Empowering eDelivery: A closer look at conformance testing with the Interoperability Test Bed
Welcome to a journey of digital integration where the Interoperability Test Bed (ITB) plays a pivotal role in supporting eDelivery.
The primary task of the eDelivery conformance testing service, now based on the ITB platform, is to make sure that diverse software products and services enabling the use of eDelivery follow the right rules. By doing so, this collaboration paves the way for secure and efficient electronic document and data exchanges, facilitating the smooth flow of information within the digital realm.
In this article, we'll explore the concept of conformance testing and how the ITB is helping eDelivery provide it in a way that is not only efficient but also user friendly.
Conformance testing with the ITB
In the world of digital integration, where information flows seamlessly between diverse systems, one concept stands out as the guardian of interoperability: conformance testing. This essential process ensures that IT systems, those intricate pieces of software and hardware, dance to the same tune, adhering to specific requirements and predefined specifications. And in the context of eDelivery, it plays a crucial role in shaping the landscape of secure and efficient electronic document and data exchanges.
Conformance testing is then like the quality control for IT systems. It is a fundamental process in the world of digital communication. And the ITB, developed by the European Commission's DIGIT, is the instrument that facilitates conformance testing for eDelivery components. It ensures that the diverse eDelivery components follow the right rules.
Conformance testing in eDelivery
The flawless exchange of information is crucial for the citizens, businesses and public administrations.
eDelivery is a framework designed to foster interoperability among heterogeneous digital systems. At its core, eDelivery is a set of specifications that individuals and organisations can use to develop software products or services. Conformance testing ensures that those third-party offerings, whether in the form of software or services, are compliant with the specs and, thus, can communicate in a standardised way.
In essence, conformance testing in eDelivery is meant to provide assurance to the prospective users of products or services that the offering has passed a set of standardised tests and should be capable of communicating correctly with other similar products or services.
In a broader context of digital services, conformance testing stands as an indispensable element within the eDelivery service offering. It resides under the operations services umbrella, specifically falling within the ambit of testing services.
For a visual representation of where conformance testing fits within the eDelivery structure, look at the diagram below:
Development for eDelivery
In its latest releases – 1.19.0, 1.20.0 and 1.21.0 – the ITB software introduced several features in response to the needs of the eDelivery conformance testing service.
A first group of features addressed test suite and test case management: version management of individual test cases, shared test suites across multiple specifications and flexible test cases. These allow great simplification both to the solution owners, who are only required to run shared tests once and have the result relevant to all specifications, and to the eDelivery development team, who can more flexibly manage the lifecycle of the different tests implemented in the platform and label them, depending on the needs, as mandatory, optional or disabled.
A second group of features had to do with management of specifications. With eDelivery preparing to launch some tens of specifications over time, it was important from the beginning to be able to group them and order them in a meaningful way. Support for both features was swiftly implemented by the ITB team.
The ITB was also improved to simplify the process for presenting the documentation of eDelivery test cases to users and for producing fully redesigned PDF test reports, including additional data relevant to eDelivery conformance testing.
The most recent upgrade brought support for conformance snapshots (allowing eDelivery to version its conformance testing service and display products in separate categories depending on which version of the service they were tested with), conformance badges (allowing eDelivery to show in a live way each vendor’s conformance status) and customised conformance certificates (allowing eDelivery to tailor them to its needs).
The collaboration between the two teams was excellent and is set to continue in the same vein. Several further improvements are being explored now and we are sure they will eventually make the life of the users of the ITB platform and of the eDelivery conformance testing service even better.
eDelivery’s Test Bed instance is available at https://as4conftest.edelivery.tech.ec.europa.eu/itb/.
Bogdan Dumitriu, the project officer in charge of eDelivery, said that
The decision to switch from the in-house conformance testing platform that was used to provide the service between 2016-2023 over to ITB proved a great one. The richness of features, user documentation and onboarding support that the eDelivery team received for free from ITB was excellent to begin with. The ensuing collaboration, the willingness to add additional features and the speed with which they were implemented were impressive. With the migration now close to complete, we are finally able to focus all our energy on what matters: designing and writing tests. ITB takes care of the rest.
