1 / 26

Open Trading Protocol OTP

Open Trading Protocol OTP. Interoperable framework for Internet commerce Virtual capability that safely replicates real world: trading events such as offer, pmnt, pmnt receipt, delivery, receipt of goods. + new trading models

christinewright
Télécharger la présentation

Open Trading Protocol OTP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Open Trading Protocol OTP • Interoperable framework for Internet commerce • Virtual capability that safely replicates real world: trading events such as offer, pmnt, pmnt receipt, delivery, receipt of goods. • + new trading models • Any two global parties using OTP-conformant e-commerce process will complete business safely and successfully • Standard available at http://www.ietf.org/internet-drafts/draft-ietf-trade-iotp-v1.0-dsig-03.txt

  2. OTP • Product of an international consortium, including Mondex, SET, CyberCash, DigiCash, VISA, MC, and banks (eg RB and CIBC) • Defined as an XML DTD

  3. OTP: our digest • Roles and exchanges • IOTP messages • Error handling • Security and signatures • Trading components • Trading blocks • The big picture

  4. Roles and exchanges Roles (entities)

  5. Trading exchanges • Offer • Merchant provides consumer with reason for the trade. Consumer must accept the offer • Payment • In either direction between the consumer and the payment handler • Delivery • Transmits on-line goods or delivery info about physical goods from delivery handler to consumer • Authentication • Ant trading role can authenticate any other role Trading Exchanges =exchanges of data between trading roles

  6. Trading exchanges • Any IOTP transactions consist of the above exchanges, e.g. IOTP purchase includes Offer, Payment, Delivery • Exchanges consist of components, transmitted between various trading roles • Components are packed, e.g, IOTP purchase combines Delivery Organization Component with the Offer Response Component

  7. Protocol structure • Trading components are assembled into trading blocks and IOTP Messages • IOTP messages are exchanged as XML documents between Trading Roles

  8. OTP message structure Trans. Ref. Block contains a globally unique id for the IOTP transaction Ea. Block has an id unique within transaction Combin. Of the two uniquely identifies any Trading Block or component

  9. IOTP Transactions (incomplete) • Purchase (offer, pmnt, [delivery]) • Refund (result of prev. purchase) • Value exchange: of one currency and method of pmnt to another

  10. IOTP Transactions (incomplete) • Withdrawal (electronic, of cash from a financial institution) • Deposit • Inquiry • Ping

  11. IOTP message <!ELEMENT OtpMessage (TransRefBlk, SigBlk?, ErrorBlk?, ( AuthReqBlk | AuthRespBlk | DeliveryReqBlk | DeliveryRespBlk | InquiryReqBlk | InquiryRespBlk | OfferRespBlk | PayExchBlk | PayReqBlk | PayInstCCExchBlk | PayInstCCReqBlk | PayInstCCRespBlk PayRespBlk | PingReqBlk | PingRespBlk | TpoBlk | TpoSelectionBlk | )* ) > This contains information which describes an IOTP Message within an IOTP Transaction This contains information which describes an IOTP Message within an IOTP Transaction Trading block-depends on the type of OTP transaction

  12. TransfRefBlk and TransId <!ELEMENT TransRefBlk (TransId, MsgId, RelatedTo*) > <!ATTLIST TransRefBlk ID ID #REQUIRED > <!ELEMENT TransId EMPTY> <!ATTLIST TransId ID ID #REQUIRED Version NMTOKEN #FIXED '1.0' OtpTransId NMTOKEN #REQUIRED OtpTransType CDATA #REQUIRED > TransTimeStamp CDATA #REQUIRED >

  13. Error handling • Errors are bound to occur • Technical errors: independent of the meaning of the msg • The kind of error is indicated by the code, part of XML specs • Handled via • Retrying transmission • Cancelling transaction

  14. Business errors • Connected with particular process • Insufficient funds – pmnt • Back order – delivery • Must be presented to the user for decision

  15. OTP security • Use of digital signatures • Signatures are components • Hash one or more components or trading blocks • Identify • Who signed • Who should verify

  16. Signature hashing

  17. Signatures cont’d • two organizations might use cryptography only understood by them – symmetric cryptography (DES) • The same cryptography might be used by several Trading Roles – asymmetric cryptography • One transaction might involve both kinds • Signatures are optional

