新四季網

首页

算命

星座

感情

婚姻

風水

文化

生活

生肖

百科

解夢

娛樂

社會

新四季網 專利

全球資訊網服務之間的安全措施的動態協商的製作方法

2023-09-18 03:16:25 2

專利名稱:全球資訊網服務之間的安全措施的動態協商的製作方法
技術領域:
本發明涉及協商和實現兩個或更多個全球資訊網服務之間的安全措施的基於計算機的設備和方法。更具體地說,本發明涉及指定輸入和輸出接口、與輸入一致的安全合同的計算和生成以及按照協商的安全措施的安全實現的設備和方法。在權利要求書、說明書和附圖中描述了本發明的具體方面。
背景技術:
商家到商家(B2B)和應用到應用(A2A)電子商務正在取代用於電子數據交換(EDI)的舊協議。隨著商家力爭藉助於B2B和A2A系統來提高它們的效率,出現了大量不兼容平臺和競爭標準。在兼容標準之間,仍然需要填補相互之間的空隙。例如,企業定義了簡單全球資訊網服務是什麼。與簡單全球資訊網服務有關的標準包括UDDI、WSDL、XSDL和SOAP。但是,這些標準沒有完全滿足實際B2B和A2A電子商務的安全性、可靠性、可管理性和編排(choregraphy)要求。尤其是安全性將許多選擇和配置問題擺在人們面前。人們期望協同全球資訊網服務和它們的安全性需要像非全球資訊網商務那樣演變。還沒有任何隨著全球資訊網服務不斷演變而動態地解決和更新安全選擇和配置的綜合或統一設備或方法。
許多企業首創擴展了可應用於B2B和A2A電子商務的標準。在編排方面的成果包括OASIS公司所作的ebXML/BPSS、IBM公司所作的WSFL和Microsoft公司所作的XLANG。在會話方面的成果包括OASIS公司所作的ebXML/TRP和Microsoft公司的WS-routing。佔優勢的安全成果是IBM和Microsoft公司所作的WS-security,還有稱為SAML的OASIS公司所作的輔助安全成果。有關可靠性,存在Microsoft公司提出的建議、OASIS公司所作的ebXML/TRP和IBM公司所作的HTTPR。W3C正在解決所有這些領域中的標準化問題。主要工業巨頭形成了稱為WSI的競爭者聯盟。但是,他們還沒有解決動態安全協議問題。
於是,出現了開發為貿易夥伴動態解決安全選擇和配置問題的方法和設備的機會。

發明內容
本發明涉及協商和實現兩個或更多個全球資訊網服務之間的安全措施的基於計算機的設備和方法。更具體地說,本發明涉及指定輸入和輸出接口、與輸入一致的安全合同的計算和生成以及按照協商的安全措施的安全實現的設備和方法。在權利要求書、說明書和附圖中描述了本發明的具體方面。


