Internet Engineering Task Force (IETF) K. Meadors, Ed. Request for Comments: 6362 Drummond Group, Inc. Category: Informational August 2011 ISSN: 2070-1721
Internet Engineering Task Force (IETF) K. Meadors, Ed. Request for Comments: 6362 Drummond Group, Inc. Category: Informational August 2011 ISSN: 2070-1721
Multiple Attachments for Electronic Data Interchange - Internet Integration (EDIINT)
电子数据交换用多附件.因特网集成(EDIINT)
Abstract
摘要
The Electronic Data Interchange - Internet Integration (EDIINT) AS1, AS2, and AS3 messages were designed specifically for the transport of EDI documents. Since multiple interchanges could be placed within a single EDI document, there was not a need for sending multiple EDI documents in a single message. As adoption of EDIINT grew, other uses developed aside from single EDI document transport. Some transactions required multiple attachments to be interpreted together and stored in a single message. This Informational RFC describes how multiple documents, including non-EDI payloads, can be attached and transmitted in a single EDIINT transport message. The attachments are stored within the MIME multipart/related structure. A minimal list of content-types to be supported as attachments is provided.
电子数据交换-互联网集成(EDIINT)AS1、AS2和AS3消息是专门为传输EDI文档而设计的。由于可以在单个EDI文档中放置多个交换,因此不需要在单个消息中发送多个EDI文档。随着电子数据交换的普及,除了单一的电子数据交换文件传输之外,其他用途也在发展。有些事务需要将多个附件一起解释并存储在一条消息中。此信息RFC描述了如何在单个EDIINT传输消息中附加和传输多个文档,包括非EDI有效负载。附件存储在MIME多部分/相关结构中。提供了作为附件支持的内容类型的最小列表。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6362.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6362.
Copyright Notice
版权公告
Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2011 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.
本文件可能包含2008年11月10日之前发布或公开的IETF文件或IETF贡献中的材料。控制某些材料版权的人员可能未授予IETF信托允许在IETF标准流程之外修改此类材料的权利。在未从控制此类材料版权的人员处获得充分许可的情况下,不得在IETF标准流程之外修改本文件,也不得在IETF标准流程之外创建其衍生作品,除了将其格式化以RFC形式发布或将其翻译成英语以外的其他语言。
Table of Contents
目录
1. Introduction ....................................................3 1.1. Requirements Language ......................................3 2. Using Multiple Attachments in EDIINT ............................3 2.1. Multipart/Related Structure ................................3 2.2. EDIINT-Features Header .....................................4 2.3. MIC Calculation ............................................4 2.4. Document Processing ........................................5 2.5. Content-Types to Support ...................................5 3. Example Message .................................................6 4. Security Considerations .........................................7 5. Normative References ............................................7
1. Introduction ....................................................3 1.1. Requirements Language ......................................3 2. Using Multiple Attachments in EDIINT ............................3 2.1. Multipart/Related Structure ................................3 2.2. EDIINT-Features Header .....................................4 2.3. MIC Calculation ............................................4 2.4. Document Processing ........................................5 2.5. Content-Types to Support ...................................5 3. Example Message .................................................6 4. Security Considerations .........................................7 5. Normative References ............................................7
The primary work of the EDIINT working group (WG) was to develop a secure means of transporting EDI documents over the Internet. This was described in the three WG-developed standards for secure transport over SMTP AS1 [RFC3335], HTTP AS2 [RFC4130], and FTP AS3 [RFC4823]. For most uses of EDI, all relevant information to complete a single business transaction could be stored in a single document. As adoption of EDIINT grew, new industries and businesses began using AS2 and also needed to include multiple documents in a single message to complete a trading-partner transaction. These documents were a variety of MIME media types. This Informational RFC describes how to use the MIME multipart/related body structure within EDIINT messages to store multiple document attachments. Details of computing the message integrity check (MIC) value over this body are covered. A minimum listing of MIME media types to support within the multipart/related body is given along with information on extracting these documents.
