Post on 11-Jul-2015
transcript
www.peppol.eu
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
PEPPOL
Workshop – SMP and
Identifiers
Martin Forsberg, Ecru ConsultingMikael Aksamit, Tickstar AB
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
The PEPPOL project
Pilot A objective: Enabling EU-wide public eProcurement
50% EU contribution for achieving interoperability
Coordinated by the Norwegian Agency for Public Management
and eGovernment (Difi)
Consortium and scope:
18 beneficiaries from 12 countries
Total budget 30,8 M€
8 work packages, <1.600 person months and 10 M€ on sub-contractors
Project start up: 1 May 2008, duration 48 months*
*Current project duration is 42 months (+6 months extension subject to European Commission's approval)
The PEPPOL project is the result of the European Competitiveness and Innovation Programme (CIP) ICT Policy Support Programme (ICTPSP) 2007 and 2009 Call for Proposals
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
Any supplier (incl. SMEs) in the EU can communicateelectronically with any European contracting authority for all procurement processes.
The PEPPOL Vision
3
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
eProcurement
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974Page 5
Service Metadata
Publisher and
Identifiers
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
How does it work (simplified)?
A URL is build based on the receving partipcant’s ID, and the domain of the PEPPOL central locator
A bit simplified:
http://SE5523222312.sml.peppolcentral.org Points towards registry ABC
Andhttp://DK4723222753.sml.peppolcentral.org Points towards registry XYZ
Exactly as http://mail.ecru.se points the our mail server and http://www.ecru.se points to our web server (located and hosted by different providers)
The URL is built using the same mechanism ALL THE TIME
You only need to know the participant’s identifier to retreive the necessary data for the service that receives the documents
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
And the response from the registry
• The receivers identitier
• Type of supported process
• Type of supported messages (and customizations)
• Type of supported transport protocol/profile
• Technical address where to send to
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
PEPPOL Policy for using Identifiers
Page 8
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
PEPPOL Policy for using Identifiers
Page 9
Party identifiers
Party Ids in START/SMP
<ParticipantIdentifier scheme="iso6523-actorid-
upis”>0088:4035811991014</ParticipantIdentifier>
Party Ids in Messages
<cac:PartyIdentification>
<cbc:ID schemeID="GLN">4035811991014</cbc:ID>
</cac:PartyIdentification>
0088 and GLN are used as examples. The policy for identifiers
document lists a number of schemes inlcuding VAT-numbers, Company
regitration number, IBAN and DUNS.
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
PEPPOL Policy for using Identifiers
Page 10
Document identifiers
Used in SMP to specify what document type a certain service accepts
Informs about the syntax/format, the customization and a version
urn:oasis:names:specification:ubl:schema:xsd:Invoice-
2::Invoice##urn:www.cenbii.eu:transaction:biicoretrdm010:ver1.0:#urn:w
ww.peppol.eu:bis:peppol4a:ver1.0::2.0
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
PEPPOL Policy for using Identifiers
Page 11
Customization
Used in in CEN/BII to specify the contextualization/customization of a certain
document. A stand alone invoice may differ content-wise from an integrated
procurement invoice.
urn:www.cenbii.eu:transaction:biicoretrdm010:ver1.0:#urn:www.peppol.
eu:bis:peppol4a:ver1.0
urn:oasis:names:specification:ubl:schema:xsd:Invoice-
2::Invoice##urn:www.cenbii.eu:transaction:biicoretrdm010:ver1.0:#urn:w
ww.peppol.eu:bis:peppol4a:ver1.0::2.0
The transaction datamodel (the allowed business terms and rules)
Optional extension to the rules
Version of the customization
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
PEPPOL Policy for using Identifiers
Page 12
Remember this
• The receiving party publishes what documents it supports
• The sender must make sure that the actual instance corresponds to the
supported type
• Many implementations may implement the DocumentIdentifier as a string-
constant without actually using all the ”hidden” information
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
Service Metadata
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
PEPPOL Policy for using Identifiers
Page 14
Process id
• The CEN/BII profile that is supported
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974Page 15
Considerations
when developing a
Service Metadata
Publisher (SMP)
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
The PEPPOL Infrastructure
Service Metadata Locator (SML)
Central part of the PEPPOL Infrastructure, hosted and
managed by the consortium
DNS-based resolve of participant identifiers, to locate a
participants related SMP, 1-To-1 relation.
