Sending multi-document messages with ASiC New payload in existing infrastructure Challenges Need to send new messages with: Multiple XML documents Multiple documents of all kinds: PDF PNG MP4 Video etc! Message integrity Message authentication Non-repudity Bandwidth requirements Reuse existing infrastructure for transport Multiple files/payloads/”things” BII business document SBDH Attachment Signature Keeping multiple items together is a challenge Direktoratet for forvaltning og IKT Associated Signature Container (AsiC) zip file with certain rules applied Standardized by ETSI European Telecommunications Standards Institute ETSI TS 102 918 v1.3.1 Transport layer agnostic ASiC benefits Provides a portable file system File system is a container Based on “zip” format widely used and available Provides Compression Extendability ETSI std. facilitates Message integrity using checksums (SHA-256) Authentication Non-repudiation Inside the ASiC archive Business document Attachment to business document Table of contents with checksums File holding digital signature The asicmanifest.xml Checksums, digests etc. Examples of check sum: • Last digit in bank account number • Last digit in social security number The checksum The content (input) can not be deduced from the checksum! Chain of trust – digital signature Doc A 7c8fac32.. 8cdc67127a.. asicmanifest.xml Private key 6e8fbc32.. Doc B Cipher Digital signature The digital signature Signs the contents of the “asicmanifest.xml” CMS Advanced Electronic Signature = CAdES Based on Cryptographic Message Syntax (CMS) – RFC5652 Widely used Tools like openssl(1) can be used to sign and verify: openssl cms -verify -in META-INF/signature.p7s \ -inform der -content META-INF/asicmanifest.xml PKI is still going to be a challenge! ASiC implementation Source code: https://github.com/difi/asic Transport layer – out of scope Dato Direktoratet for forvaltning og IKT C1 C4 Document In scope! Document SBDH Message Message Tech. interfaces between C1&C2 and C3&C4 is out of scope. Transport Transport C2 C3 Direktoratet for forvaltning og IKT Oh no!! Where is the SBDH? Direktoratet for forvaltning og IKT ASiC manifest revised The SBDH is also signed and part of the message! The transport layer - proposal Info on embedded document payload is zip file in base64 encoding Sending invoices - comparison The payload vefa-esubmission Creates complete ASiC archives Shared open source component Stand alone Java program Creates ASiC archives SBDH embedded All files are signed Open source on https://github.com/difi/vefa-esubmission SBDH vefa-esubmission and ASiC Message meta data ASiC Meta data Main (Root) XML document (BIS) Attachment SBDH included in ASiC Adheres to UN/CEFACT SBDH TS Uses the WP6 building blocks SBDH Created in C1 Consumed in C4 Including SBDH in ASiC guarantees the availability for C4 SBDH is part of the interoperability agreement between C1 and C4 Dato Direktoratet for forvaltning og IKT Direktoratet for forvaltning og IKT Layered architecture Routable document level package Standard Business Document Header as depcited in UN/CEFACT SBDH TS v1.3 ASiC archive SBDH Document routing info Document Virtual Document Routable message level package Routable document level package SBDH’ Message routing info + + ASiC archive Message SBDH Document routing info Virtual Message Routable transport level package Routable message level package Routable document level package SBDH’’ Transport routing info + SBDH’ + Message routing info + + ASiC archive SBDH Document routing info Transport Physical Transport
© Copyright 2024