  18. Trading components • Protocol Options Component • Authentication Data Component • Authentication Response Component • Order Component • … • Pmnt component • Sig component • …

  19. Order component <!ELEMENT Order (PackagedContent?) ><!ATTLIST Order ID ID #REQUIRED xml:lang NMTOKEN #REQUIRED OrderIdentifierCDATA #REQUIRED ShortDesc CDATA #REQUIRED OkFrom CDATA #REQUIRED OkTo CDATA #REQUIRED ApplicableLaw CDATA #REQUIRED ContentSoftwareId CDATA #IMPLIED > timestamps

  20. Organisation component Domain name For Trading roles other than Consumer <!ELEMENT Org (TradingRole+, ContactInfo?, PersonName?, PostalAddress?)> <!ATTLIST Org ID ID #REQUIRED xml:lang NMTOKEN #REQUIRED OrgId CDATA #REQUIRED OtpMsgIdPrefix NMTOKEN #REQUIRED LegalName CDATA #IMPLIED ShortDesc CDATA #IMPLIED LogoNetLocn CDATA #IMPLIED >

  21. Payment component IDs the Trading Role that sends the Payment Request Block containing the Payment Component to Payment Handler <!ELEMENT Payment (PackagedContent?) > <!ATTLIST Payment ID ID #REQUIRED OkFrom CDATA #REQUIRED OkTo CDATA #REQUIRED BrandListRef NMTOKEN #REQUIRED SignedPayReceipt ('True'|'False') #REQUIRED AuthDataRef NMTOKEN #IMPLIED StartAfter NMTOKENS #IMPLIED >

  22. Trading Blocks • Part of def of IOTP message (see p.8) • Have to do with (among others) • Authentication • Delivery • Offer response • Error • Pmnt • Signature

  23. Payment request block Contains success/failure status Of the steps (Offer Response or Pmnt Response) Is there to be authentication W/pmnt? If yes, provide info How it will occur <!ELEMENT PayReqBlk (Status+, AuthData?, BrandList, BrandSelection, Payment, PaySchemeData?, Org*, TradingRoleData*) > <!ATTLIST PayReqBlk ID ID #REQUIRED > Pmnt brands and protocols That may be used Payment see The Payment component p. 21

  24. <BrandList ID='M1.2' XML:Lang='us-en' ShortDesc='Purchase ladies coat' PayDirection='Debit' > <Brand ID ='M1.3' BrandId='MC' BrandName='MasterCard' BrandLogoNetLocn='ftp:.. ProtocolAmountRefs='M1.7 M1.8'> </Brand> <Brand ID ='M1.5' BrandId='MC/BritishAirways' BrandName='British Airways MasterCard' BrandLogoNetLocn='ftp:otplogos.. BrandNarrative='Double air miles with British Airways MasterCard' ProtocolAmountRefs ='M1.7 M1.8' > </Brand > <Brand ID ='M1.6' <ProtocolAmount ID ='M1.7' PayProtocolRef='M1.10' CurrencyAmountRefs='M1.9' > <PackagedContent Transform="BASE64"> 238djqw1298erh18dhoire </PackagedContent> </ProtocolAmount> <CurrencyAmount ID ='M1.9' Amount='157.53' CurrCode='USD'/> <PayProtocol ID ='M1.10' ProtocolId='SET1.0' ProtocolName='Secure Electronic Transaction Version 1.0' PayReqNetLocn='http://www… <PackagedContent Transform="BASE64"> 8ueu26e482hd82he82 <PackagedContent Transform="BASE64"> </PayProtocol> </BrandList> Brand list component SET pmnt with a loyalty Brand: BA VISA USD157.53 (see Standard for SCCD)

  25. Brand selection Selection of brand from the above list to effect the payment described <BrandSelection ID=‘M1.2' BrandListRef='M1.3' BrandRef='M1.5' ProtocolAmountRef='M1.7' CurrencyAmountRef='M1.9' > </BrandSelection>

  26. Big picture • OTP= protocol for Internet commerce, defined in XML • Transactions = exchanges betw. Roles • Exchanges consist of components, assembled into blocks and messages • Messages are XML documents • Messages and parts can be signed with digital signatures • Full XML definition and dig sig definition publicly available

More Related