Provides an interface to associate/deassociate participants
with SMPs
Service Metadata Publisher (SMP)
Provides detailed information about participants
- What documents/processes are supported
- To which endpoint (URLs) supported documents should
be propagated
Anyone can host a SMP, but a provider agreement with a
PEPPOL Regional Authority is necessary
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
SML, a DNS for participants
17
peppolcentral.org. 3600 IN SOA cna-gdwi-1.cna.at. postmaster.brz.gv.at. 2011012776 28800 600 604800 3600 peppolcentral.org. 3600 IN SOA cna-gdwi-1.cna.at. postmaster.brz.gv.at. 2011012776 28800 600 604800 3600 peppolcentral.org. 3600 IN NS cna-gdwi-0.cna.at. peppolcentral.org. 3600 IN NS cna-gdwi-1.cna.at. peppolcentral.org. 3600 IN NS cna-gdwi-2.cna.at.SMP-A.publisher.smk.peppolcentral.org. 60 IN CNAME smp.operator-a.com.SMP-B.publisher.smk.peppolcentral.org. 60 IN CNAME smp.operator-b.com.sml.peppolcentral.org. 3600 IN A 85.158.225.35B-0213d984bf3e26bd8bda07d3f72ce332.iso6523-actorid-upis.sml.peppolcentral.org. 60 IN CNAME SMP-A.publisher.sml.peppolcentral.org. B-ae58dc2c699074f5a9372bd4a370a273.iso6523-actorid-upis.sml.peppolcentral.org. 60 IN CNAME SMP-A.publisher.sml.peppolcentral.org. B-038a6525af983a75f2464b23edaffa4a.iso6523-actorid-upis.sml.peppolcentral.org. 60 IN CNAME SMP-A.publisher.sml.peppolcentral.org. B-0621fcb1d51291d65457faed865232ab.iso6523-actorid-upis.sml.peppolcentral.org. 60 IN CNAME SMP-B.publisher.sml.peppolcentral.org. B-0a1bf1d993368464abfb2463c9cbfd16.iso6523-actorid-upis.sml.peppolcentral.org. 60 IN CNAME SMP-B.publisher.sml.peppolcentral.org. B-0b4ecd34d27d36220157e869b4dda29c.iso6523-actorid-upis.sml.peppolcentral.org. 60 IN CNAME SMP-B.publisher.sml.peppolcentral.org.
Entries in SML:
Each entry MUST be unique
Participant Identifiers are hashed
SMP must be registered in SML
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
Locating the SMP
1. Recipient: SE1122334455 (ISO 6523)
2. Participant Identifier: 0007:SE1122334455
3. Form of SMP-Lookup URL:
http://<hash of participant id>.<schema id>.<sml domain>
4. Hash:
0007:SE1122334455 MD5 ae58dc2c699074f5a9372bd4a370a273
5. Actual URL:http://B-ae58dc2c699074f5a9372bd4a370a273.iso6523-actorid-upis.sml.peppolcentral.org
6. Resolves to:
smp.operator-a.com
...SMP-A.publisher.smk.peppolcentral.org. 60 IN CNAME smp.operator-a.com....B-ae58dc2c699074f5a9372bd4a370a273.iso6523-actorid-upis.sml.peppolcentral.org. 60 IN CNAME SMP-A.publisher.sml.peppolcentral.org. ...
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
Known pitfall with hashing of participants
Page 19
The MD5 hash-algorithm is case sensitive
0007:se1122334455 produces:
ae58dc2c699074f5a9372bd4a370a273
Correct
0007:SE1122334455 produces:
62c82af5bdc937c6fe55c1ff6bea19e1
Incorrect!
Always use lower case letters in alphanumeric identifiers when
calculating hashes in the PEPPOL infrastructure.
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
Access of SMP resources
Page 20
When the location of an SMP has been determined through an
SML-Lookup, the process can then continue by querying the
services provided by the resolved SMP.
