260 likes | 319 Vues
OTP is a virtual capability replicating real-world trading events. It ensures safe completion of business between global parties. This standardized protocol facilitates secure and successful e-commerce processes.
 
                
                E N D
Open Trading Protocol OTP • Interoperable framework for Internet commerce • Virtual capability that safely replicates real world: trading events such as offer, pmnt, pmnt receipt, delivery, receipt of goods. • + new trading models • Any two global parties using OTP-conformant e-commerce process will complete business safely and successfully • Standard available at http://www.ietf.org/internet-drafts/draft-ietf-trade-iotp-v1.0-dsig-03.txt
OTP • Product of an international consortium, including Mondex, SET, CyberCash, DigiCash, VISA, MC, and banks (eg RB and CIBC) • Defined as an XML DTD
OTP: our digest • Roles and exchanges • IOTP messages • Error handling • Security and signatures • Trading components • Trading blocks • The big picture
Roles and exchanges Roles (entities)
Trading exchanges • Offer • Merchant provides consumer with reason for the trade. Consumer must accept the offer • Payment • In either direction between the consumer and the payment handler • Delivery • Transmits on-line goods or delivery info about physical goods from delivery handler to consumer • Authentication • Ant trading role can authenticate any other role Trading Exchanges =exchanges of data between trading roles
Trading exchanges • Any IOTP transactions consist of the above exchanges, e.g. IOTP purchase includes Offer, Payment, Delivery • Exchanges consist of components, transmitted between various trading roles • Components are packed, e.g, IOTP purchase combines Delivery Organization Component with the Offer Response Component
Protocol structure • Trading components are assembled into trading blocks and IOTP Messages • IOTP messages are exchanged as XML documents between Trading Roles
OTP message structure Trans. Ref. Block contains a globally unique id for the IOTP transaction Ea. Block has an id unique within transaction Combin. Of the two uniquely identifies any Trading Block or component
IOTP Transactions (incomplete) • Purchase (offer, pmnt, [delivery]) • Refund (result of prev. purchase) • Value exchange: of one currency and method of pmnt to another
IOTP Transactions (incomplete) • Withdrawal (electronic, of cash from a financial institution) • Deposit • Inquiry • Ping
IOTP message <!ELEMENT OtpMessage (TransRefBlk, SigBlk?, ErrorBlk?, ( AuthReqBlk | AuthRespBlk | DeliveryReqBlk | DeliveryRespBlk | InquiryReqBlk | InquiryRespBlk | OfferRespBlk | PayExchBlk | PayReqBlk | PayInstCCExchBlk | PayInstCCReqBlk | PayInstCCRespBlk PayRespBlk | PingReqBlk | PingRespBlk | TpoBlk | TpoSelectionBlk | )* ) > This contains information which describes an IOTP Message within an IOTP Transaction This contains information which describes an IOTP Message within an IOTP Transaction Trading block-depends on the type of OTP transaction
TransfRefBlk and TransId <!ELEMENT TransRefBlk (TransId, MsgId, RelatedTo*) > <!ATTLIST TransRefBlk ID ID #REQUIRED > <!ELEMENT TransId EMPTY> <!ATTLIST TransId ID ID #REQUIRED Version NMTOKEN #FIXED '1.0' OtpTransId NMTOKEN #REQUIRED OtpTransType CDATA #REQUIRED > TransTimeStamp CDATA #REQUIRED >
Error handling • Errors are bound to occur • Technical errors: independent of the meaning of the msg • The kind of error is indicated by the code, part of XML specs • Handled via • Retrying transmission • Cancelling transaction
Business errors • Connected with particular process • Insufficient funds – pmnt • Back order – delivery • Must be presented to the user for decision