圖1例示了共同體(community)和共同體的網絡,它們是安全措施的計算機輔助動態協商可用的一個環境;圖2描繪了安全措施(arrangement)的協商和實現;圖3例示了算法類型之間的協調偏愛(preference);圖4例示了當發送者對於安全措施的計算是本地的時,獲取接收者信息的可替代實施例;和圖5例示了可以用於實現本發明的這些方面的程序邏輯單元和資源的一個網絡。
具體實施例方式
下面參照附圖作出詳細描述。描述優選實施例是為了舉例說明本發明,而不是限制權利要求書所限定的本發明的範圍。本領域的普通技術人員應該認識到,可以對如下的描述作出各種各樣的等效改變。
圖1例示了共同體和共同體的網絡,它們是安全措施的計算機輔助動態協商可用的一個環境。在這些共同體中,一個共同體維護本地登記表,本地登記表包括諸如共同體組成部分的用戶、公司、服務和連接器之類的信息。共同體可以是市場、企業或子企業。共同體可以屬於一個或多個共同體網絡。通常,共同體和網絡存在一些共同的商業利益。互通性(interoperation)存在於一個或多個網絡中的成員共同體之間。網絡包括黃金市場網絡1、貴金屬市場網絡2、專用網絡3和全球貿易全球資訊網4。在這個示例中,黃金市場網絡1和貴金屬市場網絡2包含在全球貿易全球資訊網4中。貴金屬市場網絡2包括黃金和白銀市場14和13。黃金市場消費者可以在白銀市場13中買賣白銀,而白銀市場消費者可以在黃金市場14中買賣黃金。一個共同體--PQR企業17屬於黃金市場網絡1、專用網絡3和全球貿易全球資訊網4,另一個共同體-ABC大供應商18屬於專用網絡3。在這個示例中,XYZ黃金市場14是買賣黃金的市場或共同體。多個企業屬性這個共同體。像PQR企業17那樣自己形成一個共同體的企業屬於黃金市場網絡1。這些共同體是黃金市場網絡1和全球貿易全球資訊網4的組成部分。小供應商15是黃金市場共同體的組成部分。其它企業16是作為黃金市場共同體網絡1的組成部分的共同體。XYZ黃金市場14和其它黃金市場實體15-17之間的連接表示黃金市場要求參與黃金買賣的企業(共同體或其它)之間的所有業務都要經過XYZ黃金市場14,以便例如收集結帳和商業情報信息。PQR企業17是作為黃金市場的組成部分,與供應商18一起也作為局部專用網絡的組成部分的共同體。小供應商15可以是本身不想形成共同體,而是將它的、諸如用戶、機構、服務和轉換之類的元數據登記在黃金市場的登記表中的個別小供應商。另一方面,ABC大供應商18形成它自己的專用網絡,例如,由於它想要保存因開發它們相當昂貴而不允許一般公眾訪問的元數據、機構內系統和轉換。由於PRQ 17是ABC 18的客戶,所以它加入專用網絡3中。金融服務提供商DEF金融市場12想要向全球貿易全球資訊網4中的任何人提供金融服務,這樣就形成它自己的共同體和與全球貿易全球資訊網頂級市場11平起平坐。共同體的網絡使共同體的全球登記表可供大家使用。全球登記表允許查找共同體和確定到那個共同體,或到可以路由準備到共同體的電子商務文檔的外部連接器的一條或多條路線。從一個共同體路由到另一個共同體的文檔可以在兩個共同體的外部連接器之間直接路由,或者通過一個或多個中間共同體間接路由。在共同體登記表中也可以定義和維護涉及共同體的交易的商業和安全規則。一般說來,圖1例示了產生對電子商務平臺之間的互通性的推動力的實體和共同體的混合忠實性。
連接器是與其它應用程式通信的應用程式的一般術語。連接器可以對等(P2P)地或直接地通過起集線器、網關、外部埠、中心連接器等作用的其它連接器通信。P2P通信的連接器能夠與使用相同傳輸/封裝協議的其它連接器通信。當試圖與不使用相同傳輸/封裝協議的其它連接器通信時,P2P通信的連接器可以有選擇地謀取進行翻譯服務的其它中心連接器的幫助。直接通信的連接器根據路由規則,通過中心連接器通信。在有向圖中可以映射連接器之間的路由規則,對於一種或多種傳輸/封裝協議,支持一種或多種軸心輻條式拓撲結構(hub and spoke topology)。軸心輻條式拓撲結構分一層或多層使通信沿著輻條指向軸心。這有助於諸如結帳、商業情報收集、跟蹤、審計、計費等的集中服務。像圖2所建議的那樣,多個軸心輻條式機構可以共用同一連接器,以支持不同傳輸/封裝協議和技術。例如,可以要求較強的軸心輻條式機構將Sonic用作傳輸技術,而不是使用HTTP或HTTPS。可選地,通信路由可以取決於源和目的地是否是同一共同體的組成部分。在子共同體(它可能包括整個共同體)內,可能不需要集中功能,並且當與其它子共同體中的目的地通信時,在以不同方式(otherwise)被控制(to be directed)來與母連接器通信的連接器之間允許P2P通信。