Coming soon: a new presentation for AS4 conformant solutions
An exciting result of the move of eDelivery’s conformance testing service to ITB is on the horizon as well. eDelivery is going to release a new page showcasing its AS4 conformant solutions. Here is a glimpse into what it will offer:
- Display of conformance service version. Much in the same way as Euro NCAP changes its rating approach every few years, the eDelivery conformance service will also evolve over time, providing ever-stronger coverage of the eDelivery specifications. In the new presentations, it will be possible to see which version each solution was tested with.
- Version information. For software products, the version of the tested products will be displayed, providing a clear understanding of the product’s evolution.
- Additional links for each solution. In addition to the link to each solution’s web site, additional links will be tracked, in particular to the support offering of the solution.
Stay tuned for the latest updates on eDelivery services by checking the Building Block's X and web page. For more information, do not hesitate to register for personalised news or contact us via our portal or by e-mail: EC-EDELIVERY-SUPPORT@ec.europa.eu.
The eDelivery Building Block
eDelivery is a building block that provides technical specifications and standards, installable software and ancillary services to allow projects to create a network of nodes for secure digital data exchange.
Sources: Visual 1: Adobe Stock #113453008. Visuals 2 & 3: eDelivery team.
eDelivery Interoperability Forum just took place
Another meeting of the eDelivery Interoperability Forum has just happened. Since the relaunch of the Forum in May 2023, the membership has been growing and the eDelivery team is looking forward to welcoming anyone else interested in our Forum meetings (feel free to register here to be part of the network).
After the Forum’s relaunch in May 2023, the eDelivery team has been excited to welcome service providers and software vendors interested in joining Forum meetings! The 3rd meeting took place on 28 November and has been packed with interesting topics.
Notably, the last gathering addressed the community’s feedback from the past meetings. A new presentation of the conformant products and services is one of the actions taken to increase visibility of vendors, enabling end users to choose the best suitable solution for their needs.
The most important topic, and this year’s highlight, was the finished public consultation on new versions of AS4 and SMP technical specifications: AS4 2.0 and SMP 2.0. These are open specifications that enable secure and interoperable exchange of data using web services, and they are at the core of the eDelivery building block. The eDelivery team is still working on analysing the received feedback and is planning to have another meeting with the Forum members in Q1 2024 (tentative), as well as the launch of a second public consultation for updated iteration of draft specifications next year.
The news about eDelivery contribution to third-part open-source projects has been very welcomed and appreciated by the community. eDelivery has contributed to the code in 3 different repositories – santuario, WS-WSS4J and the apache-cxf. Community can learn about the contributions to the respective libraries here – for santuario, WS-WSS4J and the apache-cxf.
The presentation about a new digital ecosystem using eDelivery closed the 28 November meeting. The Forum members were happy to learn more about the electronic Freight Transport Information (eFTI) Exchange Environment and what opportunities this could bring to them.
Those who are interested can find the slides used at the eDelivery Interoperability Forum meeting on the events page.
Finally, the eDelivery team is excited to announce that the date for the next eDelivery Interoperability Forum has been set to 18 April 2024 at 10:30 CEST! As always, the meeting will take place in virtual format and will not be recorded. Find out more (along with the registration link) on this page. As in the past, the next meeting will be crafted around the needs of the eDelivery community! It will be an invaluable chance for eDelivery service and solution providers to express their views, suggestions and best practices around future activities organised by the team. At eDelivery, we are looking forward to growing the number of participants to the Forum! If you are a service and solutions provider and would like to be a point of contact for the Forum, apply here. More information on past editions of the eDelivery Interoperability Forum is available here.
Stay tuned for the latest updates on eDelivery services by checking the Building Block's X and web page. For more information, do not hesitate to register for personalised news or contact us via our portal or by e-mail: EC-EDELIVERY-SUPPORT@ec.europa.eu.
The eDelivery Building Block
eDelivery is a building block that provides technical specifications and standards, installable software and ancillary services to allow projects to create a network of nodes for secure digital data exchange.
Domibus 5.0.7 & 5.1.1 released
Domibus 5.0.7 was released on 21 November 2023. This version is compatible with 5.0.6 and upgrading is highly recommended as it patches the ActiveMQ vulnerability as detailed in our information page.
On 16 November 2023 we also released Domibus 5.1.1. In addition to various fixes and improvements, this version also marks the separation of the SQL scripts for installing or upgrading the Domibus database into a separate product, with its own lifecycle (read more here).