SMP Provides:
REST-based interface for retrieving participant information
Two types of services/resources MUST be defined:
ServiceGroup
SignedServiceMetadata
Redirect functionality for multiple associations of a participant
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
Access of SMP resources
Page 21
ServiceGroup
URI
/{identifier schema}::{participant identifier}
Request MUST be percent encoded
HTTP GET
e.g.: /iso6523-actorid-upis%3A%3A0007%3ASE1122334455
SignedServiceMetadata
URI
/{identifier schema}::{participant identifier}/services/{doc type}
Request MUST be percent encoded
HTTP GET
e.g.: /iso6523-actorid-upis%3A%3A0007%3ASE1122334455/services/busdox-docid-
qns%3A%3Aurn%3Aoasis%3Anames%3Aspecification%3Aubl%3Aschema%3Axsd%3AOrder-
2%3A%3AOrder%23%23urn%3Awww.cenbii.eu%3Atransaction%3Abiicoretrdm001%3Aver1.0%3A%23urn%3Aw
ww.peppol.eu%3Abis%3Apeppol6a%3Aver1.0%3A%3A2.0
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
ServiceGroup
Page 22
The ServiceGroup service provides information about all
services associated with a specific participant identifier that is
handled by the SMP.
Presents a list of references to SignedServiceMetadata resources
Pseudo response:
<ServiceGroupType><ParticipantIdentifier scheme="iso6523-actorid-
upis">0007:SE1122334455</ParticipantIdentifier><ns2:ServiceMetadataReferenceCollection>
<ns2:ServiceMetadataReference href=”..."/><ns2:ServiceMetadataReference href=”..."/>
</ns2:ServiceMetadataReferenceCollection><ServiceGroupType>
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
ServiceGroup
Page 23
Actual response:
ServiceMetadataReference URI points to resource for
SignedServiceMetadata
<ns2:ServiceGroupType xmlns="http://busdox.org/transport/identifiers/1.0/" xmlns:ns2="http://busdox.org/serviceMetadata/publishing/1.0/" xmlns:ns3="http://www.w3.org/2005/08/addressing" xmlns:ns4="http://www.w3.org/2000/09/xmldsig#"><ParticipantIdentifier scheme="iso6523-actorid-upis"> 0007:SE1122334455</ParticipantIdentifier><ns2:ServiceMetadataReferenceCollection>
<ns2:ServiceMetadataReference href="http://B-ae58dc2c699074f5a9372bd4a370a273.iso6523-actorid-upis.sml.peppolcentral.org/iso6523-actorid-upis%3A%3A0007%3ASE1122334455/services/busdox-docid-qns%3A%3Aurn%3Aoasis%3Anames%3Aspecification%3Aubl%3Aschema%3Axsd%3AOrder-2%3A%3AOrder%23%23urn%3Awww.cenbii.eu%3Atransaction%3Abiicoretrdm001%3Aver1.0%3A%23urn%3Awww.peppol.eu%3Abis%3Apeppol6a%3Aver1.0%3A%3A2.0"/>
<ns2:ServiceMetadataReference href="http://B-ae58dc2c699074f5a9372bd4a370a273.iso6523-actorid-upis.sml.peppolcentral.org/iso6523-actorid-upis%3A%3A0007%3ASE1122334455/services/busdox-docid-qns%3A%3Aurn%3Aoasis%3Anames%3Aspecification%3Aubl%3Aschema%3Axsd%3AInvoice-2%3A%3AInvoice%23%23urn%3Awww.cenbii.eu%3Atransaction%3Abiicoretrdm010%3Aver1.0%3A%23urn%3Awww.peppol.eu%3Ab
is%3Apeppol6a%3Aver1.0%3A%3A2.0"/></ns2:ServiceMetadataReferenceCollection>
</ns2:ServiceGroupType>
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
SignedServiceMetadata
Page 24
The SignedServiceMetadata service provides information about
electronic services supported by a recipient. It associates a
participant identifier with the ability to receive a specific
document type over a specific transport protocol.
