CEF eDelivery AS4 adds support for large files
©Adobe Stock
The European Commission is happy to announce a new version of eDelivery AS4, one of the technical specifications for the Connecting Europe Facility (CEF) eDelivery Building Block.
This new version, v.1.15, supports the exchange of large messages (over 2GB) using the ebMS3 Part 2 'Split and Join' protocol. This new feature is added as an optional Profile Enhancement rather than as a change to the eDelivery AS4 Common Profile. This means that it becomes a selectable option for users that need it but can be ignored by other users. Users who do not intend to use 'Split and Join' do not need to upgrade their software or change their configuration.
What is eDelivery?
CEF eDelivery is a digital building block that helps public administrations to exchange electronic data and documents with other public administrations, businesses and citizens, in an interoperable, secure, reliable and trusted way. The CEF eDelivery solution is based on a distributed model called the “4-corner model”. In this model, the back-end systems of the users don’t exchange data directly with each other but do this through Access Points. These Access Points are based on the same technical specifications and therefore capable of communicating with each other.
Apart from this optional enhancement, version 1.15 is virtually identical to version 1.14. It does also, however, introduce several other small changes, namely:
- a recommendation on how the certificates are carried in the WS-Security header;
- TLS 1.3 is now also allowed by the profile (whereas before only TLS 1.2 was allowed);
- minor editorial fixes.
A request for change
In 2018 the eDelivery team prepared a draft profile specification including 'Split and Join' as an optional enhancement, following the users' requests. The eDelivery team subsequently issued a public consultation (November 2018) to get input on the specification from the eDelivery community. After careful and long consideration following the comments received, in particular on the addition of the new optional feature, the version 1.15 of the profile was adopted by the eDelivery Operational Management Board in October 2020. The analysis that supported this decision is provided in the document 'Disposition of Public Review Comments on eDelivery AS4 1.15' below.
What is 'Split and Join'?
The “Large Message Splitting and Joining” feature for MIME-based SOAP messaging is specified in section 4 of the ebMS3 Part 2 specification (for a more comprehensive overview of the specifications, go here). It provides a mechanism for allowing a "Sending Message Header Segment (MSH)" to split a large MIME-enveloped SOAP message, referred to as the source message, into a set of smaller MIME-enveloped SOAP messages, referred to as fragment messages, which MUST be joined at the Receiving MSH side. The resulting target message is an identical copy of the source message. The feature also supports compression.
The Split and Join feature is transparent to Producer and Consumer. The Submit and Deliver MSH operations are atomic and relate to source messages, irrespective of size, so that delivery of the source message does not occur until all fragment messages in a fragment group are received and the source message is successfully re-assembled by the Receiver MSH from the fragment messages. However, this does not prevent Producer or Consumer from monitoring transmissions that are still in progress.
Why add 'Split and Join'?
Available implementations of the eDelivery AS4 Common Profile have demonstrated an ability to exchange AS4 messages up to 2GB in size. This covers the requirements of the vast majority of eDelivery AS4 users. However, some users of eDelivery have expressed a need to exchange very large messages (potentially up to hundreds of gigabytes).
During the EU e-SENS project, an initial study evaluated a number of approaches to handling large messages. The study concluded that the ebMS3 Part 2 Large Message Splitting and Joining feature was the approach that best met user requirements. Building on that work, the CEF eDelivery team has developed a draft new optional eDelivery AS4 Profile Enhancement based on this feature. This Enhancement profiles the OASIS specification feature and adapts it to work with eDelivery AS4.
'Split and Join' as a profile enhancement
Starting with version 1.13, eDelivery AS4 is structured as a Common Profile with a set of optional Profile Enhancements. To conform to eDelivery AS4, message delivery systems must conform to the Common Profile - in addition, if these systems require added features they can conform to one or more Profile Enhancements that carry these features, depending on which they need. The new 'Split and Join' feature of eDelivery AS4 introduced in version 1.15 is specified as a new optional Profile Enhancement. The specifications of the Common Profile and of the pre-existing Profile Enhancements from v.1.14 are technically identical in v.1.15. This means that message exchange/delivery systems that conforms to the Common Profile (and possibly one or more of the existing Profile Enhancements) from version 1.14 are not affected by the change and automatically conform to v.1.15.
Frequently Asked Questions
Is 'Split and Join' mandatory in eDelivery implementations?
No, it is an optional Profile Enhancement introduced in 1.15. Implementations are not required to implement the Profile Enhancements.
I’m a user of eDelivery AS4 1.14, how do I upgrade to version 1.15?
If you don’t intend to use 'Split and Join', then there is nothing to change.
If you do intend to use it, you may have to upgrade your eDelivery software as (the current version of) your product may not have conformant support for 'Split and Join'.
I’m a vendor of AS4 software, do I have to implement 'Split and Join' to be conformant to eDelivery AS4?
Since version 1.13, implementations conform to eDelivery AS4 if they conform to the eDelivery Common Profile and to zero or more of the optional Profile Enhancements. It is up to you as a vendor to decide if you implement the new 'Split and Join' enhancement.
Who is impacted by the proposed new 'Split and Join' Enhancement?
Since the proposed Profile Enhancement does not replace any existing part of eDelivery AS4 and is an optional feature, no existing users are affected. It simply means that if necessary, users are now able to access a new functionality for sending larger messages.
Is 'Split and Join' secure?
Yes, signing and encryption processing is applied to all fragments and reordering or replacing fragments is not possible without detection.
Can I use 'Split and Join' in combination with other Profile Enhancements?
Yes, it can be used with all the existing Profile Enhancements.
How do I know if my counterpart supports 'Split and Join'?
In a statically configured environment, this information needs to be shared among parties.
In an environment that uses Dynamic Sender, a discovery infrastructure is used to publish business and technical capabilities, including the supported messaging protocol profile. A new identifier will indicate whether your counterpart's system has support for eDelivery AS4 with 'Split and Join'.