You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Public Consultation

Status

OPEN

Consulted Expert Group / StakeholdereDelivery community
OutcomeComments for input
Launch date

 

Due date

 

Main contact addressEC-EDELIVERY-SUPPORT@EC.EUROPA.EU

Communication:

The eDelivery team is opening a public consultation on the updated draft specification of the eDelivery AS4 profile 2.0, available here. The proposed specification was designed to work together with the new draft specification of the eDelivery SMP profile 2.0, which is equally open for public consultation.

The first change of the profile included Updates to the security section concerning message signing, message encryption and Transport Layer Security. It also included a new profile enhance for ebCore Agreement Update

In response to the public review comments on the AS4 2.0 2023 draft profile, several changes were incorporated: the eDelivery team decided to remove the optional SBDH profile enhancement and the availability of alternative standards. Users are free to choose either SBDH or XHE as a regular payload without any further specifications and the removal of the SBDH profile enhancement will provide clarity on this.

Additionally, recommendations from cryptography and XML security experts, as well as internal evolution influenced the evolution of the profile enhancement section towards more support for elliptic curve cryptography. Additional curves, as well as a recommendation to use the type attribute when using the ebCoreParty identifiers were introduced.

Further changes in the message encryption section of the Common Profile concern the use of key transport algorithms, including the adoption of key derivation function HKDF over ConcatKDF.

Read about the updates to the security section, recommendations from cryptographic experts as well as the detailed response to the previous consultation on the AS4 2.0 profile.


The version of the updated draft specification is set to 2.0 to illustrate that this is a backwards-incompatible evolution of the profile in that Access Points configured to operate with profile version 2.0 cannot exchange messages with Access Points configured to operate with profile version 1.x. It is noted that the backward incompatibility at the profile level does not preclude implementations from supporting both profile versions in the same product and allowing through configuration the parallel use of both versions (e.g., version 1.x when interacting with a legacy Access Point and version 2.0 when interacting with a new Access Point).


Please post your comments on this page or send them to EC-EDELIVERY-SUPPORT@ec.europa.eu with [Updated eDelivery AS4 profile version 2.0] in the title of the email.


  • No labels