連接器可能被標記成簡單連接器(有時簡稱為連接器)、集線器(有時稱為網關或路由器)或中心連接器。可替代地,可以在功能上描述它們。簡單連接器被控制來通過中心連接器通信,除了允許它們在相同子共同體中的連接器之間進行P2P通信之外。所謂的集線器供明顯指向它們或與它們連結的連接器使用。集線器可以提供不止一種功能,於是,可能不止一次地出現在從源到目的地的路線中。集線器轉發電子商務文檔或消息。集線器還可以在支持公用封裝協議的傳輸協議之間進行翻譯。例如,集線器可以翻譯封裝協議,並且還可以在發送而不是接收時實現不同的傳輸協議。中心連接器是集線器的特殊情況,它可以供沒有明顯指向它們或與它們連結的連接器使用。中心連接器可用於例如在根據路由規則從源開始穿過連接器沒有通向支持目的地使用的傳輸/封裝協議的任何集線器時,完成翻譯功能。
模式和進程流提供了根據本發明的一些方面的安全措施的概況。在這種背景下,安全措施的協商是通過將發送和接收服務的安全簡檔用於確定相互同意的安全措施的基於計算機進程來實現的。最好,在無需用戶介入的情況下,定期協商或潛在地更新這個安全措施。每當交換消息時或基於一些其它周期或偶發事件,譬如,每月、每周、每日發生影響消息在特定發送者和接收者之間交換的事件(例如,軟體部件出現故障或安全偏愛發生改變),和當以前協商的措施失效時或基於一些其它周期或偶發事件,可以在用戶的請求下或無需用戶介入的情況下,協商、更新或有效性檢驗這種措施。原始碼附錄中的模式SecuritySender-ReceiverInfo.XSD描述了對安全措施的協商的一些輸入。也在原始碼附錄中的模式SecurityContract.XSD描述了在所謂安全互通性合同文檔(「SCID」)中,協商安全措施的一個實施例。進程流圖1可以用於描述安全描述的協商和實現。
原始碼附錄中的模式SecuritySenderReceiverInfo.XSD可以用於證實對安全措施的協商數個輸入文件。在這個實施例中,機器可讀輸入文件是XML文檔。在其它實施例中,其它數據結構可以用於存儲相同信息,例如,模仿XML代碼的樹結構。通過將文件裝入諸如XML Spy TM之類的集成開發環境(IDE)中可以最好地理解模式SecuritySenderReceiverInfo.XSD,XML Spy TM提供模式的幾種可替代視圖,包括文檔生成視圖。發送者和接收者安全互通性合同文檔信息塊通過這種模式來定義。在Spy模式設計視圖中觀察到,SecuritySenderReceiverInfo.XSD包括用於定義發送者和接收者安全信息的幾個部件。CommunitySecurityPolicyPreference部件聲明共同體偏愛以籤名首標、加密證件和證件偏愛。它可以用於為整個共同體指定默認值,也可以適用於為協作夥伴(CP)指定默認值。SAMsgSecurityPolicy部件允許指定籤名和加密偏愛以及驗證選項。在服務之間交換的消息可能存在多個部分。籤名和加密策略可以應用於整個消息或各個部分。這種手段可以容易地推廣到將籤名和加密策略應用於各個部分內的單元。PublicKeys部件標識這個CP的密鑰記錄。ConnectorCapability部件向實現一部分安全措施的資源提供路由信息,譬如,連接器名。它包括諸如加密能力、籤名能力、加密公開密鑰方和籤名公開密鑰方之類的連接器能力參數。取決於涉及到籤名還是加密,公開密鑰方可以是發送者的CP、接收者的CP或連接器的擁有者。如果沒有定義公開密鑰方,則消息發送者的密鑰可以用於籤名,而消息接收者的密鑰可以用於加密。SecurityContainer部件可以用於攜帶可用於安全的附加對象。SendingCPSecurityPolicyProfile部件包括發送CP可用證件信息。CPSendServicesSecurityPolicy和CPRecvSecurityPolicy部件分別包括發送和接收服務的數組安全策略。這裡可以定義服務偏愛和超越(override)。
也在原始碼附錄中的模式SecurityContract.XSD可以用作準備機器可讀安全互通性合同文檔的模型。在這個實施例中,機器可讀文檔是XML文檔。在其它實施例中,其它數據結構可以用於存儲相同信息,例如,模仿XML代碼的樹結構。這種模式定義了策略和安全策略的通道。安全通道定義資源和到執行安全算法,譬如,籤名、加密和驗證算法的資源的路線。它也可以包括不拒絕和授權資源。
進程流圖2可以用於描述安全措施的協商和實現。在一個實施例中,將發送和接收服務的偏愛保存在登記表201中。這個登記表可被發送和接收服務訪問,以便每個服務可以計算安全措施,或者,它可用於發送和接收服務之一或兩者可訪問的安全措施計算服務。發送和接收服務可以保存它們自己的登記表。或者,可以為發送和接收服務開發一種協議,用於交換它們作為協商安全措施的一部分的安全偏愛。登記表201還可以保存與擁有服務的協商夥伴或協作夥伴所屬的共同體或兩者的默認偏愛有關的信息。一般說來,服務特有偏愛可能超越默認偏愛,或者,可以賦予某些默認偏愛優於服務特有偏愛。協作夥伴的默認偏愛可以與共同體的默認偏愛區別對待。安全措施計算服務202從登記表201或另一個源中取出安全措施偏愛的輸入陳述並對其進行加工。在一個實施例中,這種計算服務是安全合同制訂者。輸出(203)一組安全措施。