Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sonnenglanz Consulting BV September 2010CPA Creation Toolkit1 September 2010.

Published byAbbie Sizer Modified over 9 years ago

Similar presentations

Presentation on theme: "Sonnenglanz Consulting BV September 2010CPA Creation Toolkit1 September 2010."— Presentation transcript:

1 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit1 September 2010

2 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit2 Agenda (I) Background Service Specification –“Simple Message Format” (SMF) Basic Process –Service Creation / Storage –Partner Information Creation / Storage –CPA Creation

3 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit3 Agenda (II) Utilities –Transform ebBP into a SMF specification –Transform certificate into KeyInfo structure –Create Participant file –Adjust CPA for SSL-offloading –Generate MMDs from CPA’s

4 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit4 BACKGROUND September 2010

5 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit5 Background (1) Manual creation of CPA is tedious / complex The ‘Business Process’ should be the starting point Many ‘re-usable’ parts of a partner, like –url of the endpoint –partyId –certificates A CPA should be computed, not created manually! (... the same applies to the CPP and/or CPA-template...)  The CPA Creation Toolkit

6 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit6 Background (2) Basic idea –Store the ‘business process’, called services (SMF, see next slides) –Store the partner information (the technical ‘capabilities’) –Re-use the above information when creating a CPA Select a service Select the partners for the applicable roles within a service Compute the CPA Use of ebBP is preferred, but we started with a simplified specification called ‘Simple Message Format’ (SMF). –We concentrated on the bare-minimum first!

7 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit7 SERVICE SPECIFICATION September 2010

8 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit8 Simple Message Format (1) SMF, a simple XML format: –to define service names in which –a number of messages can be exchanged between roles, like ‘from’ and ‘to’ (not partners!). In addition, it defines: –a set of roles that can be fulfilled by a particular partner –a set of items that a partner has to provide, like the url of the endpoint the partyId... URL of the XSD: –http://www.sonnenglanz.net/2010/07/09/smf.services.2.0.xsdhttp://www.sonnenglanz.net/2010/07/09/smf.services.2.0.xsd

9 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit9 Simple Message Format (2) Basic XML Structure The services element defines 1-or-more service elements. A service element defines the messages that are exchanged. The rolebindings element groups the various roles that have been used in the different service elements. The parameters element defines the items that have to be provided by a partner (later on). The profiles element defines default values for exchange characteristics, like security and retry intervals.

10 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit10 Simple Message Format (3) –Each profile has a name, reference by a message in a service. –Each profile can specify some characteristics: Security (transport and/or payload) Exchange by means of acknowledgements (retry count and interval, called ‘reliable’) or not (‘fire-and-forget’, called ‘best effort’) Retry Count and/or Interval See next Intermezzo. The name of the profile. See next Intermezzo.

11 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit11 Intermezzo Profile Attributes attributes: –name = a unique name (Identifier) for the profile. –transport = the type of transfer. Possible values: reliable : uses acknowledgements, together with the Retry Count and Retry Interval besteffort : no acknowledgements (‘fire-and-forget’) –security = specifies how the information is secured during transport, including payload. Possible values: transport : client & server authentication (‘double sided ssl’) sign : signed payload (business document) payload : signed & encrypted payload (business document) transport-and-sign : combination of previous values transport-and-payload : combination of previous values –retryCount : the number of retries (an integer value) –retryInterval : the interval before a next retry is performed. A ‘duration’ value must be provided according to the XML Schema-2 Definitions. (Example: ‘PTH3’) The last two only make sense in combination with transport=reliable These attributes (except the ‘name’ attribute ) can also be used in the message elements in a service element.

12 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit12 Simple Message Format (4) –A service has: An identifier (serviceId). Some optional attributes to characterise the service. One or more messages: –exchanged between the from-role and the to-role –with some characteristics (like security or profile name) You can specify defaults. See next Intermezzo. The id of a service. The role of a partner that sends a message. The role of a partner that receives a message. The name of a message.

