Internet Commerce Technologies Open Trading Protocol OTP Interoperable
Internet Commerce Technologies Open Trading Protocol OTP § Interoperable framework for Internet commerce § Virtual capability that safely replicates real world: trading events such as offer, pmnt receipt, delivery, receipt of goods. § + new trading models § Any two global parties using OTP-conformant e-commerce process will complete business safely and successfully § Standard available at http: //www. ietf. org/internet-drafts/draft-ietf-trade-iotp-v 1. 0 -dsig-03. txt 1 Matwin 1999
Internet Commerce Technologies OTP § Product of an international consortium, including Mondex, SET, Cyber. Cash, Digi. Cash, VISA, MC, and banks (eg RB and CIBC) § Defined as an XML DTD 2 Matwin 1999
Internet Commerce Technologies OTP: our digest § § § § 3 Roles and exchanges IOTP messages Error handling Security and signatures Trading components Trading blocks The big picture Matwin 1999
Internet Commerce Technologies Roles and exchanges Roles (entities) 4 Matwin 1999
Internet Commerce Technologies Trading exchanges § Offer § Merchant provides consumer with reason for the trade. Consumer must accept the offer § Payment § In either direction between the consumer and the payment handler § Delivery § Transmits on-line goods or delivery info about physical goods from delivery handler to consumer Trading § Authentication § Ant trading role can authenticate any other role 5 Exchanges =exchanges of data between trading roles Matwin 1999
Internet Commerce Technologies Trading exchanges § Any IOTP transactions consist of the above exchanges, e. g. IOTP purchase includes Offer, Payment, Delivery § Exchanges consist of components, transmitted between various trading roles § Components are packed, e. g, IOTP purchase combines Delivery Organization Component with the Offer Response Component 6 Matwin 1999
Internet Commerce Technologies Protocol structure § Trading components are assembled into trading blocks and IOTP Messages § IOTP messages are exchanged as XML documents between Trading Roles 7 Matwin 1999
Internet Commerce Technologies OTP message structure Trans. Ref. Block contains a globally unique id for the IOTP transaction Ea. Block has an id unique within transaction Combin. Of the two uniquely identifies any Trading Block or component 8 Matwin 1999
Internet Commerce Technologies IOTP Transactions (incomplete) § Purchase (offer, pmnt, [delivery]) § Refund (result of prev. purchase) § Value exchange: of one currency and method of pmnt to another 9 Matwin 1999
Internet Commerce Technologies IOTP Transactions (incomplete) § Withdrawal (electronic, of cash from a financial institution) § Deposit § Inquiry § Ping 10 Matwin 1999
Internet Commerce Technologies IOTP message 11 <!ELEMENT Otp. Message (Trans. Ref. Blk, Sig. Blk? , Error. Blk? , ( Auth. Req. Blk | Auth. Resp. Blk | This contains information which Delivery. Req. Blk | describes an IOTP Message within Delivery. Resp. Blk | an IOTP Transaction Inquiry. Req. Blk | Inquiry. Resp. Blk | Offer. Resp. Blk | Pay. Exch. Blk | Pay. Req. Blk | Pay. Inst. CCExch. Blk | Pay. Inst. CCReq. Blk | Trading block-depends Pay. Inst. CCResp. Blk on the type of OTP Pay. Resp. Blk | transaction Ping. Req. Blk | Ping. Resp. Blk | Tpo. Selection. Blk | )* ) > Matwin 1999
Internet Commerce Technologies Transf. Ref. Blk and Trans. Id <!ELEMENT Trans. Ref. Blk (Trans. Id, Msg. Id, Related. To*) > <!ATTLIST Trans. Ref. Blk ID ID #REQUIRED > <!ELEMENT Trans. Id EMPTY> <!ATTLIST Trans. Id ID ID #REQUIRED Version NMTOKEN #FIXED '1. 0' Otp. Trans. Id NMTOKEN #REQUIRED Otp. Trans. Type CDATA #REQUIRED > Trans. Time. Stamp CDATA #REQUIRED > 12 Matwin 1999
Internet Commerce Technologies Error handling § Errors are bound to occur § Technical errors: independent of the meaning of the msg § The kind of error is indicated by the code, part of XML specs § Handled via § Retrying transmission § Cancelling transaction 13 Matwin 1999
Internet Commerce Technologies Business errors § § 14 Connected with particular process Insufficient funds – pmnt Back order – delivery Must be presented to the user for decision Matwin 1999
Internet Commerce Technologies OTP security § Use of digital signatures § Signatures are components § Hash one or more components or trading blocks § Identify § Who signed § Who should verify 15 Matwin 1999