OTP security • Use of digital signatures • Signatures are components • Hash one or more components or trading blocks • Identify • Who signed • Who should verify
Signatures cont’d • two organizations might use cryptography only understood by them – symmetric cryptography (DES) • The same cryptography might be used by several Trading Roles – asymmetric cryptography • One transaction might involve both kinds • Signatures are optional
Trading components • Protocol Options Component • Authentication Data Component • Authentication Response Component • Order Component • … • Pmnt component • Sig component • …
Order component <!ELEMENT Order (PackagedContent?) ><!ATTLIST Order ID ID #REQUIRED xml:lang NMTOKEN #REQUIRED OrderIdentifierCDATA #REQUIRED ShortDesc CDATA #REQUIRED OkFrom CDATA #REQUIRED OkTo CDATA #REQUIRED ApplicableLaw CDATA #REQUIRED ContentSoftwareId CDATA #IMPLIED > timestamps
Organisation component Domain name For Trading roles other than Consumer <!ELEMENT Org (TradingRole+, ContactInfo?, PersonName?, PostalAddress?)> <!ATTLIST Org ID ID #REQUIRED xml:lang NMTOKEN #REQUIRED OrgId CDATA #REQUIRED OtpMsgIdPrefix NMTOKEN #REQUIRED LegalName CDATA #IMPLIED ShortDesc CDATA #IMPLIED LogoNetLocn CDATA #IMPLIED >
Payment component IDs the Trading Role that sends the Payment Request Block containing the Payment Component to Payment Handler <!ELEMENT Payment (PackagedContent?) > <!ATTLIST Payment ID ID #REQUIRED OkFrom CDATA #REQUIRED OkTo CDATA #REQUIRED BrandListRef NMTOKEN #REQUIRED SignedPayReceipt ('True'|'False') #REQUIRED AuthDataRef NMTOKEN #IMPLIED StartAfter NMTOKENS #IMPLIED >
Trading Blocks • Part of def of IOTP message (see p.8) • Have to do with (among others) • Authentication • Delivery • Offer response • Error • Pmnt • Signature
Payment request block Contains success/failure status Of the steps (Offer Response or Pmnt Response) Is there to be authentication W/pmnt? If yes, provide info How it will occur <!ELEMENT PayReqBlk (Status+, AuthData?, BrandList, BrandSelection, Payment, PaySchemeData?, Org*, TradingRoleData*) > <!ATTLIST PayReqBlk ID ID #REQUIRED > Pmnt brands and protocols That may be used Payment see The Payment component p. 21
<BrandList ID='M1.2' XML:Lang='us-en' ShortDesc='Purchase ladies coat' PayDirection='Debit' > <Brand ID ='M1.3' BrandId='MC' BrandName='MasterCard' BrandLogoNetLocn='ftp:.. ProtocolAmountRefs='M1.7 M1.8'> </Brand> <Brand ID ='M1.5' BrandId='MC/BritishAirways' BrandName='British Airways MasterCard' BrandLogoNetLocn='ftp:otplogos.. BrandNarrative='Double air miles with British Airways MasterCard' ProtocolAmountRefs ='M1.7 M1.8' > </Brand > <Brand ID ='M1.6' <ProtocolAmount ID ='M1.7' PayProtocolRef='M1.10' CurrencyAmountRefs='M1.9' > <PackagedContent Transform="BASE64"> 238djqw1298erh18dhoire </PackagedContent> </ProtocolAmount> <CurrencyAmount ID ='M1.9' Amount='157.53' CurrCode='USD'/> <PayProtocol ID ='M1.10' ProtocolId='SET1.0' ProtocolName='Secure Electronic Transaction Version 1.0' PayReqNetLocn='http://www… <PackagedContent Transform="BASE64"> 8ueu26e482hd82he82 <PackagedContent Transform="BASE64"> </PayProtocol> </BrandList> Brand list component SET pmnt with a loyalty Brand: BA VISA USD157.53 (see Standard for SCCD)
Brand selection Selection of brand from the above list to effect the payment described <BrandSelection ID=‘M1.2' BrandListRef='M1.3' BrandRef='M1.5' ProtocolAmountRef='M1.7' CurrencyAmountRef='M1.9' > </BrandSelection>
Big picture • OTP= protocol for Internet commerce, defined in XML • Transactions = exchanges betw. Roles • Exchanges consist of components, assembled into blocks and messages • Messages are XML documents • Messages and parts can be signed with digital signatures • Full XML definition and dig sig definition publicly available