13 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit13 Intermezzo Services Attributes (plural) attributes (all optional): –defaultTransport = the type of transfer. If none is provided, the value ‘besteffort’ is assumed. –defaultSecurity = specifies how the information is secured during transport, including payload. If none is specified, the value ‘transport’ is assumed. –defaultRetryCount = the number of retries. If none is specified, the value ‘8’ is assumed. –defaultRetryInterval = the interval before a next retry is performed. If none is specified, the value ‘PTH3’ is assumed (3 hours). The defaultSecurity value is also used to define the security characteristics of the Acknowledgement Channel. These values are assumed by the message elements within a service (single) element, if nothing is explicitely specified within that message element (or defined indirectly via a profile!).

14 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit14 Intermezzo Service Attributes (single) attributes: –serviceId* = a unique name (Identifier) to identify the service. –serviceType = the type of the service. –process* = the name of the process specification. –processHref = a reference to a web page, explaining the process. –processUuid = the UUID of the process specification. –processVersion = the version of the process. (*) Required attribute

15 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit15 Simple Message Format (5) –combines a set of roles –to be fulfilled by a partner The name of a role can be used in different services. A binding element groups the various roles for a particular partner. The role element ‘selects’ the role within a particular service. For each partner, it is defined what items have to be provided. The attribute parameterId refers to that definition.

16 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit16 Intermezzo Rolebinding Attributes attributes: –name = the name of the ‘grand-role’ (shown at the screen when creating a CPA) for a Partner. –parameterId = the identifier of a group of parameter items. attributes: –serviceId = the identifier of the service within the services (plural) element. –name = the name of the role, used in the indicated service (by means of the serviceId).

17 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit17 Simple Message Format (6) –defines a set of items to be provided by a partner The identifier of this group of items (parameters). Must the partner provide a value or not? In this example “yes”. A signing and encryption certificate has to be provided (for payload encryption). For this one, a default value is given, but can be ‘overruled’ by the partner.

18 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit18 Intermezzo Parameter Attributes attributes: –parameterId = a unique name to identify a group of parameter items. attributes: –name = the name of the item. Only the name of the list are allowed! (See next slide) –required = indicates whether or not the Partner has to provide a value for that item.

19 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit19 Intermezzo Parameter Names Allowed values for the name attribute: –PartyName : the name of the Partner –PartyId : a value that identifies a Partner –PartyIdType : the type of the identifier. –PartyIdList : a list of PartyId’s. Specify one or more elements. –PartyRef : a reference to a webpage explaining the service provided by the partner. –EndpointUri : the URL of the endpoint. (The S for HTTPS is automatically added to –or removed from– the url in the CPA, depending on the security attributes in the service specification.) –EndpointUriConditional : specifies two possible URL’s; the use depends on the connection type (‘direct’ or ‘intermediary’). –PersistDuration : a generic value for the period of time to store messages (not necessarily used by ebMS adapters!) –ClientCert : a client certificate, to authenticate the client Endpoint –ServerCert : a server certificate, to authenticate the server Endpoint (and encrypt the transport HTTP protocol) –SigningCert : a signature certificate, to sign the payload (business document) –EncryptionCert : an encryption certificate, to encrypt the payload (business document)

20 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit20 BASIC PROCESS September 2010

21 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit21 Basic Proces (1) Overview: –Store one or more Services (SMF file) in the repository. –Store two or more Participants in the repository. –Create a CPA based on a Service and Participants in the repository. Via the web interface:

22 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit22 Basic Proces (2) Store Service in Repository –Create an SMF for a particular service. URL of the XSD and namespace: http://www.sonnenglanz.net/2010/07/09/smf.services.2.0.xsd http://www.sonnenglanz.net/2010/07/09/smf.services.2.0.xsd –Upload the SMF, by providing a unique name (see next slide). –The unique name is used later on, when a service is selected for the creation of CPA’s. –Services are re-used, when other partners start a collaboration based on that service.

23 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit23 Basic Proces (3) Store Specification The unique service name. The specification file, to be uploaded. The XSD for the xml file. Use it to create and validate your specification before you upload the file!

24 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit24 Basic Process (4) Store Participant in Repository –Participants are the potential partners within a collaboration. –Create a file with all relevant technical information. URL of the XSD and namespace: http://www.sonnenglanz.net/2010/07/09/smf.parameters.2.0.xsd http://www.sonnenglanz.net/2010/07/09/smf.parameters.2.0.xsd –Upload the file, by providing a unique name (see next slide). –Participants are re-used, when they want to start a collaboration based on a service.

