Sending multi-document messages with ASiC

Sending multi-document
messages with ASiC
New payload in existing infrastructure
Challenges
Need to send new
messages with:
Multiple XML
documents
Multiple documents of
all kinds:
PDF
PNG
MP4
Video
etc!
Message integrity
Message
authentication
Non-repudity
Bandwidth
requirements
Reuse existing
infrastructure for
transport
Multiple files/payloads/”things”
BII business
document
SBDH
Attachment
Signature
Keeping multiple items together is a challenge 
Direktoratet for forvaltning og IKT
Associated Signature Container
(AsiC)
zip file with certain rules
applied
Standardized by ETSI
European Telecommunications
Standards Institute
ETSI TS 102 918 v1.3.1
Transport layer agnostic
ASiC benefits
Provides a portable file system
File system is a container
Based on “zip” format
widely used and available
Provides
Compression
Extendability
ETSI std. facilitates
Message integrity using checksums (SHA-256)
Authentication
Non-repudiation
Inside the ASiC archive
Business document
Attachment to business
document
Table of contents with
checksums
File holding digital
signature
The asicmanifest.xml
Checksums, digests etc.
Examples of check sum:
• Last digit in bank account number
• Last digit in social security number
The checksum
The content (input) can not be deduced from the checksum!
Chain of trust – digital signature
Doc A
7c8fac32..
8cdc67127a..
asicmanifest.xml
Private key
6e8fbc32..
Doc B
Cipher
Digital
signature
The digital signature
Signs the contents of the “asicmanifest.xml”
CMS Advanced Electronic Signature = CAdES
Based on Cryptographic Message Syntax (CMS) – RFC5652
Widely used
Tools like openssl(1) can be used to sign and verify:
openssl cms -verify -in META-INF/signature.p7s \
-inform der -content META-INF/asicmanifest.xml
PKI is still going to be a challenge!
ASiC implementation
Source code: https://github.com/difi/asic
Transport layer – out of scope
Dato
Direktoratet for forvaltning og IKT
C1
C4
Document
In
scope!
Document
SBDH
Message
Message
Tech. interfaces between
C1&C2 and C3&C4 is out
of scope.
Transport
Transport
C2
C3
Direktoratet for forvaltning og IKT
Oh no!! Where is
the SBDH?
Direktoratet for forvaltning og IKT
ASiC manifest revised
The SBDH is also signed and part of the message!
The transport layer - proposal
Info on embedded
document
payload is zip file
in base64
encoding
Sending invoices - comparison
The payload
vefa-esubmission
Creates complete ASiC archives
Shared open source component
Stand alone Java program
Creates ASiC archives
SBDH embedded
All files are signed
Open source on https://github.com/difi/vefa-esubmission
SBDH
vefa-esubmission and ASiC
Message meta data
ASiC Meta data
Main (Root) XML
document (BIS)
Attachment
SBDH included in ASiC
Adheres to UN/CEFACT SBDH TS
Uses the WP6 building blocks
SBDH
Created in C1
Consumed in C4
Including SBDH in ASiC guarantees the
availability for C4
SBDH is part of the interoperability agreement
between C1 and C4
Dato
Direktoratet for forvaltning og IKT
Direktoratet for forvaltning og IKT
Layered architecture
Routable document level package
Standard Business Document Header
as depcited in UN/CEFACT SBDH TS v1.3
ASiC archive
SBDH
Document
routing info
Document
Virtual
Document
Routable message level package
Routable document level package
SBDH’
Message
routing
info
+ +
ASiC archive
Message
SBDH
Document
routing info
Virtual
Message
Routable transport level package
Routable message level package
Routable document level package
SBDH’’
Transport
routing
info
+
SBDH’
+
Message
routing
info
+ +
ASiC archive
SBDH
Document
routing info
Transport
Physical
Transport