EDIINT工作组(WG)的主要工作是开发通过互联网传输EDI文档的安全方法。这在工作组为SMTP AS1[RFC3335]、HTTP AS2[RFC4130]和FTP AS3[RFC4823]上的安全传输制定的三个标准中进行了描述。对于EDI的大多数使用,完成单个业务事务的所有相关信息都可以存储在单个文档中。随着EDIINT应用的增长,新的行业和企业开始使用AS2,并且还需要在一条消息中包含多个文档来完成贸易伙伴交易。这些文档是各种MIME媒体类型。此信息RFC描述了如何在EDIINT消息中使用MIME多部分/相关正文结构来存储多个文档附件。本文介绍了在此主体上计算消息完整性检查(MIC)值的详细信息。给出了在多部分/相关正文中支持的MIME媒体类型的最小列表,以及有关提取这些文档的信息。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。
Multiple payload attachments for EDIINT messages are stored within a multipart/related MIME body [RFC2387]. The multipart/related structure allows multiple MIME attachments or message payloads to be communicated in a single structure and message.
EDIINT消息的多个有效负载附件存储在多部分/相关MIME正文[RFC2387]中。多部分/相关结构允许在单个结构和消息中传输多个MIME附件或消息有效负载。
The attached payloads can be of any MIME content-type depending on the trading-partner agreement, but Section 2.5 lists the content-types that MUST be supported. The use and format of the multipart/ related body follows the rules in RFC 2387 [RFC2387], including the required type parameter to determine the root body part. The use of the optional start parameter is RECOMMENDED.
附加的有效负载可以是任何MIME内容类型,具体取决于贸易伙伴协议,但第2.5节列出了必须支持的内容类型。多部分/相关主体的使用和格式遵循RFC 2387[RFC2387]中的规则,包括确定根主体部分所需的类型参数。建议使用可选的启动参数。
To indicate support for multiple attachments (MAs), an EDIINT application MUST use the EDIINT-Features header [RFC6017]. The EDIINT-Features header indicates that the instance application can support various features, such as certification exchange. The header is present in all messages from the instance application, not just those that feature certification exchange.
要表示支持多附件(MAs),EDIINT应用程序必须使用EDIINT功能标头[RFC6017]。EDIINT Features标头表示实例应用程序可以支持各种功能,例如证书交换。头出现在来自实例应用程序的所有消息中,而不仅仅是那些具有证书交换功能的消息。
For applications implementing multiple attachments, the MA-Feature-Name MUST be used within the EDIINT-Features header as listed in this ABNF [RFC5234] syntax:
对于实现多个附件的应用程序,MA功能名称必须在EDIINT功能头中使用,如ABNF[RFC5234]语法所示:
MA-Feature-Name = "multiple-attachments"
MA-Feature-Name = "multiple-attachments"
An example of the EDIINT-Features header in a message from an application supporting MA:
来自支持MA的应用程序的消息中的EDIINT Features标头示例:
EDIINT-Features: multiple-attachments
EDIINT功能:多个附件
MIC calculation in an EDIINT message with multiple attachments is performed in the same manner as for a single EDI payload. The only difference is calculating the message integrity check (MIC) over the whole multipart/related body rather than a single EDI payload. Section 5.2.1 of AS1 [RFC3335] and Section 4 of EDIINT COMPRESSION [RFC5402] describe the MIC calculations used for a single payload document within an EDIINT message. The approach is summarized below for the multipart/related body. Refer to stated sections above for more details.
具有多个附件的EDIINT报文中的MIC计算与单个EDI有效负载的计算方式相同。唯一的区别是计算整个多部分/相关主体上的消息完整性检查(MIC),而不是单个EDI有效负载。AS1[RFC3335]的第5.2.1节和EDIINT压缩[RFC5402]的第4节描述了EDIINT消息中单个有效负载文档使用的MIC计算。多部分/相关机构的方法概述如下。有关更多详细信息,请参阅上述章节。
For a compressed but unsigned message, regardless of encryption, the MIC is calculated over the uncompressed multipart/related body including any applied Content-Transfer-Encoding. The body MUST be canonicalized according to the procedure described in the underlying transport protocol (e.g., HTTP AS2 [RFC4130]) before the MIC is calculated.
对于压缩但未签名的消息,无论加密方式如何,都会在未压缩的多部分/相关正文(包括任何应用的内容传输编码)上计算MIC。在计算MIC之前,必须根据底层传输协议(例如HTTP AS2[RFC4130])中描述的过程对主体进行规范化。
For an encrypted but unsigned and uncompressed message, the MIC is calculated on the decrypted multipart/related body, including the header and all attached documents. The body MUST be canonicalized according to the procedure described in the underlying transport protocol (e.g., HTTP AS2 [RFC4130]) before the MIC is calculated.