25 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit25 Basic Process (5) Store Participant The unique name of the participant. The file, to be uploaded. The XSD for the xml file. Use it to create and validate your information before you upload the file!

26 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit26 Basic Process (6) CPA Creation –Select a service (from the drop-down menu) –For each role: Select a participant (from the drop-down menu) –Optionally, specify: The life-time of the CPA Version information, to be used in the CPA ID –Select the infrastructure-context for the Endpoints: Direct-Connection = Point-to-Point Connection Intermediary = Gateway and Router for ebMS messages

27 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit27 Basic Process (7) Create CPA – Select Service Select the unique service name from the drop-down menu. This link will show you the xml of the Service specification (in a new window).

28 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit28 Basic Process (8) Create CPA – Select Participants Select the participant name from the drop-down menu for the particular role (at the left). The example Service defines two Roles, one with the name “testerA” and one with the name “testerB”. If a service defines more roles, you would see them all. Select only those that are needed for the CPA creation. This link will show you the xml of the Participant file (in a new window).

29 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit29 Basic Process (9) Create CPA – Connection Type Connection types: –Direct: a Point-to-Point connection between the endpoints; they can ‘ping’ each other over HTTP(S). –Intermediary: a Gateway and Router is in between the endpoints. The Intermediary also routes ebMS packets (based on the partyId) to the Endpoint that is behind the Gateway. See Intermezzo’s...

30 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit30 Intermezzo Connection Type (1) Connection type: Direct –A Point-to-Point connection between the endpoints; they can ‘ping’ each other over HTTP(S). Endpoint Partner A Endpoint Partner B Internet

31 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit31 Intermezzo Connection Type (2) Connection type: Intermediary –A Gateway (and Router for ebMS packets) in between the endpoints. –The endpoints only ‘see’ the Intermediary. Endpoint Partner A Endpoint Partner B Internet Intermediary

32 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit32 Intermezzo Connection Type (3) Connection type: Intermediary –Endpoint A uses the URL of the Intermediary to send ebMS packets to Partner B (a kind of ‘next hop’). –Endpoint B uses the URL of the Intermediary to send ebMS packets to Partner A (a kind of ‘next hop’). –The Intermediary knows the partyId and the URL of Endpoint A knows the partyId and the URL of Endpoint B routes ebMS packets based on the partyId –No CPA’s needed between –No CPA’s needed between: Partner A and the Intermediary Partner B and the Intermediary

33 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit33 Basic Process (10) Create CPA – CPA ID For special cases: you can provide your own CPA ID –The ID itself (a postfix or a full ID) –The start date of the CPA –The end date of the CPA

34 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit34 Basic Process (10) CPA Created The CPA’s are created, based on the Service and the assigned Participants. –Download the files; right-mouse-click on the link CPA. The download link. This example shows only one CPA, but more can be shown: this depends on the service and the assigned participants!

35 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit35 UTILITIES September 2010

36 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit36 Utilities (1) Transform ebBP into a SMF specification –Input: an ebBP –Output: an SMF NB: –The transformation is experimental! Check the result! –Some information is assumed, for instance about the parameter items.  Modify the resulting SMF to your own needs!

37 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit37 Utilities (2) Transform X.509 certificate into KeyInfo structure –The KeyInfo xml data will be part of the Participant information. –Certificates will only be used in case a service requires it (by means of the attribute ‘security’). –Input: public X.509 certificate Supprted types: *.pem, *.cer, *.der, *.p7b, *.p7c –Output: KeyInfo xml structure If you copy the result into the Participant file, don’t forget to remove the first line of the KeyInfo file:

38 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit38 Utilities (3) Create Participant file –By means of a ‘web form’ a participant file is created. –All ‘uploaded’ X.509 public certificates will be transformed automatically into KeyInfo xml data.

39 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit39 Contact Information! ebMS Partner Identifiers If a Partner has several aliases... The X.509 public certificates. The URL of the Endpoint of this partner... The URL of the Intermediary of this partner (if used)...