這些措施可能得到發送和接收服務確認,可能被發送和接收服務否決,也可能受到發送和接收服務信任。發送服務或向應發送服務205的另一個服務使用安全措施203來處理文檔204,將其發送給接收服務209。在一些情況下,安全措施將要求從可信斷言服務206獲取斷言。例如,發送和接收服務可能同意使用SAML服務來生成驗證斷言。安全措施203將要求生成SAML斷言和發送服務205將從SAML伺服器206中獲取SAML斷言。在另一個實施例中,可信服務206可以提供電子公證。可以委託銀行或安全機構以與公證類似的功能生成驗證斷言。在一些情況下,安全措施將要求從公開密鑰源208中獲取用在非對稱籤名或加密中的公開密鑰。例如,發送和接收服務可能同意使用XKMS服務來交換公開密鑰。安全措施203將XKMS服務地址指定成公開密鑰的源。發送服務205和接收服務209兩者都訪問同意的密鑰源209。按照安全措施203,發送服務205通過網絡207將文檔204傳送到接收方209。通過網絡207的路由和傳輸可以是安全措施的組成部分,最好,可以由安全傳輸基礎設施來管理。安全措施203可以由計算服務202提供給接收方209,要不然,可以由接收方來訪問,與攜帶文檔204的消息無關。可替代地,根據預先安排的協議,安全措施203可以與文檔204一起包括進來。例如,它可以是消息首標的組成部分,或者,它可以是消息的獨立部分。預先安排的協議可能要求利用各方的各自密鑰籤名和/或加密消息首標或消息部分。藉助於上面關心的這種進程流和模式,可以說明來自原始碼附錄的例子。
文件SecuritySenderInfo.XML、SecurityReceiverInfo.XML和ComputeSecurityContract.XML提供了發送者偏愛和接收者偏愛和所得計算的安全措施的例子。在服從如上所述的XML模式的XML代碼中陳述了發送者和接收者偏愛。在服從原始碼附錄中的SecurityContract.XSD的互通性安全合同文檔中陳述了計算的安全措施。
在這個例子中,發送者偏愛信息包括共同體偏愛和服務偏愛。共同體偏愛闡述安全算法和偏愛,以籤名首標、加密證件和在可用證件中作出選擇。共同體偏愛也可以將安全算法排序,要不然,在安全算法之間指出偏愛。取代共同體的偏愛,或者除了共同體的偏愛之外,可以為協作夥伴提供類似的一組偏愛。在這個例子中,共同體在名為XMLSignatureAlgorithmTemplate的單元中存在六組籤名算法選項,並在名為XMLEncryptionAlgorithm Template的單元中存在三組加密算法選項。這些組的選項都是模板。可以為特定算法提供不止一個選項模板。模板的使用簡化了選項的配置並提高了發送和接收服務選擇一致選項集的可能性。本例中的共同體不偏愛籤名首標或加密證件,並接受基本證件。一般說來,共同體或協作夥伴可能偏愛服務可以選擇的任何安全措施選項,或者,共同體或協作夥伴可能只偏愛一些選項。發送者偏愛文件中的共同體偏愛應該對應於在其它地方,譬如,在共同體偏愛的登記表項目中陳述的共同體偏愛。文件CommunitySecurityTemplatesPreference.XML是用於記錄一些或所有共同體安全偏愛的文件的例子。
服務(在本例中,為發送服務)在SAMsgSecurityPolicy中記錄它管理消息部分、整體籤名與加密消息和進行驗證的偏愛。消息可能具有幾個部分。與消息部分相對應,服務可以標識消息部分和表達籤名或不籤名或加密或不加密消息部分的偏愛。在這個實施例中,可以選擇對一類算法,譬如,一般算法或XML中專用算法的偏愛。在其它實施例中,服務可能不指定一類算法,或可能指定專用算法。
本例還覆蓋了安全的其它措施。具有X509格式的接收者(購買者)公開密鑰用於籤名和驗證。為發送服務標識兩種資源一所謂的連接器,以用於籤名和加密。發送者可用證件被標識成基本證件和X509證件。在SecurityPolicyTemplatePreference下從1到3排序發送服務的安全措施偏愛。在本例中,三種加密偏愛都用於XML專用加密。本例的這些和其它細節可以在原始碼附錄文件SecuritySenderInfo.XML中找到。
接收方偏愛可以在原始碼附錄文件SecurityReceiverInfo.XML中找到。一般說來,接收方偏愛簡檔的元素與發送方的那些非常相似,甚至從模式開始使用相同的元素類型。顯著差異可以在驗證和授權中找到,因為可應用於驗證和授權的邏輯單元依賴於你正在出示你證件還是正在確定是否接受出示的東西。例如,發送方的SendingCPSecurityProfile列出了可用證件。這些元素不是接收方偏愛的組成部分。這種發放(issue)由標識AcceptedCredentials的接收方CPRecvServicesSecurityPolicy解決。