对于加密但未签名和未压缩的消息,MIC在解密的多部分/相关正文(包括标题和所有附加文档)上计算。在计算MIC之前,必须根据底层传输协议(例如HTTP AS2[RFC4130])中描述的过程对主体进行规范化。
For an unsigned and unencrypted message, the MIC is calculated over the data inside the multipart/related boundaries prior to Content-Transfer-Encoding. However, unsigned and unencrypted messages SHOULD NOT be sent due to lack of security.
对于未签名和未加密的消息,在内容传输编码之前,通过多部分/相关边界内的数据计算MIC。但是,由于缺乏安全性,不应发送未签名和未加密的消息。
If the expected MIC value differs from the calculated MIC value, all attachments MUST be considered invalid and retransmitted.
如果预期的MIC值与计算的MIC值不同,则必须将所有附件视为无效并重新传输。
Upon receipt of an EDIINT message with multiple attachments, the receiving user agent MUST be able to extract the attached payloads from the message rather than only removing the multipart/related body from the message. The storing or processing of the documents as they relate to the pending transaction is implementation dependent.
接收到带有多个附件的EDIINT邮件后,接收用户代理必须能够从邮件中提取附加的有效负载,而不仅仅是从邮件中删除多部分/相关正文。与未决事务相关的文档的存储或处理取决于实现。
Documents of the following MIME media types MAY be found in a multipart/related body and MUST be accepted by the user agent. However, any media type can be used depending upon industry need, and other media types MAY be accepted depending upon the trading-partner agreement. Please see [MIMEREG] for the definitions of the media types listed below.
以下MIME媒体类型的文档可以在多部分/相关正文中找到,并且必须由用户代理接受。但是,根据行业需要,可以使用任何媒体类型,根据贸易伙伴协议,也可以接受其他媒体类型。有关下列媒体类型的定义,请参见[MIMEREG]。
application/xml
应用程序/xml
application/pdf
申请表格/pdf
application/msword
应用程序/msword
application/rtf
应用程序/rtf
application/octet-stream
应用程序/八位字节流
application/zip
应用程序/zip
image/gif
图像/gif
image/tiff
图像/tiff
image/jpeg
图像/jpeg
text/plain
文本/纯文本
text/html
文本/html
text/rtf
文本/rtf
text/xml
文本/xml
Below is an example AS2 message that uses two attachments. The first attachment is an XML document, which is the root attachment, and the second attachment is a PDF document. The content of both the XML and PDF documents, as well as the applied digital signature, has been omitted for size consideration. This example is provided as an illustration only and is not considered part of the specification. If the example conflicts with the definitions specified above or in the other referenced RFCs, the example is considered invalid.
下面是使用两个附件的AS2消息示例。第一个附件是XML文档,它是根附件,第二个附件是PDF文档。出于尺寸考虑,XML和PDF文档的内容以及应用的数字签名都被省略了。本示例仅作为说明提供,不作为本规范的一部分。如果该示例与上述或其他参考RFC中指定的定义冲突,则该示例被视为无效。
POST /as2 HTTP/1.1 Host: www.example.com:8080 Connection: Close, TE Message-ID: <1109712943488@10.65.122.242> Subject: Multiple Attachment Example Date: Tue, 01 Mar 2005 21:37:03 GMT AS2-To: TradingPartner AS2-From: User AS2-Version: 1.2 EDIINT-Features: multiple-attachments Disposition-Notification-To: http://www.example.com/as2 Disposition-Notification-Options: signed-receipt-protocol=optional,pkcs7-signature; signed-receipt-micalg=optional,sha-1 Content-type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-1; boundary="OUTER-BOUNDARY" Content-length: 207440
POST /as2 HTTP/1.1 Host: www.example.com:8080 Connection: Close, TE Message-ID: <1109712943488@10.65.122.242> Subject: Multiple Attachment Example Date: Tue, 01 Mar 2005 21:37:03 GMT AS2-To: TradingPartner AS2-From: User AS2-Version: 1.2 EDIINT-Features: multiple-attachments Disposition-Notification-To: http://www.example.com/as2 Disposition-Notification-Options: signed-receipt-protocol=optional,pkcs7-signature; signed-receipt-micalg=optional,sha-1 Content-type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-1; boundary="OUTER-BOUNDARY" Content-length: 207440
--OUTER-BOUNDARY Content-type: multipart/related; boundary="INNER-BOUNDARY"; start="<root.attachment>"; type="application/xml"
--OUTER-BOUNDARY Content-type: multipart/related; boundary="INNER-BOUNDARY"; start="<root.attachment>"; type="application/xml"
--INNER-BOUNDARY Content-type: application/xml Content-ID: <root.attachment>
--INNER-BOUNDARY Content-type: application/xml Content-ID: <root.attachment>
[XML DOCUMENT]
[XML文档]
--INNER-BOUNDARY Content-type: application/pdf Content-ID: <2nd.attachment>
--INNER-BOUNDARY Content-type: application/pdf Content-ID: <2nd.attachment>
[PDF DOCUMENT]
[PDF文件]
--INNER-BOUNDARY--
--内边界--
--OUTER-BOUNDARY Content-type: application/pkcs7-signature
--外部边界内容类型:应用程序/pkcs7签名
[DIGITAL SIGNATURE]
[数码签署]
--OUTER-BOUNDARY--
--外边界--
Multiple attachments have security concerns that are very similar to those described in the three EDIINT transport standards. These include the importance of using strong cryptography and the necessity of using valid certificates and chaining to a trusted certification authority (CA). Please refer to these standards -- SMTP AS1 [RFC3335], HTTP AS2 [RFC4130], and FTP AS3 [RFC4823] -- for details of their security considerations.
