Electronic business eXtensible Markup Language (ebXML)

This document describes the AS4 Profile, which provides a subset of the functionality of ISO 15000‑1:2021, along with implementation guidelines based on the "just-enough" design principles and electronic data interchange functional requirements to trim down ISO 15000-1:2021 into a more simplified specification for web services business-to-business messaging. It specifies: - three conformance profiles of ISO 15000-1:2021 (see Clause 4); - a number of AS4 additional features (see Clause 5); - complementary requirements for the AS4 multi-hop profile (see Clause 6); - AS4 usage profile of ISO 15000-1:2021 (see Clause 7); - definitions of conformance (see Clause 8). Annex A provides some sample messages to support implementation. Annex B provides a sample XSLT stylesheet to generate an AS4 receipt. This document is applicable to all types of organizations (e.g., commercial enterprises, government agencies, not-for-profit organizations) that exchange documents or data electronically using messaging.

Titre manque

General Information

Status
Published
Publication Date
14-Feb-2021
Current Stage
5060 - Close of voting Proof returned by Secretariat
Start Date
06-Jan-2021
Completion Date
06-Jan-2021
Ref Project

Buy Standard

Standard
ISO 15000-2:2021 - Electronic business eXtensible Markup Language (ebXML)
English language
56 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
ISO/PRF 15000-2:Version 19-dec-2020 - Electronic business eXtensible Markup Language (ebXML)
English language
56 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO
STANDARD 15000-2
First edition
2021-02
Electronic business eXtensible
Markup Language (ebXML) —
Part 2:
Applicability Statement (AS) profile of
ebXML messaging service
Reference number
ISO 15000-2:2021(E)
ISO 2021
---------------------- Page: 1 ----------------------
ISO 15000-2:2021(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2021

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2021 – All rights reserved
---------------------- Page: 2 ----------------------
ISO 15000-2:2021(E)
Contents

Foreword ............................................................................................................................................................................................. vi

Introduction ..................................................................................................................................................................................... vii

1 Scope ............................................................................................................................................................................................ 1

2 Normative references ........................................................................................................................................................... 2

3 Terms and definitions ........................................................................................................................................................... 4

4 AS4 conformance profiles for ISO 15000-1:2021 ..................................................................................................... 5

4.1 General ............................................................................................................................................................................. 5

4.2 The AS4 ebHandler conformance profile ........................................................................................................... 5

4.2.1 General ................................................................................................................................................................... 5

4.2.2 Feature set ............................................................................................................................................................ 5

4.2.3 WS-I conformance profiles ............................................................................................................................ 8

4.2.4 Processing mode parameters ....................................................................................................................... 8

4.3 The AS4 light client conformance profile ........................................................................................................ 10

4.3.1 General ................................................................................................................................................................ 10

4.3.2 Feature set ......................................................................................................................................................... 11

4.3.3 WS-I conformance requirements ............................................................................................................. 13

4.3.4 Processing mode parameters .................................................................................................................... 13

4.4 The AS4 minimal client conformance profile ................................................................................................ 15

4.4.1 General ................................................................................................................................................................ 15

4.4.2 Feature set ......................................................................................................................................................... 15

4.4.3 WS-I conformance requirements ............................................................................................................. 16

4.4.4 Processing mode parameters .................................................................................................................... 18

4.5 Conformance profiles compatibility .................................................................................................................. 19

5 AS4 additional features ..................................................................................................................................................... 21

5.1 General .......................................................................................................................................................................... 21

5.2 Compression ............................................................................................................................................................... 21

5.3 Reception awareness features and duplicate detection ............................................................................ 23

5.4 Alternative pull authorization ............................................................................................................................. 24

5.5 Semantics of receipt in AS4 ................................................................................................................................... 24

5.6 Sub-channels for message pulling ...................................................................................................................... 25

5.7 Additional features errors ..................................................................................................................................... 26

6 Complementary requirements for the AS4 multi-hop profile ........................................................................... 27

6.1 General .......................................................................................................................................................................... 27

6.2 Rationale and context .............................................................................................................................................. 27

© ISO 2021 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO 15000-2:2021(E)

6.3 General constraints .................................................................................................................................................. 28

6.4 Processing mode parameter ................................................................................................................................. 29

6.5 AS4 endpoint requirements .................................................................................................................................. 29

7 AS4 usage profile of ISO 15000-1 ................................................................................................................................. 31

7.1 General .......................................................................................................................................................................... 31

7.2 AS4 usage rules .......................................................................................................................................................... 31

7.2.1 Core components / modules to be used................................................................................................ 31

7.2.2 Bundling rules .................................................................................................................................................. 32

7.2.3 Security element ............................................................................................................................................. 33

7.2.4 Signing messages ............................................................................................................................................ 33

7.2.5 Signing SOAP with attachments messages ........................................................................................... 34

7.2.6 Encrypting messages .................................................................................................................................... 34

