Updates to eDelivery AS4 2.0 and SMP 2.0 profiles & new eDelivery BDXL 2.0 profile

The eDelivery AS4 2.0 and SMP 2.0 profiles (insert links) have been updated to reflect comments (insert link) received during the 2023 public consultation. In addition to these updates the team has  consultations on eDelivery AS4 and SMP 2.0 specifications. Based on the comments the eDelivery team decided to offer a draft for the eDelivery BDXL profile version 2.0. Look out for the upcoming consultation on eDelivery AS4 2.0 and SMP 2.0 profiles and find out about activities and support towards their adoption!

Response to the previous consultation

As a brief reminder, (insert public consultation and justification with link to previous article)

We would like to thank you again for your input towards the recent consultation on the AS4 and SMP 2.0 profiles. We have published the disposition for review comments including our responses to them on the consultation pages:

• Consultation on the eDelivery AS4 profile version 2.0 public review comments and response
• Consultation on the eDelivery SMP profile version 2.0 public review comments and response

These documents offer full transparency into our decision making process. 

Updated profiles available

In our continuous commitment to develop state-of-the-art data exchange in the EU, the eDelivery team is delighted to share significant developments regarding the eDelivery AS4 2.0 and SMP 2.0 profiles. The 2.0 specifications will enable eDelivery to remain at the cutting-edge of security measures, adopting state-of-the-art protocols and algorithms as well as two new Profile Enhancements, one introducing ebCore Agreement Update and one supporting alternative curves and algorithms for encryption and digital signing. The new profile supports OASIS SMP version 2.0 , allows publishing multiple certificates (signing, encryption and key exchange) for a transport and supports both eDelivery AS4 profiles 1.x and 2.0. The changes are detailed on both the Public Consultation and new Draft Specification pages. The two proposed Draft Specifications were designed to work together.   Following the June 2023 public review, we have meticulously addressed the feedback received and are excited to present the updated eDelivery AS4 2.0 and SMP 2.0 specifications:

• Updated eDelivery AS4 2.0 draft specification
• Updated eDelivery SMP 2.0 draft specification

Based on the feedback we decided The profiles have not only been updated based on public feedback, but also based on internal progress . During the process it was necessary to update the BDXL profile too, a draft is available here:

• eDelivery BDXL 2.0 draft specification (link tbc.) 

To foster inclusivity and address any potential concerns on the draft of the latest profiles, we will invite you to participate in a second public consultation on these updates soon - look out for the news!

What has changed?

Following the 2023 public consultation, where we received valuable feedback, the AS4 2.0 and SMP 2.0 specifications underwent some updates. Noteworthy responses from the consultation encompassed security choices, with insights from cryptography experts guiding our decisions. While key transport replacement was deliberated, we opted to adhere to the original proposal based on expert recommendations. Furthermore, we heeded the suggestions by implementing the removal of SBDH as a profile enhancement in the new specification.

We would like to thank you again for your input towards the recent consultation on the AS4 and SMP 2.0 profiles. We have published the disposition for review comments including our responses to them on the consultation pages:

• Consultation on the eDelivery AS4 profile version 2.0 public review comments and response
• Consultation on the eDelivery SMP profile version 2.0 public review comments and response

...

Changes to AS4 2.0 profile

AS4: 3 changes, one form the consultation, 2 from internal conversations

Second draft version of a major update of the eDelivery AS4 profile that builds on the 2023 working draft and adds further changes to the AS4 profile:

In the common profile, in the message encryption section:

• HKDF is used as key derivation function instead of ConcatKDF. It is preferred from a cryptographic point of view. The specification for using HKDF in XML Security is part of the draft update RFC 9231bis. The output of HKDF is used to wrap a symmetric encryption key.  
• In section 3.4.1,  the use of the type attribute on PartyId is recommended

In the profile enhancements section:

• Removal of the optional SBDH profile enhancement. It has seen limited adoption by eDelivery users, the common profile already supports multiple payloads and the SBDH specification has been superseded by other standards. Users can still use SBDH or similar schemas in their payloads.   
• Listed mandatory curves to support in the ECC Option Curve conformance clause.
• In 4.1.2, the four corner topology profile, recommend the use of the type attribute for originalSender and finalRecipeint

Changes to SMP 2.0 profile

Changes:

• Clarified the mapping table in section 3.2.
• Updated the section on eDelivery ebCore Party Identifiers to recommend the use of the schemeID attribute of the ParticipantID element in SMP 2.0 documents.
• Editorial.

New BDXL 2.0 profile

Changes:

• ... (Meta:SMP2)
• Updated section 4.1 to mention separate ebCore Party Id Type and identifier value must be concatenated into an ebCore Party Identifier for use with BDXL.

Adoption in 2024

The final publication of the change will conclude the Specification Change Process and is expected soon after the second consultation. 

...