Provides details about service
Means of redirection is another SMP handles this service
Response contains a private signature
Pseudo response:<SignedServiceMetadataType>
<ServiceMetadata><ServiceInformation>
<ParticipantIdentifier /><DocumentIdentifier /><ProcessList>
<Process/></ProcessList>
</ServiceInformation></ServiceMetadata><Signature />
</SignedServiceMetadataType>
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
SignedServiceMetadata - ServiceMetadataType
Page 25
<ServiceMetadata><ServiceInformation><ParticipantIdentifier scheme="iso6523-actorid-upis">0007:SE1122334455</ParticipantIdentifier><DocumentIdentifier scheme="busdox-docid-qns">urn:oasis:names:specification:ubl:schema:xsd:Order-
2::Order##urn:www.cenbii.eu:transaction:biicoretrdm001:ver1.0:#urn:www.peppol.eu:bis:peppol6a:ver1.0::2.0</DocumentIdentifier>
<ProcessList><Process><ProcessIdentifier scheme="cenbii-procid-ubl">urn:www.cenbii.eu:profile:bii06:ver1.0</ProcessIdentifier><ServiceEndpointList><Endpoint transportProfile="busdox-transport-start"><EndpointReference><Address>https://startap-operator-a.com/accesspointService</Address>
</EndpointReference><RequireBusinessLevelSignature>false</RequireBusinessLevelSignature><MinimumAuthenticationLevel>1</MinimumAuthenticationLevel><ServiceActivationDate>2010-12-18Z</ServiceActivationDate><ServiceExpirationDate>2012-12-31Z</ServiceExpirationDate><Certificate>MII...</Certificate><ServiceDescription>Operator A PEPPOL Start AP</ServiceDescription><TechnicalContactUrl>servicecenter@operator-a.com</TechnicalContactUrl><TechnicalInformationUrl>http://www.operator-a.com</TechnicalInformationUrl>
</Endpoint></ServiceEndpointList>
</Process></ProcessList>
</ServiceInformation></ServiceMetadata>
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
SignedServiceMetadata - SignatureType
Page 26
<Signature><SignedInfo>...</SignedInfo><SignatureValue>MLU...</SignatureValue><KeyInfo><X509Data><X509SubjectName>CN=SMP,O=Operator_A,C=SE</X509SubjectName><X509Certificate>MII...</X509Certificate>
</X509Data></KeyInfo>
</Signature>
ServiceMetadataType
Endpoint Certificate refers to expected public key at AP
SignatureType
Authenticates the SMP response
The certificate itself is also signed
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
Regular SMP-Lookup sequence
Page 27
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
SMP supports redirects
Page 28
SML can only have one entry per participant identifier
The SMP in the SML is the “owner” of the participant
A participant can be associated to multiple SMPs
SML does not track this
Owning SMP needs to know all other SMPs
Owning SMP redirects requests to relevant SMP
Only one degree of redirect allowed
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
SMP supports redirects
Page 29
SMP Redirect in SignedServiceMetadata response:
<SignedServiceMetadata>
<ServiceMetadata>
<Redirect xmlns="http://busdox.org/serviceMetadata/publishing/1.0/"
href="http://smp.operator-b.com/iso6523-actorid-
upis%3A%3A0007%3ASE1122334455/services/busdox-docid-
qns%3A%3Aurn%3Aoasis%3Anames%3Aspecification%3Aubl%3Aschema%
3Axsd%3AOrder-
2%3A%3AOrder%23%23urn%3Awww.cenbii.eu%3Atransaction%3Abiicoretrd
m001%3Aver1.0%3A%23urn%3Awww.peppol.eu%3Abis%3Apeppol6a%3Ave
r1.0%3A%3A2.0">
<CertificateUID>PID:9208-2001-3-279815395</CertificateUID>
</Redirect>
</ServiceMetadata>
<Signature />
</SignedServiceMetadata>
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
SMP-Lookup sequence with redirect
Page 30
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
SMP HTTP Codes
Page 31
ServiceGroup
HTTP 200, for all successful requests
HTTP 404, if participant does not exist in SMP
HTTP 500, for internal server errors
SignedServiceMetadata
HTTP 200, for all successful requests
HTTP 404, if participant does not exist in SMP
HTTP 500, for internal server errors
HTTP 3XX for redirects should not be used. Use SMP redirect
element in response.
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974
Hosting of SMP
Page 32
SMP service MUST resolve to a valid hostname
SMP/Hostname MUST be registered in SML
SMP service MUST be deployed in root web context
SMP service MUST run on port 80
SMP service MUST NOT use TLS or SSL
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974Page 33
Questions…
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No 224974www.peppol.eu
eProcurementwithout borders in Europe
www.peppol.eu