7.2.7 Encrypting SOAP with attachments messages ................................................................................... 35

7.2.8 Generating receipts ........................................................................................................................................ 35

7.2.9 MIME header and filename information ............................................................................................... 37

7.3 AS4 usage agreements ............................................................................................................................................ 37

7.3.1 General ................................................................................................................................................................ 37

7.3.2 AS4 usage agreement parameters ........................................................................................................... 37

7.3.3 Controlling content and sending of receipts ....................................................................................... 37

7.3.4 Error handling options ................................................................................................................................. 38

7.3.5 Securing the pull request ............................................................................................................................ 39

7.3.6 Reception awareness parameters ............................................................................................................ 41

7.3.7 Default values of some P-Mode parameters ........................................................................................ 41

7.3.8 HTTP confidentiality and security........................................................................................................... 42

7.3.9 Deployment and processing requirements for CPAs ....................................................................... 43

7.3.10 Message payload and flow profile ........................................................................................................... 43

7.3.11 Additional deployment or operational requirements ..................................................................... 44

8 Conformance statements ................................................................................................................................................. 45

8.1 General .......................................................................................................................................................................... 45

8.2 AS4 ebHandler conformance ................................................................................................................................ 45

8.3 AS4 light client conformance................................................................................................................................ 45

8.4 AS4 minimal client conformance ........................................................................................................................ 46

8.5 AS4 minimal sender conformance ..................................................................................................................... 46

8.6 AS2/AS4 ebHandler conformance ..................................................................................................................... 46

8.7 AS4 multi-hop endpoint conformance ............................................................................................................. 46

iv © ISO 2021 – All rights reserved
---------------------- Page: 4 ----------------------
ISO 15000-2:2021(E)

Annex A (informative) Sample messages.................................................................................................................... 47

Annex B (informative) Generating an AS4 receipt ................................................................................................. 52

Bibliography ..................................................................................................................................................................................... 55

© ISO 2021 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO 15000-2:2021(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO

collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see

www.iso.org/iso/foreword.html.

This document was prepared by the OASIS ebXML Messaging Services Technical Committee (as “OASIS

AS4 Profile of ebMS 3.0 Version 1.0”) and drafted in accordance with its editorial rules. It was assigned

to Technical Committee ISO/TC 154, Processes, data elements and documents in commerce, industry and

administration and adopted under the "fast-track procedure".
A list of all parts in the ISO 15000 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www.iso.org/members.html.
vi © ISO 2021 – All rights reserved
---------------------- Page: 6 ----------------------
ISO 15000-2:2021(E)
Introduction

Historically, the platform for mission-critical business-to-business (B2B) transactions has steadily

moved from proprietary value-added networks (VANs) to Internet-based protocols free from the data

transfer fees imposed by the VAN operators. This trend has been accelerated by lower costs and product

ownership, a maturing of technology, internationalization, widespread interoperability, and

marketplace momentum. The exchange of electronic data interchange (EDI) business documents over

the Internet has substantially increased along with a growing presence of extensible markup language

(XML) and other document types such as binary and text files.

The Internet messaging services standards that have emerged provide a variety of options for end users

to consider when deciding which standard to adopt. These include pre-Internet protocols, the EDIINT

series of IETF RFC 3355 AS1, IETF RFC 4130 AS2 and IETF RFC 4823 AS3, simple XML over hypertext

transport protocol (HTTP), government specific frameworks, OASIS ebXML messaging (ebMS) 2.0, and

web services variants. As Internet messaging services standards have matured, new standards are

emerging that leverage prior B2B messaging services knowledge for applicability to web services

messaging.

The emergence of the OASIS ebMS 3.0 Standard, now ISO 15000-1:2021, represents a leap forward in

Web Services B2B messaging services by meeting the challenge of composing many web services

standards into a single comprehensive specification for defining the secure and reliable exchange of

documents using web services. ISO 15000-1:2021 composes the fundamental web services standards

W3C SOAP 1.1, W3C SOAP 1.2, W3C SOAP with Attachments, OASIS WS-Security 1.0 and 1.1, W3C WS-

Addressing, and the OASIS reliable messaging standards WS-Reliability 1.1 and WS-ReliableMessaging -

currently at version 1.2, together with guidance for the packaging of messages and receipts along with

definitions of messaging choreographies for orchestrating document exchanges.

Like AS2, ISO 15000-1:2021 brings together many existing standards that govern the packaging,

security, and transport of electronic data under the umbrella of a single specification document. While

ISO 15000-1:2021 represents a leap forward in reducing the complexity of web services B2B messaging,

the specification still contains numerous options and comprehensive alternatives for addressing a

variety of scenarios for exchanging data over a web services platform.