Internet Commerce Technologies Signature hashing 16 Matwin 1999
Internet Commerce Technologies Signatures cont’d § two organizations might use cryptography only understood by them – symmetric cryptography (DES) § The same cryptography might be used by several Trading Roles – asymmetric cryptography § One transaction might involve both kinds § Signatures are optional 17 Matwin 1999
Internet Commerce Technologies Trading components § § § § 18 Protocol Options Component Authentication Data Component Authentication Response Component Order Component … Pmnt component Sig component … Matwin 1999
Internet Commerce Technologies Order component <!ELEMENT Order (Packaged. Content? ) ><!ATTLIST Order ID ID #REQUIRED xml: lang NMTOKEN #REQUIRED Order. Identifier. CDATA #REQUIRED Short. Desc CDATA #REQUIRED Ok. From CDATA #REQUIRED Ok. To CDATA #REQUIRED Applicable. Law CDATA #REQUIRED Content. Software. Id CDATA #IMPLIED > timestamps 19 Matwin 1999
Internet Commerce Technologies Organisation component <!ELEMENT Org (Trading. Role+, Domain name Contact. Info? , Person. Name? , For Trading Postal. Address? )> roles other than <!ATTLIST Org Consumer ID ID #REQUIRED xml: lang NMTOKEN #REQUIRED Org. Id CDATA #REQUIRED Otp. Msg. Id. Prefix NMTOKEN #REQUIRED Legal. Name CDATA #IMPLIED Short. Desc CDATA #IMPLIED Logo. Net. Locn CDATA #IMPLIED > 20 Matwin 1999
Internet Commerce Technologies Payment component IDs the Trading Role that sends the Payment Request Block containing the Payment Component to Payment Handler <!ELEMENT Payment (Packaged. Content? ) > <!ATTLIST Payment ID ID #REQUIRED Ok. From CDATA #REQUIRED Ok. To CDATA #REQUIRED Brand. List. Ref NMTOKEN #REQUIRED Signed. Pay. Receipt ('True'|'False') #REQUIRED Auth. Data. Ref NMTOKEN #IMPLIED Start. After NMTOKENS #IMPLIED > 21 Matwin 1999
Internet Commerce Technologies Trading Blocks § Part of def of IOTP message (see p. 8) § Have to do with (among others) § § § 22 Authentication Delivery Offer response Error Pmnt Signature Matwin 1999
Internet Commerce Technologies Payment request block Contains success/failure status Of the steps (Offer Response or Pmnt Response) Is there to be authentication W/pmnt? If yes, provide info How it will occur <!ELEMENT Pay. Req. Blk (Status+, Auth. Data? , Brand. List, Brand. Selection, Payment, Pmnt brands and protocols Pay. Scheme. Data? , Org*, That may be used Payment see Trading. Role. Data*) > The Payment component p. 21 <!ATTLIST Pay. Req. Blk ID ID #REQUIRED > 23 Matwin 1999
Internet Commerce Technologies Brand list component 24 <Brand. List ID='M 1. 2' XML: Lang='us-en'<Brand ID ='M 1. 6' <Protocol. Amount ID ='M 1. 7' Short. Desc='Purchase ladies coat' Pay. Protocol. Ref='M 1. 10' Pay. Direction='Debit' > <Brand ID Currency. Amount. Refs='M 1. 9' > ='M 1. 3' Brand. Id='MC' <Packaged. Content Brand. Name='Master. Card' Transform="BASE 64"> Brand. Logo. Net. Locn='ftp: . . 238 djqw 1298 erh 18 dhoire Protocol. Amount. Refs='M 1. 7 M 1. 8'> </Packaged. Content> </Brand> </Protocol. Amount> <Brand ID ='M 1. 5' <Currency. Amount ID ='M 1. 9' Brand. Id='MC/British. Airways' Amount='157. 53' Brand. Name='British Airways Curr. Code='USD'/> Master. Card' <Pay. Protocol ID ='M 1. 10' Brand. Logo. Net. Locn='ftp: otplogos. . Protocol. Id='SET 1. 0' Brand. Narrative='Double air miles Protocol. Name='Secure Electronic with British Airways Master. Card' Transaction Version 1. 0' Protocol. Amount. Refs ='M 1. 7 M 1. 8' > Pay. Req. Net. Locn='http: //www… <Packaged. Content </Brand > Transform="BASE 64"> SET pmnt with a loyalty 8 ueu 26 e 482 hd 82 he 82 Brand: BA VISA <Packaged. Content Transform="BASE 64"> USD 157. 53 </Pay. Protocol> (see Standard for SCCD) </Brand. List> Matwin 1999
Internet Commerce Technologies Brand selection Selection of brand from the above list to effect the payment described <Brand. Selection ID=‘M 1. 2' Brand. List. Ref='M 1. 3' Brand. Ref='M 1. 5' Protocol. Amount. Ref='M 1. 7' Currency. Amount. Ref='M 1. 9' > </Brand. Selection> 25 Matwin 1999
Internet Commerce Technologies Big picture § OTP= protocol for Internet commerce, defined in XML § Transactions = exchanges betw. Roles § Exchanges consist of components, assembled into blocks and messages § Messages are XML documents § Messages and parts can be signed with digital signatures § Full XML definition and dig sig definition publicly available 26 Matwin 1999
- Slides: 26