40 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit40 Utilities (4) Adjust CPA for SSL-offloading (1) –A CPA specifies the common interface between partners, including security features such as transport and/or payload encryption, and their public URL’s. –But... What if SSL-offloading is used, by one of the partners? What if an Intermediary is used, by one of the partners?  The CPA cannot be used to configure the ebMS adapter....  The ebMS adapter does not know anything about certificates regarding transport security (HTTPS)! CPA The CPA contains information about the transport security!

41 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit41 Utilities (5) Adjust CPA for SSL-offloading (2) How can we still use the CPA? Modify the CPA... for ‘internal use’ only!! Remove transport-security and client/server certificates if needed! Change the URL such that outgoing traffic is directed to the SSL-offloader or Intermediary! Input: –the CPA, shared between the 2 partners. –partyId of the partner for which the CPA has to be changed. –indication of the direction of the SSL-offloading (incoming/outgoing traffic). –new URL to send messages to (the SSL-offloader or the Intermediary). Output: modified CPA, for ‘internal use’ only. Don’t forget: private certificates for encryption and/or signing the payload are always stored in the ebMS adapter (= the real endpoint)!

42 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit42 Utilities (6) Generate MMDs from CPA’s (1) –Idea: use the CPA to generate ALL possible messages, originating from a certain partner. Generate ‘Message Meta Data’ (MMD) files. –Current setup requires two Axway ebMS adapters. –Drop the files in the appropriate folders. CPA into folder ‘profiles\autoImport’ MMD’s into folder ‘common\data\out’

43 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit43 Utilities (7) Generate MMDs from CPA’s (2) Input: –CPA –partyId of the partner that will initiate the exchange –optional: the folder path of the ‘mmd’ folder. Output: –A meta file, containing references to MMD files that have been dropped into the ‘mmd’ folder. –ebMS messages, originating from the specified partner. Currently, the other partner just receives and acknowledges (if needed) the messages. (No logic available to create the business responses...)

44 Sonnenglanz Consulting BV September 2010CPA Creation Toolkit44 Generate MMDs from CPA’s (3) ebMS Adapter “Local Partner” ebMS Adapter “Other Partner” Transport: HTTP(S) MMD File Integration MMD CPA CPA Creation Toolkit “Server” CPA ebMS messages The MMD files are dropped into the ‘mmd’ folder! The CPA can be ‘uploaded’ into the ebMS adapters (option: ‘auto-import’) The partner starts sending messages, based in the received MMD files. Based on the CPA,... Based on the CPA, the toolkit generates the MMD files.

Download ppt "Sonnenglanz Consulting BV September 2010CPA Creation Toolkit1 September 2010."

Similar presentations

automated single login access to Novell storage resources

automated single login access to Novell storage resources
Services Course Windows Live SkyDrive Participant Guide.

Services Course Windows Live SkyDrive Participant Guide.
IETF Trade Working Group January 2000 XML Messaging Overview January 2000.

IETF Trade Working Group January 2000 XML Messaging Overview January 2000.
Collaboration-Protocol Profile and Agreement Specification Armin Haller Digital Enterprise Research Institute

Collaboration-Protocol Profile and Agreement Specification Armin Haller Digital Enterprise Research Institute
XP 1 Developing a Basic Web Site Tutorial 2: Web Site Structures & Links.

XP 1 Developing a Basic Web Site Tutorial 2: Web Site Structures & Links.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Sonnenglanz Consulting BV 28 September 20101 CPA Management Idea’s for large-scale deployments E.J. Van Nigtevecht Sonnenglanz Consulting BV.

Sonnenglanz Consulting BV 28 September CPA Management Idea’s for large-scale deployments E.J. Van Nigtevecht Sonnenglanz Consulting BV.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Peoplesoft: Building and Consuming Web Services

Peoplesoft: Building and Consuming Web Services
Understanding Networks Charles Zangla. Network Models Before I can explain how connections are made from across the country, I would like to provide you.

Understanding Networks Charles Zangla. Network Models Before I can explain how connections are made from across the country, I would like to provide you.
Snippet Management The following screens demonstrate how to: 1. Access and view snippets 2. Create a local standard snippet, or a local class snippet 3.

Snippet Management The following screens demonstrate how to: 1. Access and view snippets 2. Create a local standard snippet, or a local class snippet 3.
Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.

Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 

1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Similar presentations

Ads by Google