In order to fully take advantage of the AS2 success story, this profile of ISO 15000-1:2021 has been

developed. Using ISO 15000-1:2021 as a base, a subset of functionality has been defined along with

implementation guidelines adopted based on the “just-enough” design principles and AS2 functional

requirements to trim down ISO 15000-1:2021 into a more simplified and AS2-like specification for web

services B2B messaging. The main benefits of AS4 compared to AS2 are:
● compatibility with web services standards;
● message pulling capability;
● a built-in receipt mechanism.

AS4 also provides a minimal client conformance profile that supports data exchanges that have lower-

end requirements and do not require (the equivalent of) some of the more advanced capabilities of AS2

and ISO 15000-1:2021, such as support for multiple payloads, message receipts and signing or

encryption of messages and receipts.
© ISO 2021 – All rights reserved vii
---------------------- Page: 7 ----------------------
ISO 15000-2:2021(E)
Profiling ISO 15000-1:2021 means:

● defining a subset of ISO 15000-1:2021 options to be supported by the AS4 handler;

● deciding which types of message exchanges shall be supported, and how these exchanges should

be conducted (level of security, binding to HTTP, etc.);

● deciding of AS4-specific message contents and practices (how to make use of the ebMS message

header fields, in an AS4 context);
● deciding of some operational best practices, for the end-user.
The overall goal of a profile for a standard is to ensure interoperability by:

● establishing particular usage and practices of the standard within a community of users;

● defining the subset of features in this document that needs to be supported by an

implementation.

Two kinds of profiles are usually considered when profiling an existing standard:

1. Conformance profiles. These define the different ways a product can conform to a standard,

based on specific ways to implement this document. A conformance profile is usually associated

with a specific conformance statement. Conformance profiles are of prime interest for product

managers and developers: they define a precise subset of features to be supported.

2. Usage profiles (also called deployment profiles). These define how a standard should be used

by a community of users, in order to ensure best compatibility with business practices and

interoperability. Usage profiles are of prime interest for IT end-users: they define how to

configure the use of a standard (and related product) as well as how to bind this document to

business applications. A usage profile usually points at required or compatible conformance

profile(s).
AS4 is defined as a combination of:

● three primary AS4 conformance profiles (see Clause 4) that define three subsets of

ISO 15000-1:2021 features, at least one of which is to be supported by an AS4 implementation;

● a set of additional features (see Clause 5);

● an optional complementary conformance profile (see Clause 6) that specifies how to use AS4

endpoints with ISO 15000-1:2021 intermediaries. This is based on a simplified subset of the

multi-hop messaging feature defined in the ebMS 3.0 Part 2, Advanced Features specification;

● an AS4 usage profile (see Clause 7) that defines how to use an AS4-compliant implementation in

order to achieve similar functions as specified in AS2.
The three primary AS4 conformance profiles (CP) are the following:

(1) The AS4 ebHandler CP. This conformance profile supports both sending and receiving roles,

and for each role both message pushing and message pulling;

(2) The AS4 light client CP. This conformance profile supports both sending and receiving roles,

but only message pushing for sending and message pulling for receiving. In other words, it does

not support incoming HTTP requests, and may have no fixed IP address.
viii © ISO 2021 – All rights reserved
---------------------- Page: 8 ----------------------
ISO 15000-2:2021(E)

(3) The AS4 minimal client CP. Like the light client CP, this conformance profile does not support

the push transport channel binding for the receiving role and therefore does not require HTTP

server capabilities. As its name indicates, this CP omits all but a minimal set of features.

Compatible existing conformance profiles for ISO 15000-1:2021 are the following:

● Gateway RM V3 or Gateway RX V3: a message service handler (MSH) implementing any of these

profiles will also be conforming to the AS4 ebHandler CP (the reverse is not true).

Full compliance to AS4 actually requires and/or authorizes a message handler to implement a

few additional features beyond these conformance profiles, as described in clause 8. These

additional features are described in Clause 5.
© ISO 2021 – All rights reserved ix
---------------------- Page: 9 ----------------------
INTERNATIONALE STANDARD ISO 15000-2:2021(E)
Electronic business eXtensible Markup Language
(ebXML) —
Part 2:
Applicability Statement (AS) profile of ebXML messaging
service
1 Scope

This document describes the AS4 Profile, which provides a subset of the functionality of

ISO 15000-1:2021, along with implementation guidelines based on the “just-enough” design principles

and electronic data interchange functional requirements to trim down ISO 15000-1:2021 into a more

simplified specification for web services business-to-business messaging.
It specifies:
- three conformance profiles of ISO 15000-1:2021 (see Clause 4);
- a number of AS4 additional features (see Clause 5);
- complementary requirements for the AS4 multi-hop profile (see Clause 6);
- AS4 usage profile of ISO 15000-1:2021 (see Clause 7);
- definitions of conformance (see Clause 8).
Annex A provides some sample messages to support implementation.
Annex B provides a sample XSLT stylesheet to generate an AS4 receipt.

This document is applicable to all types of organizations (e.g., commercial enterprises, government

agencies, not-for-profit organizations) that exchange documents or data electronically using messaging.