For a comprehensive list of improvements and bug fixes for each of these versions, please see the following pages:
Domibus 5.1.1 does not yet address the ActiveMQ vulnerability. For the Domibus 5.1.x product line, the patch 5.1.2 addressing the vulnerability is scheduled for 15 December 2023.
Stay tuned for the latest updates on eDelivery services by checking the Building Block's X and web page. For more information, do not hesitate to register for personalised news or contact us via our portal or by e-mail: EC-EDELIVERY-SUPPORT@ec.europa.eu.
The eDelivery Building Block
eDelivery is a building block that provides technical specifications and standards, installable software and ancillary services to allow projects to create a network of nodes for secure digital data exchange.
Domibus is the sample software provided by the European Commission to implement an eDelivery AS4 Access Point for the interoperable, secure and reliable data exchange. It is based on the eDelivery AS4 profile, an open technical specification for the secure, web-based, payload-agnostic exchange of data or documents.
DomiSMP is the sample software provided by the European Commission to implement an eDelivery Service Metadata Publisher for publishing and retrieving data necessary for an eDelivery party to dynamically configure its system for message exchange with counterparties using eDelivery. It is based on the eDelivery SMP profile, an open technical specification for publishing service metadata within a 4-corner network.
DomiSML is the sample software provided by the European Commission to implement an eDelivery Service Metadata Locator for an eDelivery party to discover the URLs of other counterparties using eDelivery Access Points and their corresponding metadata. It is based on the eDelivery BDXL profile, an open technical specification for locating Access Points within a network, and on the PEPPOL SML Specification, a technical specification defining a BDXL administration API.
eDelivery team at OSOR Conference: Visit us in Brussels on 21 November!
Update (22 November): Our colleagues, participants at the OSOR conference, emphasised the importance of public investment translating into public code. Our team’s promotion of open-source values highlighted our commitment to this community. eDelivery’s continued participation in such events reflects our aspiration to contribute actively to the open-source world. Stay tuned for more updates on eDelivery’s journey in the open-source domain.
Original content:
On 21 November, eDelivery will be present at the Open Source Observatory's Conference in Brussels, and we're excited to invite you to visit our stand. We are looking forward to the opportunity to connect with you!
The Open Source Observatory (OSOR) celebrates its 15th birthday with a conference: "From Pioneering to Mainstreaming Open Technologies in Public Services". The event will bring together movers and shakers of open source in public services including public officials from around the EU, businesses, organisations, researchers, developers, and groups that collectively make up the diverse OSOR community. This conference will shine a spotlight on those individuals, projects, and organisations that spearheaded open source projects in the Commission and those who continue the mission of sustainable and open digital transition throughout the EU today.
Find our stand to explore how eDelivery contributed to this mission with its offering of open source products Domibus, DomiSMP and DomiSML, and learn about the potential of eDelivery open source solutions for your future projects!
Our stand will be in the room dedicated to Commission open source solutions (OpenSource@EU) which is situated next to the photo booth. You won't miss it as you explore the event. Look out for Cosmin Baciu, François Gautier and Joze Rihtarsic, who will be there to answer any questions you might have about the eDelivery solutions, or also, just to have a chat!
We are excited to discuss our eDelivery solutions and how they can benefit your digital endeavors. So, make sure to stop by the OpenSource@EC room to chat with us and explore the possibilities of eDelivery. We look forward to meeting you in Brussels!
Stay tuned for the latest updates on the eDelivery services by checking the building block's twitter and web page. For more information, do not hesitate to register for personalised news or contact us via our portal or by e-mail: EC-EDELIVERY-SUPPORT@ec.europa.eu.
The eDelivery Building Block
eDelivery is a building block that provides technical specifications and standards, installable software and ancillary services to allow projects to create a network of nodes for secure digital data exchange.
Domibus is the sample software provided by the European Commission to implement an eDelivery AS4 Access Point for the interoperable, secure and reliable data exchange. It is based on the eDelivery AS4 profile, an open technical specification for the secure, web-based, payload-agnostic exchange of data or documents.
DomiSMP is the sample software provided by the European Commission to implement an eDelivery Service Metadata Publisher for publishing and retrieving data necessary for an eDelivery party to dynamically configure its system for message exchange with counterparties using eDelivery. It is based on the eDelivery SMP profile, an open technical specification for publishing service metadata within a 4-corner network.