在本例中,陳述了安全措施邏輯單元協調的兩種偏愛。一種偏愛在算法模板之間。元素SecurityPolicyTemplatePreference在發送和接收服務偏愛的每一個中出現兩次,闡明了算法之間的共同體和服務特定偏愛。圖3例示了協調算法類型之間的偏愛。堆棧301和302代表發送和接收偏愛。假設A是最安全的和G是最不安全的。在兩個偏愛堆棧301和302中,偏愛B和D匹配。選擇B或D的判定規則可能要考慮偏愛的一個堆棧或兩個堆棧。例如,可能從匹配當中選擇傾向於籤名的接收服務偏愛(D)或傾向於加密的發送服務偏愛(B)。對這兩種偏愛加以考慮,可以選擇最安全的(B)或最不安全的(D)。在另一個實施例中,各自服務可能加權它們的偏愛或對它們的偏愛打分,組合權重或分數可以用於考慮這兩種偏愛。第二種偏愛是是否籤名或加密一部分消息。籤名或加密什麼由SAMsgSecurityPolicy的SAMsPart元素闡述。本例中的消息部分是Order和Image。在本例中,發送者和接收者偏愛對籤名和加密Order匹配和只對加密Image匹配。除了Order之外,如果接收者想要籤名的Image,偏愛將不匹配。然後,需要判定規則來解決失配問題。可用判定規則可以包括接收者取勝,發送者取勝,最高要求取勝,或最低要求取勝。一種偏愛協調確定是否應用安全措施。當應用安全措施時,在選項模型之間選擇其它類型。
本例的一組計算安全措施出現在ComputeSecurityContact.XML中,下面部分地再現它ComputeSecurityContract.XML,which is partially reproduced belowSecurityContractlCD...
SecurityPolicies
SignaturePolicies
XMLDsigPolicy Policyld=″P-XMLSignatureRSA-MD5-C14N″
SignaturePolicyAlgorithm.../SignaturePolicyAlgorithm
SignatureAlg...MD5withRSA/SignatureAlg...
HashFunctionMD5/HashFunction
Canonical......14n-20001026/Canonical...
Transform...#RoutingSignatureT.../Transform
/XMLDsigPolicy
/SignaturePolicies
EncryptionPolicies
XMLEncryptionPolicy Policyld=″P-XMLEncrypt3DES-RSA-2048″
EncryptionPolicyAlgorithmhttp//www.w3.org/2001/04/xmlenc#/EncryptionPolicyAlgorithm
EncryptionMethodhttp//www.w3.org/2001/04/xmlenc#3des-cbc/EncryptionMethod
KeySize2048/KeySize
KeyEncryptionMethodhttp//www.w3.org/2001/04/xmlenc#rsa-1_5/KeyEncryptionMethod
/XMLEncryptionPolicy
/EncryptionPolicies
EncryptionKeyInfo KeyOwner=″x-ccnscommerceone.comCollaborationParty∷sellParty″
PublicKeyIDDefauitTestCert/PublicKeyID
X509DataX509CertificateLS0tLS1...==/X509Certificate
/X509Data
/EncryptionKeyInfo
/SecurityPolicies
SecurityChannel channelld=″CHANNEL1″sourceConnector=″x-ccnscup.commerceone.comconnector∷centerSell″targetConnector=″x-ccnscup.commerceone.comconnector∷centerSell″
Confidential Algorithmld=″P-XMLEncrypt3DES-RSA-2048″
PublicKeyName KeyOwner=″x-ccnscommerceone.comCollaborationParty∷sellParty″DefaultTestCert/PublicKeyName
MessagePart PartName=″Order″isOptional=″false″/
MessagePart PartName=″Image″isOptional=″false″/
/Confidential
/SecurityChannel
SecurityChannel channelld=″CHANNEL2″sourceConnector=″x-ccnscup.commerceone.comconnector∷buy″targetConnector=″x-ccnscup.commerceone.comconnector∷sell″