© ISO 2021 – All rights reserved 1
---------------------- Page: 10 ----------------------
ISO 15000-2:2021(E)
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 15000-1:2021. Electronic business eXtensible Markup Language (ebXML) — Part 1: Messaging Service

3.0 Core Specification.

INTERNET ENGINEERING TASK FORCE (IETF). RFC 1952. GZIP file format specification version 4.3. IETF

RFC. May 1996. http://tools.ietf.org/html/rfc1952

INTERNET ENGINEERING TASK FORCE (IETF). RFC 2045. Multipurpose Internet Mail Extensions (MIME)

Part One: Format of Internet Message Bodies. IETF RFC. November 1996.
http://www.ietf.org/rfc/rfc2045.txt

INTERNET ENGINEERING TASK FORCE (IETF). RFC 2616. Hypertext Transfer Protocol — HTTP/1.1. IETF

RFC. June 1999. Available from http://www.ietf.org/rfc/rfc2616.txt

OASIS. OASIS ebXML Business Signals Schema, 21 December 2006. OASIS Standard. http://docs.oasis-

open.org/ebxml-bp/ebbp-signals-2.0

OASIS. OASIS ebXML Messaging Services Version 3.0: Part 2, Advanced Features. Committee Specification

01, 19 May 2011. OASIS committee specification. Available at http://docs.oasis-open.org/ebxml-

msg/ebms/v3.0/part2/201004/ebms-v3-part2.odt

OASIS. Web Services Security: SOAP Message Security 1.1. OASIS Standard incorporating Approved Errata.

1 November 2006. Available from http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-errata-os-

SOAPMessageSecurity.pdf

OASIS. Web Services Security UsernameToken Profile 1.1. OASIS Standard. 1 February 2006. Available

from http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-UsernameTokenProfile.pdf.

OASIS. Web Services Security X.509 Certificate Token Profile 1.1. OASIS Standard incorporating Approved

Errata. 1 November 2006. Available from http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-errata-

os-x509TokenProfile.pdf

WEB SERVICES INTEROPERABILITY ORGANIZATION. WS-I Attachments Profile Version 1.0, WS-I Final

Material. 20 April 2004. Available from http://www.ws-i.org/Profiles/AttachmentsProfile-1.0.html

WEB SERVICES INTEROPERABILITY ORGANIZATION. Basic Profile Version 2.0, WS-I Final Material. 9

November 2010. Available from http://ws-i.org/Profiles/BasicProfile-2.0-2010-11-09.html

WEB SERVICES INTEROPERABILITY ORGANIZATION. Basic Security Profile Version 1.1, WS-I Final Mate-

rial. 24 January 2010. Available from http://www.ws-i.org/Profiles/BasicSecurityProfile-1.1.html

WORLD WIDE WEB CONSORTIUM (W3C). SOAP Version 1.2 Part 1: Messaging Framework. W3C Recom-

mendation. 27 April 2007. Available from http://www.w3.org/TR/soap12-part1/

WORLD WIDE WEB CONSORTIUM (W3C). SOAP Messages with Attachments, W3C Note. 11 December

2000. Available from http://www.w3.org/TR/SOAP-attachments

WORLD WIDE WEB CONSORTIUM (W3C). Web Services Addressing 1.0 – Core. W3C Recommendation. 9

May 2006. Available from http://www.w3.org/TR/2006/REC-ws-addr-core-20060509/
2 © ISO 2021 – All rights reserved
---------------------- Page: 11 ----------------------
ISO 15000-2:2021(E)

WORLD WIDE WEB CONSORTIUM (W3C). Extensible Markup Language (XML) 1.0. W3C Recommenda-

tion 26 November 2008. Available from http://www.w3.org/TR/REC-xml/

WORLD WIDE WEB CONSORTIUM (W3C). XML Signature Syntax and Processing (Second Edition). W3C

Recommendation. 10 June 2008. Available from http://www.w3.org/TR/xmldsig-core/

WORLD WIDE WEB CONSORTIUM (W3C). XML Encryption Syntax and Processing. 10 December, 2002.

Available from http://www.w3.org/TR/xmlenc-core/
© ISO 2021 – All rights reserved 3
---------------------- Page: 12 ----------------------
ISO 15000-2:2021(E)
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 15000-1:2021 apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at http://www.electropedia.org/
4 © ISO 2021 – All rights reserved
---------------------- Page: 13 ----------------------
ISO 15000-2:2021(E)
4 AS4 conformance profiles for ISO 15000-1:2021
4.1 General

AS4 is more than a conformance profile, in the sense given in the OASIS ebXML Messaging Services,

Version 3.0: Conformance Profiles OASIS committee specification. It is a combination of a conformance

profile and a usage profile, as explained in the Introduction. Consequently, only this clause is conforming

to the format recommended in the OASIS ebXML Messaging Services, Version 3.0: Conformance Profiles

OASIS committee specification for describing conformance profiles. The usage profile part (clause 7) is

following a format based on tables similar to those found in the OASIS Deployment Profile Template for

OASIS ebXML Message Service 2.0 Standard.
4.2 The AS4 ebHandler conformance profile
4.2.1 General

The AS4 ebHandler conformance profile addresses common functional requirements of e-Business/e-

Government gateways. It is identified by the URI:
http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/cprofiles/200809/as4ebhandler
NOTE: this URI is only an identifier, not a document address.
4.2.2 Feature set
The
...

