(Strumento sviluppato per ilprogetto Moda-ML nel 2003, versione non più mantenuta)
The effectiveness of the documents produced
by the MODA-ML XML factory can be tested by implementing a communication system
to exchange MODA-ML documents between the enterprises of the Textile/Clothing
sector. Since this document exchange is done inside some business processes, it
is important to establish a sequence in the communication messages that is
shared by all participating enterprises and unambiguous. MODA-ML then provides
several tools to help the enterprise integrate the MODA-ML exchange mechanism
to their internal processes. These tools are collectively called the message
switching system.
The message switching system defines a
transport protocol based on ebXML (www.ebXML.org) messaging service specifications; ebXML
(Electronic Business using XML) is a set of specifications from UN/CEFACT (www.uncefact.org) and
OASIS that defines a collaboration framework over the Internet to enhance
interoperability between enterprises. The main aim of ebXML is to support two
different aspects of the interoperability processes:
The semantic definition of the documents: ebXML proposes a set
of 'core components' used to
define the semantic value of a document. Differently from the EDI
framework, ebXML emphasises the importance of these components on the
entire document structure, and this aspect gives ebXML more flexibility
with respect to EDI.
Several technical specifications on the communication protocol:
MODA-ML follows ebXML transport specifications.
Since the
Textile/Clothing sector is composed of various kinds of enterprises, each
characterized by a different level of technological sophistication in their
information systems, it becomes fundamental to create simple software modules
that can be made publicly available.
The main
component of the MODA-ML message switching system is the Message Service
Handler (MSH), that acts as an email client for the transport of the MODA-ML
documents: it takes care to validate MODA-ML documents and to send and receive
them over the Internet using SMTP as its transport protocol.
It doesn't
interfere with company's information system, but it works beside it, concerning
only with communication matters. MODA-ML messages can be automatically created
from data stored inside a company's information system using third party
applications, and they are simple text messages ready to be sent over the
Internet as e-mail messages. So the Message Service Handler doesn't need to
know how enterprises organize their internal information, it's a light and
independent application that ultimately sends and receives text messages
complying with ebXML and MODA-ML specifications.
The Message
Service Handler has other interesting features: it keeps track of all the
messages sent and received by storing them in a database accessible via ODBC,
it writes logs of the main events that happen while it's running, it allows the
user to validate messages against an ebXML CPA (Collaboration Protocol
Agreement) and it sends data in a more traditional fax form.
Besides basic aspects of document
structuring and message exchanging, recent activities in the MODA-ML project
were performed in a number of areas including:
Security aspects for authentication and non-repudiation of
MODA-ML messages
A virtual enterprise simulator for testing new MODA-ML
implementations
Security
Business transactions need to be private
and to assure a certain level of security: some data must be protected and
rendered neither visible nor accessible to subjects not directly involved in
the transaction, and must be protected from unauthorised accesses, data
integrity violations, and any kind of data corruption, alteration and/or falsification.
Given the economic relevance of these transactions, it is necessary to provide
the enterprises with techniques to protect them not only from informatic
threats, but also to guarantee legal aspects of the transactions; the
certification of the document authorship is surely fundamental in order to
develop a trusted and reliable service that can gain the confidence of the
community.
The security module must provide a set of
functionalities to guarantee:
Confidentiality: any unauthorised access to the message content
must be prevented.
Integrity: the receiver should always be able to verify the
message integrity and point out alterations in the data.
Authentication: the receiver must be guaranteed of the identity
of the message sender.
Non-repudiation: the receivers must be guaranteed that the
senders will never be able to successfully disown any message they sent.
Such requirements can be achieved using
cryptography and digital signature, for instance based on asymmetric-key
algorithms and digital certificates emitted by a acknowldeged Certification
Authority.
The basic MODA-ML message switching board
does not provide the necessary security guarantees: for this purpose a software
module has been developed that implements some security aspects and that can be
easily and efficiently integrated within the main modules of MSH.
The mechanism adopted to guarantee
confidentiality, integrity, authentication and non-repudiation of a conforming
MODA-ML message are based on XML–Signature and XML–Encryption, two W3C
standards that allow respectively to sign an XML document with a digital
signature and to encrypt an XML document or fragment with an electronic key:
both standards are fully compliant with the ebXML digital signature and greatly
simplify interoperability with other frameworks that adopt ebXML
specifications.
The current version of the MODA-ML security
library implements the XML Signature protocol to supply authentication to the
XML documents, while XML Encryption is being implemented and will be available
in future versions. The MODA-ML security library is thought as a dynamic
library (.dll), based on the standard cryptographical algorithms of the
MS-Windows library. This library is linked to the MSH module, giving it the
possibility to sign the documents with a digital certificate (X509). The
documents content, thus, are guaranteed to have been sent from the owner of the
certificate and to have been received without any falsification. The adoption
of MS-Windows library allows the free module of MODA-ML to support encryption
and signature at no cost on any Windows XP/2000 workstation. The only, low,
cost to be sustained regards company's certificate purchase, that has to be
released by an official Certificate Authority in order to be really confident
with signed and encrypted messages.
The security module integration was delivered to external MODA-ML users
in May 2003. MODA–ML specifications also comprise capabilities of requiring
acknowledgement messages in order to inform the sender that his/her message has
been received and to implement the non-repudiation aspects of the communication
mechanism.
The Message Service Handler uses five
security levels, each corresponding to a different combination of exclusive or
combined use of cryptography, signature and non-repudiation:
Forwarding messages with digital signature.
Forwarding encrypted messages.
Forwarding encrypted and signed messages.
Forwarding messages and acks with digital signature.
Forwarding encrypted and signed messages and acks.
In order to achieve a complete
interoperability among all the subjects, the security features of the MSH can
be used even by applications that do not directly implement security features.
This software is no more available. Please refer to MSH2.
This page is referred to the outcomes of the projects Moda-ML and Penelope (2001-2004).