Integrity Algorithmld=″P-XMLSignatureRSA-MD5-C14N″
PublicKeyName KeyOwner=″OwnerA″BuyerPublicKey/PublicKeyName
MessagePart PartName=″Order″isOptional=″false″/
/Integrity
/SecurityChannel/SecurityContractlCD
這組安全措施擁有安全策略和安全通道兩個主要部分。在本例中,存在一個可應用於整個消息的安全策略和實現安全策略的各個部分的多個安全通道。安全策略部分展示籤名策略和加密策略與加密密鑰信息。它也可以展示與驗證、授權和不拒絕發送或接收有關的信息。在本實施例中,同一籤名和加密策略應用於文檔的所有部分。在其它實施例中,多種算法可應用於不同部分。為籤名、加密和驗證選擇的算法通過包含選項集的模板抽象化,從而簡化算法的選擇。所選算法與邏輯單元和資源相聯繫,因此,不同服務或進程可以用於籤名/核實和加密/解密消息的不同部分。可以在安全策略部分的加密密鑰單元中發送公開密鑰或證書。安全通道部分描述應用安全策略所涉及的服務或連接器。對於特定策略,通道部分標識要求有助於應用安全策略(例如,發送服務請求加密)的源連接器和應用安全策略或起應用安全策略的邏輯單元和資源的中介作用的目標連接器。對於特定安全策略,譬如,籤名、加密、驗證、授權或不拒絕,在安全通道部分中提供執行安全策略所需的特定信息。
用於確定安全措施的數據可以分類成消息和活動相關數據、CP-服務相關數據、安全算法相關數據、路由相關數據、加密密鑰相關數據和配置數據。與這些類別的使用有關的一些附加細節描述如下。消息和活動相關數據涉及數字籤名、加密、不拒絕和授權。對於不拒絕,接收者可能對發送者要求不拒絕措施,相當於可信方核實到接收者的發送者消息。類似地,發送者可能對接收者要求不拒絕措施,相當於可信方核實接收者接收到發送者消息。除了上面的描述之外,應該提及的是,如果希望細粒度,籤名和加密可以按單元應用於特定數據項。另外,可以為發送和接收服務對指定超越。例如,預先存在的或已證明的關係可以與整個新關係區別對待。可以實現對安全策略的超越,以便在特殊情況下謹慎地降低(或保證提高)安全要求。
CP-服務相關數據包括驗證和授權數據。授權是準許或拒絕訪問網絡資源的過程。訪問大多數計算機安全系統的授權是兩步過程。第一步是驗證,驗證保證了當事人(用戶、進程、應用或服務)是它聲明的那個。第二步是授權,授權使當事人可以根據他們的身份訪問各種資源。授權也被稱為訪問控制。訪問控制用於授權訪問全球資訊網站資源。它管理有關用戶、用戶群和指定給用戶的角色的信息。SAML提供了基於XML的手段來共享SOAP消息中有關安全事件(驗證和授權)和屬性(例如,客戶信貸分類)的信息。然後,可以將這個SAML數據發送給第三方,並且,這還啟用了『distributed trust(分布式信任)』,從而用戶籤一次名,但可以重新使用他們的驗證或授權細節。藉助於SAML或類似的可信方技術,發放授權機構在請求者提供證據的情況下,針對對資源全球資訊網服務的訪問類型,判定是否準許主題服務(subjectservice)或發送者給出的請求。授權判定允許或拒絕對特定資源的主題訪問。SAML對於全球資訊網服務安全來說是有用選項,但它要求最初信任度和技術資源。在SAML不適用或不是優選的情況下,可以使用諸如ID/密碼和與ID相聯繫的特權表之類的其它手段。本發明不受使用的授權技術限制,而是更抽象地推廣到從當前適用的或以後發明的技術當中選擇的那個。藉助於SAML授權或ID/密碼技術,可以加密授權數據和將它編製成消息。
安全算法相關數據包括算法和有關籤名、加密和不拒絕的配置選項。正如模式所示的那樣,籤名算法選項(XML或non-XML)可以包括XMLDsig的使用、規範化算法的選擇、籤名方法和摘要算法。加密/解密選項(XML或non-XML)可以包括密鑰長度、密鑰和方法。默認值可以被服務繼承,超越服務偏愛或被服務偏愛超越。另外,如上所述,可以為CP對指定特定超越。也如上所述的選項模板簡化了安全措施的協商。不同選項將應用於XML和non-XML算法,例如,籤名算法。XML籤名算法,例如,XMLDsig,可以提供方法、規範化、變換和摘要的選項,而non-XML算法,例如,PCKS#7,可能只有籤名和摘要方法的選項。共同體標準安全模板的使用是優選的,以保證在各個服務的偏愛表之間至少存在一個匹配。共同體可能要求在共同體內工作的所有CP或所有服務支持特定共同體標準安全選項集,以保證可以在共同體內交換消息。
路由相關數據包括如何訪問實現驗證/核實、籤名/核實和加密/解密的邏輯單元和資源。可以使用任何類型的訪問信息,例如,通用資源名(URN)或通用資源定位符(URL)。正如在上面引用的現有應用之一中討論的那樣,消息可能分多個跳段穿過用於轉化或其它增值服務的連接器。於是,可以將多個路由步驟與任何動作相聯繫。在任何轉化和其它增值服務之後通常需要重新考慮安全。