INTERNATIONAL ISO
STANDARD 15000-2
First edition
Electronic business eXtensible
Markup Language (ebXML) —
Part 2:
Applicability Statement (AS) profile of
ebXML messaging service
PROOF/ÉPREUVE
Reference number
ISO 15000-2:2020(E)
ISO 2020
---------------------- Page: 1 ----------------------
ISO 15000-2:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii PROOF/ÉPREUVE © ISO 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO 15000-2:2020(E)
Contents

Foreword ................................................................................................................................. vi

Introduction ............................................................................................................................. vii

1 Scope ................................................................................................................................ 1

2 Normative references ........................................................................................................ 2

3 Terms and definitions......................................................................................................... 4

4 AS4 conformance profiles for ISO 15000-1:— .................................................................. 5

4.1 General ...................................................................................................................... 5

4.2 The AS4 ebHandler conformance profile .................................................................... 5

4.2.1 General ............................................................................................................... 5

4.2.2 Feature set .......................................................................................................... 5

4.2.3 WS-I conformance profiles .................................................................................. 8

4.2.4 Processing mode parameters ............................................................................. 8

General ....................................................................................................................................................... 8

General P-Mode parameters .................................................................................................................. 8

PMode[1].Protocol ...................................................................................................................................... 9

PMode[1].BusinessInfo ............................................................................................................................... 9

PMode[1].ErrorHandling ............................................................................................................................. 9

PMode[1].Reliability .................................................................................................................................. 10

PMode[1].Security ..................................................................................................................................... 10

4.3 The AS4 light client conformance profile .................................................................. 10

4.3.1 General ............................................................................................................. 10

4.3.2 Feature set ........................................................................................................ 11

4.3.3 WS-I conformance requirements ....................................................................... 13

4.3.4 Processing mode parameters ........................................................................... 13

General ..................................................................................................................................................... 13

General P-Mode parameters..................................................................................................................... 13

PMode[1].Protocol .................................................................................................................................... 14

PMode[1].BusinessInfo ............................................................................................................................. 14

PMode[1].ErrorHandling ........................................................................................................................... 14

Pmode[1].Reliability .................................................................................................................................. 14

PMode[1].Security ..................................................................................................................................... 14

4.4 The AS4 minimal client conformance profile ............................................................ 15

4.4.1 General ............................................................................................................. 15

4.4.2 Feature set ........................................................................................................ 15

4.4.3 WS-I conformance requirements ....................................................................... 16

4.4.4 Processing mode parameters ........................................................................... 18

© ISO 2020 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO 15000-2:2020(E)

General ...................................................................................................................................................... 18

General P-Mode parameters ..................................................................................................................... 18

PMode[1].Protocol ..................................................................................................................................... 18

PMode[1].BusinessInfo .............................................................................................................................. 19

PMode[1].ErrorHandling ............................................................................................................................ 19

Pmode[1].Reliability ................................................................................................................................... 19

Pmode[1].Security ..................................................................................................................................... 19

4.5 Conformance profiles compatibility ........................................................................... 19

5 AS4 additional features ................................................................................................... 21

5.1 General ..................................................................................................................... 21

5.2 Compression ............................................................................................................ 21

5.3 Reception awareness features and duplicate detection ........................................... 23

5.4 Alternative pull authorization .................................................................................... 24

5.5 Semantics of receipt in AS4 ...................................................................................... 24

5.6 Sub-channels for message pulling ........................................................................... 25

5.7 Additional features errors ......................................................................................... 26

6 Complementary requirements for the AS4 multi-hop profile ............................................ 27

6.1 General ..................................................................................................................... 27

6.2 Rationale and context ............................................................................................... 27

6.3 General constraints .................................................................................................. 28

6.4 Processing mode parameter .................................................................................... 29

6.5 AS4 Endpoint requirements ...................................................................................... 29

7 AS4 usage profile of ISO 15000-1 ................................................................................... 31

7.1 General ..................................................................................................................... 31

7.2 AS4 usage rules ....................................................................................................... 31

7.2.1 Core components / modules to be used ............................................................ 31

7.2.2 Bundling rules ................................................................................................... 32

7.2.3 Security element................................................................................................ 33

