS-Addressing)“ - W3C Member Submission 10 August 2004. NOTE: Available at http:/www.w3.org/Submission/2004/SUBM-ws-addressing-2004
28、0810. 2.2 Informative references The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI TS 102 640-6-1: “Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (
29、REM); Part 6: Interoperability Profiles; Sub-part 1: REM-MD UPU PReM Interoperability Profile“. i.2 ETSI TS 102 640-6-3: “Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 6: Interoperability Profiles; Sub-part 3: REM-MD SOAP Binding Profile“. i.3 IETF RFC 5321:
30、 “Simple Mail Transfer Protocol“. i.4 IETF RFC 5322: “Internet Message Format“. i.5 IETF RFC 5751: “Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification“. i.6 IETF RFC 3986: “Uniform Resource Identifier (URI): Generic Syntax“. i.7 ISO/IEC 27001:2005: “Information t
31、echnology - Security techniques - Information security management systems - Requirements“. i.8 ETSI TS 102 231: “Electronic Signatures and Infrastructures (ESI); Provision of harmonized Trust-service status information“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present
32、 document, the terms and definitions given in TS 102 640-1 1 and the following apply: REM/BUSDOX Gateway: set of technical and physical components, policies and processes that provide the gateway service among REM network and BUSDOX network NOTE: A REM/BUSDOX Gateway may be a sub-service/module of a
33、 REM-MD or to be separated service. Throughout the present document a number of verbal forms are used, whose meaning is defined below. shall, shall not: indicate requirements strictly to be followed in order to conform to the present document and from which no deviation is permitted. should, should
34、not: indicate that among several possibilities one is recommended as particularly suitable, without mentioning or excluding others, or that a certain course of action is preferred but not necessarily required, or that (in the negative form) a certain possibility or course of action is deprecated but
35、 not prohibited. ETSI ETSI TS 102 640-6-2 V1.1.1 (2011-09) 7 may, need not: indicate a course of action permissible within the limits of the present document. 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: AP BUSDOX Access Point EPR BUSDOX EndPoint Ref
36、erence LC BUSDOX LIME Client LIME BUSDOX LIghtweight Message Exchange Profile SML BUSDOX Service Metadata Locator SMP BUSDOX Service Metadata Publishing 4 Mapping of terms and definitions Business Document Exchange Network (BUSDOX) specifies a document exchange infrastructure. BUSDOX Access Points c
37、ommunicate in a peer-to-peer model across the internet to form the BUSDOX infrastructure. BUSDOX provides a specification, which may be instantiated in concrete implementations. For example, an instance of BUSDOX is the PEPPOL infrastructure, which includes governance models, certificate rules, iden
38、tifier formats, and other profiling. This part is outside BUSDOX specification but included in PEPPOL. In Table 1 a mapping among the main terms and definitions used in REM Technical specifications TS 102 640-1 1 to TS 102 640-5 5, and equivalent terms used in BUSDOX 6 to 11 specifications is provid
39、ed. An empty cell means that the corresponding specification does not define an equivalent term of the one shown in the same row and defined in the other specification. ETSI ETSI TS 102 640-6-2 V1.1.1 (2011-09) 8Table 1: Mapping of definitions ETSI REM definitions (TS 102 640-1 1, clause 3.1) BUSDOX
40、 definitions 11 REM-MD Access Point (AP) Senders REM-MD Source Access Point (SrcAP) Recipients REM-MD Destination Access Point (DestAP) Secure Trusted Asynchronous Reliable Transport (START) Lightweight Message Exchange Transport (LIME) Lightweight Client or LIME Client (LC) Lightweight Profile Acce
41、ss Point (LIME-AP) Message Channel (MC) Inbound/Outbound Message Channel (InMC/OutMC) Endpoint Reference (EPR) Channel Identifier (ChannelID) Service Metadata Locator service (SML) Service Metadata Publisher (SMP) Service Metadata Consumer (SMC) Participant Identifier (participantID) Document Identi
42、fier (documentID) Process Identifier (processID) certification authority information security policy Information Security Management System long term storage message archive original message Business message REM-MD repository Registered E-Mail REM dispatch REM Management Domain BUSDOX Access Point R
43、EM-MD envelope SOAP Envelope REM-MD evidence REM-MD Evidence Provider REM-MD Evidence Verifier REM-MD Message BUSDOX Message REM-MD Message Gateway REM-MD Message Transfer Agent REM-MD Repository Retrieval Interface REM-MD Sender Message Submission Interface LIME Interface REM-MD Third Party Evidenc
44、e Retrieval Interface REM Message Store REM Object REM Objects Relay Interface START Interface REM User Agent (REM-UA) REM Policy REM Policy Domain REM Policy Domain Authority REM Recipient (Recipient) LIME Client REM Sender (Sender) LIME Client REM Third Party Signature Creation Server Time-Stampin
45、g Authority Time-Stamp Token ETSI ETSI TS 102 640-6-2 V1.1.1 (2011-09) 95 Functional GAP analysis between REM and BUSDOX The main differences between the functional aspects of ETSI REM and BUSDOX will be identified in the present clause by comparing, when possible, the similar aspects of the two sys
46、tems under analysis. In particular the following aspects will be considered in the GAP REM versus BUSDOX: Main scopes Trust models Formats Evidence A mapping between high level functions is identified in Table 2. The attention is concentrated to the boundary functions that are involved in the gatewa
47、y among REM and BUSDOX systems, and to some other remarkable feature providing a more general view. Table 2: GAP Analysis ETSI REM BUSDOX The main scope of ETSI REM technical specification is to provide a reliable transport of messages enriched with a full set of evidence for the Sender and the Reci
48、pients regarding the exchanged messages. The main purpose of the BUSDOX technical specification is to define a messaging infrastructure for secure and reliable exchange of electronic documents. The Trust model of ETSI REM is based on the specifications of the Electronic Signatures and Infrastructure
49、s (ESI) and in particular on the TSL (Trusted List of supervised/accredited certification service providers in accordance with TS 102 231 i.8). Trust model of BUSDOX is mainly based on the Secure Trusted Asynchronous Reliable Transport (START) infrastructure that is based on standards like SOAP, WS-Addressing 13, WS-Security, WS-Transfer 12, WS-ReliableMessaging and SAML. The format of the exchanged messages in the REM model to which the present document refers is based on th