上面一般性地討論了加密密鑰相關數據。
配置數據包括默認(例如,共同體或協作夥伴)偏愛和證件偏愛。
圖4例示了當發送者對於安全措施的計算是本地的時,獲取接收者信息的可替代實施例。在該圖中,標出了本地登記表431和遠程登記表432。在本例中,發送者是本地的,而接收者是遠程的。在本地登記表431中發送者數據是當前的和完整的。收集(421)發送者信息和使它可用於計算(411)安全措施的邏輯單元和資源。接收者數據可能是當前的和完整的,例如,如果接收者處在與發送者相同的共同體中和存在全共同體的登記表,或者,如果最近已經獲得和本地高速緩衝了接收者信息。取決於可以找出(431或432)接收者信息的地方,調用進程422或423,以收集接收者信息和使它可用於計算安全措施的邏輯單元。得出一組安全措施401。
圖5例示了可以用於實現本發明的這些方面的程序邏輯單元和資源的一個網絡。這個網絡的邏輯部件包括發送方收集部件551、接收方收集部件552、數據對象管理器541、路由管理器542、證件協商器531、模板協商器532、連接器管理器533、驗證管理器521、策略管理器522、公開密鑰管理器523、算法管理器524、策略制訂器511、通道創建器512和安全措施文檔創建器501。
在協作夥伴的共同體中運行生成安全措施的程序邏輯單元的一個實施例可以描述如下收集接收者安全信息,包括驗證發送者CP的屬性斷言。收集發送者安全信息。觀察路由塊以找出實現安全措施的所有連接器信息。為每個連接器獲取能力參數。走過路由鏈以找出哪個連接器對用於驗證、籤名和加密。獲取接收者的服務-活動-消息對象。這可能包括獲取來自接收者的SAMsgSecurityPolicy對象。這將含有多個部分和可以含有針對整個消息的籤名和加密策略。它也可能包括獲取來自發送者的SAMsgSecurity Policy對象,由此將超越選項與SAMsgSecurityPolicy對象匹配(下面將計算超越判定表)。從SAMsgSecuritypolicy對象中找出這個消息所需的所有算法,創建RequiredAlgorithmList。為SenderInfo和ReceiverInfo兩者獲取共同體偏愛對象。這可能包括獲取發送者的CommunitySecurityTemplatesPreference對象,發送者的CommunitySecurityTemplatesPreference對象包括安全算法模板和共同體安全策略偏愛。如果不是同一共同體,這還可能包括接收者的CommunitySecurityTemplatesPreference對象。如果它們處在同一共同體中,也許設置對象指針就足夠了。為發送者和接收者兩者獲取CP-Service對象和為相應共同體獲取CP對象。這可能包括創建發送者和接收者的CPSecu-rityPolicyPreference。根據RequiredAlgorithmList中的發送者和接收者偏愛和判定規則,從偏愛表中選擇,和創建RequiredTemplateObjectList。如果服務的各個偏愛表在任何算法上都不匹配,共同體默認值可以生成匹配。為接收者服務獲取ServiceAuthentication對象。這將含有指定的一種或多種驗證方法,包括接受的證件和驗證模式。將來自ServiceAuthentication對象的證件與來自發送者的CPSecurityPolicyPreference的可用證件匹配。如果存在不止一個的匹配,那麼,獲取與來自接收者的CPSecurityPolicyPre-ference,或來自與接收者相對應的CommunitySecurityTemplatesPreference的CredentialPreference匹配的那一個。從接收者的CPSecurityPolicy-Preference或從接收者的CommunitySecurityTemplatesPreference對象中獲取SignMessageHeader和EncryptCredential的值。如果在每個位置中都未指定值,則將它設置成諸如假值或真值之類的默認值。將接收者選擇的可用發送者證件、在接收者的ServiceAuthentication對象中指定的驗證模式、SignMessageHeader布爾屬性和EncryptCredential用於驗證算法。根據連接器的PublicKeyCapability獲取適當密鑰。這可能包括如果要求加密,則獲取發送者的加密密鑰,而如果要求籤名,則獲取接收者的籤名密鑰ID。如果要求X509驗證,則獲取接收者的驗證密鑰ID。創建安全措施的策略部分。找出通道部分的連接器並創建安全措施的通道部分。
判定表可以用於實現與是否籤名或加密一部分消息有關的那種偏愛協調。此外,可以使判定偏向於接受不籤名的偏愛或接受接收者偏愛,或正好相反。可以用於實現可能判定規則的一些判定表如下