7.2.4 Signing messages ............................................................................................. 33

7.2.5 Signing SOAP with attachments messages ...................................................... 34

7.2.6 Encrypting messages ........................................................................................ 34

7.2.7 Encrypting SOAP with attachments messages ................................................. 35

7.2.8 Generating receipts ........................................................................................... 35

7.2.9 MIME header and filename information ............................................................. 37

7.3 AS4 usage agreements ............................................................................................ 37

7.3.1 General ............................................................................................................. 37

iv © ISO 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO 15000-2:2020(E)

7.3.2 AS4 usage agreement parameters ................................................................... 37

7.3.3 Controlling content and sending of receipts ...................................................... 37

7.3.4 Error handling options ....................................................................................... 38

7.3.5 Securing the pull request .................................................................................. 39

7.3.6 Reception awareness parameters ..................................................................... 41

7.3.7 Default values of some P-Mode parameters ..................................................... 41

7.3.8 HTTP confidentiality and security ...................................................................... 42

7.3.9 Deployment and processing requirements for CPAs ......................................... 43

7.3.10 Message payload and flow profile ..................................................................... 43

7.3.11 Additional deployment or operational requirements .......................................... 44

8 Conformance statements ............................................................................................... 45

8.1 General .................................................................................................................... 45

8.2 AS4 ebHandler conformance ................................................................................... 45

8.3 AS4 light client conformance .................................................................................... 45

8.4 AS4 Minimal client conformance .............................................................................. 46

8.5 AS4 minimal sender conformance............................................................................ 46

8.6 AS2/AS4 ebHandler conformance............................................................................ 46

8.7 AS4 Multi-Hop endpoint conformance ...................................................................... 46

Annex A Sample messages (informative) ........................................................................... 47

A.1 General .................................................................................................................... 47

A.2 User message .............................................................................................................. 47

A.3 User message with compressed payload ..................................................................... 48

A.4 Non-repudiation of receipt ............................................................................................ 49

A.5 Pull request signal message ......................................................................................... 50

Annex B Generating an AS4 receipt (informative) ............................................................... 52

Bibliography ............................................................................................................................ 55

© ISO 2020 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO 15000-2:2020(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO

collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see

www.iso.org/iso/foreword.html.

This document was prepared by the OASIS ebXML Messaging Services Technical Committee (as “OASIS

AS4 Profile of ebMS 3.0 Version 1.0”) and drafted in accordance with its editorial rules. It was assigned

to Technical Committee ISO/TC 154, Processes, data elements and documents in commerce, industry and

administration and adopted under the "fast-track procedure".
A list of all parts in the ISO 15000 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www.iso.org/members.html.
vi © ISO 2020 – All rights reserved
---------------------- Page: 6 ----------------------
ISO 15000-2:2020(E)
Introduction

Historically, the platform for mission-critical business-to-business (B2B) transactions has steadily

moved from proprietary value-added networks (VANs) to Internet-based protocols free from the data

transfer fees imposed by the VAN operators. This trend has been accelerated by lower costs and product

ownership, a maturing of technology, internationalization, widespread interoperability, and

marketplace momentum. The exchange of electronic data interchange (EDI) business documents over

the Internet has substantially increased along with a growing presence of extensible markup language

(XML) and other document types such as binary and text files.

The Internet messaging services standards that have emerged provide a variety of options for end users

to consider when deciding which standard to adopt. These include pre-Internet protocols, the EDIINT

series of IETF RFC 3355 AS1, IETF RFC 4130 AS2 and IETF RFC 4823 AS3, simple XML over hypertext

transport protocol (HTTP), government specific frameworks, OASIS ebXML messaging (ebMS) 2.0, and

web services variants. As Internet messaging services standards have matured, new standards are

emerging that leverage prior B2B messaging services knowledge for applicability to web services

messaging.

The emergence of the OASIS ebMS 3.0 Standard, now ISO 15000-1:—, represents a leap forward in Web

Services B2B messaging services by meeting the challenge of composing many web services standards

into a single comprehensive specification for defining the secure and reliable exchange of documents

using web services. ISO 15000-1:— composes the fundamental web services standards W3C SOAP 1.1,

W3C SOAP 1.2, W3C SOAP with Attachments, OASIS WS-Security 1.0 and 1.1, W3C WS-Addressing, and

the OASIS reliable messaging standards WS-Reliability 1.1 and WS-ReliableMessaging - currently at

version 1.2, together with guidance for the packaging of messages and receipts along with definitions of

messaging choreographies for orchestrating document exchanges.

Like AS2, ISO 15000-1:— brings together many existing standards that govern the packaging, security,

and transport of electronic data under the umbrella of a single specification document. While ISO

15000-1:— represents a leap forward in reducing the complexity of web services B2B messaging, the

specification still contains numerous options and comprehensive alternatives for addressing a variety of

scenarios for exchanging data over a web services platform.

