Updates to eDelivery AS4 2.0 and SMP 2.0 profiles & new eDelivery BDXL 2.0 profile
The eDelivery AS4 2.0 and SMP 2.0 profiles have been updated to reflect comments received during the 2023 public consultations on the eDelivery AS4 and SMP 2.0 specifications. In addition, the eDelivery team decided to offer a draft for the eDelivery BDXL profile version 2.0. Look out for the upcoming consultation on eDelivery AS4 2.0 and SMP 2.0 profiles and find out about activities and support towards their adoption!
Response to the previous consultation
In June 2023, the eDelivery team called for a consultation on the AS4 and SMP 2.0 specifications. At the time, the initial draft specification of the eDelivery AS4 profile 2.0 included updates for the security section and proposed two new Profile Enhancements. The initial draft specification of the eDelivery SMP profile 2.0 included support for OASIS SMP version 2.0, allowed publishing multiple certificates (signing, encryption and key exchange) for a transport and supported both eDelivery AS4 profiles 1.x and 2.0. Both draft Specifications mark a backwards-incompatible evolution of the profiles, where Access Points operating with profile version 2.0 cannot exchange messages with Access Points operating with profile version 1.x.
We would like to thank our stakeholders again for their input towards the consultations on the initial AS4 and SMP 2.0 draft specifications. For full transparency, you can find the disposition for public review comments added to the consultation pages. The documents include the feedback from the eDelivery team on each comment individually:
- Consultation on the eDelivery AS4 profile version 2.0 public review comments and response
- Consultation on the eDelivery SMP profile version 2.0 public review comments and response
Updated profiles available
In our continuous commitment to develop state-of-the-art data exchange in the EU, the eDelivery team is delighted to share significant developments regarding the eDelivery AS4 2.0 and SMP 2.0 profiles. Following the 2023 public consultation, the team has meticulously addressed the feedback received and are excited to present the updated eDelivery AS4 2.0 and SMP 2.0 specifications:
The profiles have not only been updated based on public feedback, but also based on internal progress. During the process it was necessary to update the BDXL profile too, a draft is available here:
The detailed changes are outlined underneath.
AS4: 3 changes, one form the consultation, 2 from internal conversations
SMP:
BDXL:
Changes to AS4 2.0 profile
This is the second Second draft version of a major update of the eDelivery AS4 profile that builds , building on the 2023 working draft and adds adding further changes to the AS4 profile:
Message Encryption: HKDF Replaces ConcatKDF
In the common profile, there is a shift in the message encryption section:
. Instead of ConcatKDF, we now use HKDF (HMAC-based Key Derivation Function). From a cryptographic standpoint, HKDF offers superior security. The specification for
usingHKDF usage in XML Security is
part ofdetailed in the draft update RFC 9231bis. The output of HKDF is
usedemployed to wrap a symmetric encryption key
. In section, ensuring robust protection for your data.
PartyId Type Attribute Recommendation
Section 3.4.1
introduces a recommendation to use the type attribute on
PartyId is recommendedPartyId. This enhancement streamlines identification and improves interoperability across systems. By adopting this practice, the profile will enhance the clarity and consistency of PartyId usage.
Streamlining SBDH and ECC Curves
There are two changes to In the profile enhancements section, :
- SBDH Profile Removal of the : The optional SBDH (Standard Business Document Header) profile enhancement . It has seen has been removed. While it served a purpose, limited adoption by eDelivery users , led us to streamline the common profile already supports multiple payloads and the SBDH specification has been superseded by other standards. Users can still use . Users are free to incorporate SBDH or similar schemas in their payloads.
- Listed mandatory curves to support in the ECC Option Curve conformance clause. In
- Mandatory ECC Curves: We’ve listed specific elliptic curve cryptography (ECC) curves that are now mandatory for compliance. These curves ensure robust security and efficient key exchange.
Four Corner Topology: Type Attribute for OriginalSender and FinalRecipient
In section 4.1.2, which covers the four corner topology profile,
recommend the use ofthere is a new recommendation for using the type attribute for both originalSender
and finalRecipeintand finalRecipient. This small adjustment enhances clarity and consistency in topology descriptions, making eDelivery implementations more robust.
Changes to SMP 2.0 profile
ChangesThis is the second draft version of a major update of the eDelivery SMP profile, building on the 2023 working draft and adding further changes to the SMP profile:
Clarified
the mappingMapping Table
The Mapping table in
Section 3.2 serves as a crucial reference point for understanding the relationships between various elements. With improved clarity, it will be easier to navigate and interpret the metadata mappings.
Updated the section oneDelivery ebCore Party Identifiers: SchemeID Recommendation
The section dedicated to eDelivery ebCore Party Identifiers now includes a recommendation to
use
ofthe schemeID attribute of the ParticipantID element in eDelivery SMP 2.0 documents. This practice enhances consistency and ensures seamless interoperability across systems. By adopting this approach, you’ll streamline the identification process and facilitate smoother data exchange.
Editorial Enhancements
The eDelivery team has invested effort in editorial improvements. These subtle tweaks enhance readability, eliminate ambiguities, and make the SMP 2.0 specification more user-friendly.
New BDXL 2.0 profile
Changes:
Enhanced ebCore Party Identifiers
As now outlined in section 4.1
, when dealing with BDXL, ebCore Party Identifiers now follow a specific format. The identifier value must be concatenated
into an ebCore Party Identifier for use with BDXL.with the ebCore Party Id Type, ensuring seamless integration with BDXL. This streamlined approach simplifies identification and enhances interoperability across systems.
Streamlined Metadata Handling
We recognize the importance of efficient metadata management. By aligning ebCore Party Identifiers with BDXL requirements, we’ve paved the way for smoother data exchange.
Adoption in 2024
To foster inclusivity and address any potential concerns on the draft of the latest profiles, we will invite you to participate in a public consultation on these updates soon - look out for the news! The final publication of the change will conclude the Specification Change Process and is expected soon after the second consultation.
We recommend that EC colleagues operating or preparing eDelivery-based ecosystems as well as eDelivery solution providers plan their adoption of the new specifications starting from now. Read about how eDelivery will support the adoption of these updated profiles. Exciting events, including meetings and an interoperability event, are on the horizon as we take a step into the future with eDelivery in 2024.
.
The eDelivery Building Block
eDelivery is a building block that provides technical specifications and standards, installable software and ancillary services to allow projects to create a network of nodes for secure digital data exchange.
| Excerpt | ||
|---|---|---|
| ||
Read about the updates to the eDelivery AS4 2.0 and SMP 2.0 profiles and why we are updating the eDelivery BDXL profile. |