多个附件的安全问题与三个EDIINT传输标准中描述的安全问题非常相似。其中包括使用强加密的重要性以及使用有效证书和链接到可信证书颁发机构(CA)的必要性。有关安全注意事项的详细信息,请参考这些标准——SMTP AS1[RFC3335]、HTTP AS2[RFC4130]和FTP AS3[RFC4823]。
The only additional security consideration is that if the MIC calculation by the user agent differs from the expected MIC calculation, all the attached documents MUST be considered invalid. Because the MIC calculation is over the multipart/related body, the MIC validates the content integrity of all the documents.
唯一的额外安全考虑是,如果用户代理进行的MIC计算与预期的MIC计算不同,则必须将所有随附文档视为无效。由于MIC计算是在多部分/相关主体上进行的,因此MIC会验证所有文档的内容完整性。
[MIMEREG] "MIME Media Types", <http://www.iana.org/>.
[MIMEREG]“MIME媒体类型”<http://www.iana.org/>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2387] Levinson, E., "The MIME Multipart/Related Content-type", RFC 2387, August 1998.
[RFC2387]Levinson,E.“MIME多部分/相关内容类型”,RFC 2387,1998年8月。
[RFC3335] Harding, T., Drummond, R., and C. Shih, "MIME-based Secure Peer-to-Peer Business Data Interchange over the Internet", RFC 3335, September 2002.
[RFC3335]Harding,T.,Drummond,R.,和C.Shih,“互联网上基于MIME的安全对等业务数据交换”,RFC 3335,2002年9月。
[RFC4130] Moberg, D. and R. Drummond, "MIME-Based Secure Peer-to-Peer Business Data Interchange Using HTTP, Applicability Statement 2 (AS2)", RFC 4130, July 2005.
[RFC4130]Moberg,D.和R.Drummond,“使用HTTP的基于MIME的安全对等业务数据交换,适用性声明2(AS2)”,RFC 4130,2005年7月。
[RFC4823] Harding, T. and R. Scott, "FTP Transport for Secure Peer-to-Peer Business Data Interchange over the Internet", RFC 4823, April 2007.
[RFC4823]Harding,T.和R.Scott,“互联网上安全对等业务数据交换的FTP传输”,RFC 4823,2007年4月。
[RFC5234] Crocker, D., Ed., and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, January 2008.
[RFC5234]Crocker,D.,Ed.,和P.Overell,“语法规范的扩充BNF:ABNF”,STD 68,RFC 5234,2008年1月。
[RFC5402] Harding, T., Ed., "Compressed Data within an Internet Electronic Data Interchange (EDI) Message", RFC 5402, February 2010.
[RFC5402]Harding,T.,Ed.“互联网电子数据交换(EDI)报文中的压缩数据”,RFC 5402,2010年2月。
[RFC6017] Meadors, K., Ed., "Electronic Data Interchange - Internet Integration (EDIINT) Features Header Field", RFC 6017, September 2010.
[RFC6017]Meadors,K.,Ed.“电子数据交换-互联网集成(EDIINT)特征标题字段”,RFC 6017,2010年9月。
Author's Address
作者地址
Kyle Meadors (editor) Drummond Group, Inc. Nashville, Tennessee 37221 US
Kyle Meadors(编辑)德拉蒙德集团,美国田纳西州纳什维尔37221
Phone: +1 (817) 709-1627 EMail: kyle@drummondgroup.com
Phone: +1 (817) 709-1627 EMail: kyle@drummondgroup.com