In order to fully take advantage of the AS2 success story, this profile of ISO 15000-1:— has been

developed. Using ISO 15000-1:— as a base, a subset of functionality has been defined along with

implementation guidelines adopted based on the “just-enough” design principles and AS2 functional

requirements to trim down ISO 15000-1:— into a more simplified and AS2-like specification for web

services B2B messaging. The main benefits of AS4 compared to AS2 are:
● compatibility with web services standards;
● message pulling capability;
● a built-in receipt mechanism.

AS4 also provides a minimal client conformance profile that supports data exchanges that have lower-

end requirements and do not require (the equivalent of) some of the more advanced capabilities of AS2

and ISO 15000-1:—, such as support for multiple payloads, message receipts and signing or encryption

of messages and receipts.
© ISO 2020 – All rights reserved vii
---------------------- Page: 7 ----------------------
ISO 15000-2:2020(E)
Profiling ISO 15000-1:— means:
● defining a subset of ISO 15000-1:— options to be supported by the AS4 handler;

● deciding which types of message exchanges shall be supported, and how these exchanges should

be conducted (level of security, binding to HTTP, etc.);

● deciding of AS4-specific message contents and practices (how to make use of the ebMS message

header fields, in an AS4 context);
● deciding of some operational best practices, for the end-user.
The overall goal of a profile for a standard is to ensure interoperability by:

● establishing particular usage and practices of the standard within a community of users;

● defining the subset of features in this document that needs to be supported by an

implementation.

Two kinds of profiles are usually considered when profiling an existing standard:

1. Conformance profiles. These define the different ways a product can conform to a standard,

based on specific ways to implement this document. A conformance profile is usually associated

with a specific conformance statement. Conformance profiles are of prime interest for product

managers and developers: they define a precise subset of features to be supported.

2. Usage profiles (also called deployment profiles). These define how a standard should be used

by a community of users, in order to ensure best compatibility with business practices and

interoperability. Usage profiles are of prime interest for IT end-users: they define how to

configure the use of a standard (and related product) as well as how to bind this document to

business applications. A usage profile usually points at required or compatible conformance

profile(s).
AS4 is defined as a combination of:

● three primary AS4 conformance profiles (see Clause 4) that define three subsets of

ISO 15000-1:— features, at least one of which is to be supported by an AS4 implementation;

● a set of additional features (see Clause 5);

● an optional complementary conformance profile (see Clause 6) that specifies how to use AS4

endpoints with ISO 15000-1:— intermediaries. This is based on a simplified subset of the multi-

hop messaging feature defined in the ebMS 3.0 Part 2, Advanced Features specification;

● an AS4 usage profile (see Clause 7) that defines how to use an AS4-compliant implementation in

order to achieve similar functions as specified in AS2.
The three primary AS4 conformance profiles (CP) are the following:

(1) The AS4 ebHandler CP. This conformance profile supports both sending and receiving roles,

and for each role both message pushing and message pulling;

(2) The AS4 light client CP. This conformance profile supports both sending and receiving roles,

but only message pushing for sending and message pulling for receiving. In other words, it does

not support incoming HTTP requests, and may have no fixed IP address.
viii © ISO 2020 – All rights reserved
---------------------- Page: 8 ----------------------
ISO 15000-2:2020(E)

(3) The AS4 minimal client CP. Like the light client CP, this conformance profile does not support

the push transport channel binding for the receiving role and therefore does not require HTTP

server capabilities. As its name indicates, this CP omits all but a minimal set of features.

Compatible existing conformance profiles for ISO 15000-1:— are the following:

● Gateway RM V3 or Gateway RX V3: a message service handler (MSH) implementing any of these

profiles will also be conforming to the AS4 ebHandler CP (the reverse is not true).

Full compliance to AS4 actually requires and/or authorizes a message handler to implement a

few additional features beyond these conformance profiles, as described in clause 8. These

additional features are described in Clause 5.
© ISO 2020 – All rights reserved ix
---------------------- Page: 9 ----------------------
INTERNATIONALE STANDARD ISO 15000-2:2020(E)
Electronic business eXtensible Markup Language
(ebXML) —
Part 2:
Applicability Statement (AS) profile of ebXML messaging
service
1 Scope

This document describes the AS4 Profile, which provides a subset of the functionality of ISO 15000-1:—,

along with implementation guidelines based on the “just-enough” design principles and electronic data

interchange functional requirements to trim down ISO 15000-1:— into a more simplified specification

for web services business-to-business messaging.
It specifies:
- three conformance profiles of ISO 15000-1:— (see Clause 4);
- a number of AS4 additional features (see Clause 5);
- complementary requirements for the AS4 multi-hop profile (see Clause 6);
- AS4 usage profile of ISO 15000-1:— (see Clause 7);
- definitions of conformance (see Clause 8).
Annex A provides some sample messages to support implementation.
Annex B provides a sample XSLT stylesheet to generate an AS4 receipt.