DomiSML is the sample software provided by the European Commission to implement an eDelivery Service Metadata Locator for an eDelivery party to discover the URLs of other counterparties using eDelivery Access Points and their corresponding metadata. It is based on the eDelivery BDXL profile, an open technical specification for locating Access Points within a network, and on the PEPPOL SML Specification, a technical specification defining a BDXL administration API.
Addressing the ActiveMQ vulnerability in eDelivery sample software
Update 21 December 2023
Domibus 5.1.2 patching the vulnerability was released.
Update 21 November 2023
Domibus 5.0.7 patching the vulnerability was released.
Update 17 November 2023
Domibus 5.1.2 patching the vulnerability will be released on 21 December 2023.
Update 16 November 2023
Domibus 5.0.7 patching the vulnerability will be released on 21 November 2023.
Original announcement
We are aware of the recent vulnerability reported in ActiveMQ, which is used by Domibus as a message broker. This vulnerability, identified as CVE-2023-46604, may allow a remote attacker with network access to the ActiveMQ broker to run arbitrary shell commands. We understand the concerns this may raise and we want to assure you that we are taking this matter very seriously.
Impact
All Domibus versions are affected by this vulnerability when configured to use ActiveMQ (embedded or standalone). However, it’s important to note that if your ActiveMQ ports are not exposed on the internet, you are not under threat. The risk only exists if an attacker has access to the ports. Therefore, we strongly advise not to expose any ActiveMQ ports on the internet to avoid being subject to this vulnerability.
DomiSMP and DomiSML do not use ActiveMQ, therefore they are unaffected.
Recommendations
While we are working on Domibus patch versions which will upgrade to an ActiveMQ version that does not have the vulnerability, we want to provide immediate steps you can take to secure your systems:
1. Users of an ActiveMQ version embedded in Domibus:
- Close your ports: If you haven’t exposed your ports, you are secure. If you have, we strongly recommend closing them. This is an immediate and effective action you can take to protect your system.
- Upgrade to Domibus 5.0.6 or 5.1 We will not be releasing a patch for Domibus 4.2 as it is out of support. We strongly encourage you, if you haven’t done so already, to plan your upgrade to either Domibus 5.0.x or Domibus 5.1.x.
- Apply our upcoming patch: If closing the ports is impossible for any reason, we are working on a patch that you can apply to secure your system. We will provide detailed instructions on how to apply this patch once it’s ready.
2. Users of a standalone ActiveMQ version:
- Upgrade ActiveMQ: Please upgrade your ActiveMQ installation to a patched version. Please check this page for details.
Looking forward
We understand that this situation may cause some concern, but we want to assure you that the security of your systems and the integrity of Domibus are our top priorities. We are committed to addressing this issue promptly and thoroughly. We appreciate your patience and understanding as we work to resolve this matter.
Stay tuned for the latest updates on eDelivery services by checking the Building Block's X and web page. For more information, do not hesitate to register for personalised news or contact us via our portal or by e-mail: EC-EDELIVERY-SUPPORT@ec.europa.eu.
The eDelivery Building Block
eDelivery is a building block that provides technical specifications and standards, installable software and ancillary services to allow projects to create a network of nodes for secure digital data exchange.
Domibus is the sample software provided by the European Commission to implement an eDelivery AS4 Access Point for the interoperable, secure and reliable data exchange. It is based on the eDelivery AS4 profile, an open technical specification for the secure, web-based, payload-agnostic exchange of data or documents.
DomiSMP is the sample software provided by the European Commission to implement an eDelivery Service Metadata Publisher for publishing and retrieving data necessary for an eDelivery party to dynamically configure its system for message exchange with counterparties using eDelivery. It is based on the eDelivery SMP profile, an open technical specification for publishing service metadata within a 4-corner network.
DomiSML is the sample software provided by the European Commission to implement an eDelivery Service Metadata Locator for an eDelivery party to discover the URLs of other counterparties using eDelivery Access Points and their corresponding metadata. It is based on the eDelivery BDXL profile, an open technical specification for locating Access Points within a network, and on the PEPPOL SML Specification, a technical specification defining a BDXL administration API.