You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Current »

Public Consultation

Status

OPEN

Consulted Expert Group / StakeholdereDelivery community
OutcomeComments for input
Launch date

 

Due date

 

Main contact addressEC-EDELIVERY-SUPPORT@EC.EUROPA.EU

Communication:

The eDelivery team is opening a public consultation on the updated draft specification of the eDelivery AS4 profile 2.0, available here. The proposed specification was designed to work together with the new draft specifications of the eDelivery SMP profile 2.0, eDelivery BDXL profile 2.0 and eDelivery ebCore Party Id profile 2.0, all equally open for public consultation.

The version of the new draft specifications is set to 2.0 to illustrate that this is a backwards-incompatible evolution of the profile in that Access Points configured to operate with profile version 2.0 cannot exchange messages with Access Points configured to operate with profile version 1.x. It is noted that the backward incompatibility at the profile level does not preclude implementations from supporting both profile versions in the same product and allowing through configuration the parallel use of both versions (e.g., version 1.x when interacting with a legacy Access Point and version 2.0 when interacting with a new Access Point).

The first draft of the eDelivery AS4 2.0 profile included updates to the security section concerning message signing, message encryption and Transport Layer Security. It also included new profile enhancements for ebCore Agreement Update and for supporting alternative elliptic curves and algorithms. In response to the public review comments on this first draft and further internal analysis, several changes were made in the second draft:

  • the message encryption section of the Common Profile was adapted to use HKDF instead of ConcatKDF for key derivation. The specification for using HKDF in XML Security is part of the draft update RFC 9231bis.
  • the message layer security section of the Common Profile was clarified and better specified.
  • the Common Profile and the Four Corner Topology profile enhancement were updated to mandate the use of the type attribute on PartyId, originalSender and finalRecipient.
  • the SBDH profile enhancement was removed, clarifying that either SBDH or XHE can be used as regular payloads without the need for any further specifications.
  • the Alternative Elliptic Curve Cryptography Option profile enhancement lists additional mandatory curves to support and allows the use of further optional curves.

Read more about some of these updates in the disposition of public review comments published with the previous consultation on the AS4 2.0 profile.


Please post your comments on this page or send them to EC-EDELIVERY-SUPPORT@ec.europa.eu with [eDelivery AS4 profile version 2.0] in the title of the email.

  • No labels