This document is applicable to all types of organizations (e.g., commercial enterprises, government

agencies, not-for-profit organizations) that exchange documents or data electronically using messaging.

© ISO 2020 – All rights reserved 1
---------------------- Page: 10 ----------------------
ISO 15000-2:2020(E)
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 15000-1:—. Electronic business eXtensible Markup Language (ebXML) — Part 1: Messaging Service

3.0 Core Specification.

INTERNET ENGINEERING TASK FORCE (IETF). RFC 1952. GZIP file format specification version 4.3. IETF

RFC. May 1996. http://tools.ietf.org/html/rfc1952

INTERNET ENGINEERING TASK FORCE (IETF). RFC 2045. Multipurpose Internet Mail Extensions (MIME)

Part One: Format of Internet Message Bodies. IETF RFC. November 1996.
http://www.ietf.org/rfc/rfc2045.txt

INTERNET ENGINEERING TASK FORCE (IETF). RFC 2616. Hypertext Transfer Protocol — HTTP/1.1. IETF

RFC. June 1999. Available from http://www.ietf.org/rfc/rfc2616.txt

OASIS. OASIS ebXML Business Signals Schema, 21 December 2006. OASIS Standard. http://docs.oasis-

open.org/ebxml-bp/ebbp-signals-2.0

OASIS. OASIS ebXML Messaging Services Version 3.0: Part 2, Advanced Features. Committee Specification

01, 19 May 2011. OASIS committee specification. Available at http://docs.oasis-open.org/ebxml-

msg/ebms/v3.0/part2/201004/ebms-v3-part2.odt

OASIS. Web Services Security: SOAP Message Security 1.1. OASIS Standard incorporating Approved Errata.

1 November 2006. Available from http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-errata-os-

SOAPMessageSecurity.pdf

OASIS. Web Services Security UsernameToken Profile 1.1. OASIS Standard. 1 February 2006. Available

from http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-UsernameTokenProfile.pdf.

OASIS. Web Services Security X.509 Certificate Token Profile 1.1. OASIS Standard incorporating Approved

Errata. 1 November 2006. Available from http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-errata-

os-x509TokenProfile.pdf

WEB SERVICES INTEROPERABILITY ORGANIZATION. WS-I Attachments Profile Version 1.0, WS-I Final

Material. 20 April 2004. Available from http://www.ws-i.org/Profiles/AttachmentsProfile-1.0.html

WEB SERVICES INTEROPERABILITY ORGANIZATION. Basic Profile Version 2.0, WS-I Final Material. 9

November 2010. Available from http://ws-i.org/Profiles/BasicProfile-2.0-2010-11-09.html

WEB SERVICES INTEROPERABILITY ORGANIZATION. Basic Security Profile Version 1.1, WS-I Final Mate-

rial. 24 January 2010. Available from http://www.ws-i.org/Profiles/BasicSecurityProfile-1.1.html

WORLD WIDE WEB CONSORTIUM (W3C). SOAP Version 1.2 Part 1: Messaging Framework. W3C Recom-

mendation. 27 April 2007. Available from http://www.w3.org/TR/soap12-part1/

WORLD WIDE WEB CONSORTIUM (W3C). SOAP Messages with Attachments, W3C Note. 11 December

2000. Available from http://www.w3.org/TR/SOAP-attachments

WORLD WIDE WEB CONSORTIUM (W3C). Web Services Addressing 1.0 – Core. W3C Recommendation. 9

May 2006. Available from http://www.w3.org/TR/2006/REC-ws-addr-core-20060509/
2 © ISO 2020 – All rights reserved
---------------------- Page: 11 ----------------------
ISO 15000-2:2020(E)

WORLD WIDE WEB CONSORTIUM (W3C). Extensible Markup Language (XML) 1.0. W3C Recommenda-

tion 26 November 2008. Available from http://www.w3.org/TR/REC-xml/

WORLD WIDE WEB CONSORTIUM (W3C). XML Signature Syntax and Processing (Second Edition). W3C

Recommendation. 10 June 2008. Available from http://www.w3.org/TR/xmldsig-core/

WORLD WIDE WEB CONSORTIUM (W3C). XML Encryption Syntax and Processing. 10 December, 2002.

Available from http://www.w3.org/TR/xmlenc-core/
© ISO 2020 – All rights reserved 3
---------------------- Page: 12 ----------------------
ISO 15000-2:2020(E)
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 15000-1:— apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at http://www.electropedia.org/
4 © ISO 2020 – All rights reserved
---------------------- Page: 13 ----------------------
ISO 15000-2:2020(E)
4 AS4 conformance profiles for ISO 15000-1:—
4.1 General

AS4 is more than a conformance profile, in the sense given in the OASIS ebXML Messaging Services,

Version 3.0: Conformance Profiles OASIS committee specification. It is a combination of a conformance

profile and a usage profile, as explained in the Introduction. Consequently, only this clause is conforming

to the format recommended in the OASIS
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.