本發明容易推廣到支持在沿著發送器和接收器之間的路徑的中間連接器上的籤名和加密。能夠在不是消息發送者或最終接收者的沿著路由路徑的連接器上簽名和加密文檔是有用的。這可用於網關、路由器和中心連接器。對於網關,如果籤名/力密消息數據從一種封裝協議轉換成另一種封裝協議,可能需要由網關進行籤名和加密。對於路由器和中心連接器,希望將指向企業的單個進入/退出點用於外部共同體。路由器或中心連接器可以起中心安全集線器的作用,或代表整個企業組織安全操作。這可以簡化PKI管理和其它管理負擔。這種功能可以通過在共同體的企業部分中建立連接器的安全能力來配置。連接器可以根據封裝/傳輸協議配置成具有籤名能力或加密能力,或可以與其它連接器上的協作夥伴的籤名和加密能力連結。在網關和路由器的情況中,你可以將連接器配置成使用CP所有者或網關/路由器連接器的密鑰。
本領域的普通技術人員可以從前面的描述中明顯看出,根據本發明的這些方面和部件可以構造出各種各樣的系統和方法。一個實施例是為一個或多個消息在發送和接收服務之間的交換確定安全選項的方法。這種方法使用對於第一和第二服務可能採取機器安全簡檔形式的發送者和接收者安全偏愛。安全簡檔可以標識各個服務可接受的安全選項/元素和選項子集。選項可能包括籤名或加密消息的一個或多個部分的要求、與一個或多個籤名算法相對應的籤名選項子集、與一個或多個加密算法相對應的加密選項子集、籤名和加密密鑰的標識和驗證算法的標識。動態方法包括訪問安全簡檔和選擇各自服務可接受的特定選項集。可選地,這個選項集可以用於在各個服務之間傳送消息。本發明的幾個選項和方面可以加到這個實施例中。安全簡檔可以保存在第一和第二服務的安全邏輯單元可訪問的一個或多個登記表中。在共同體或協作夥伴安全簡檔中可以指定默認選項子集和/或偏愛,並且,可以將它們複製到服務安全簡檔。籤名或加密的要求可以應用於一部分消息或整個消息。籤名和加密算法可以應用於整個消息,從而降低複雜性。籤名和加密密鑰可以是對稱的,也可以是非對稱的。驗證可以由諸如SAML伺服器之類的可信代理在在各個服務之間傳送消息之前進行。可信代理所作的驗證可以通過驗證斷言證明。可替代地,驗證可以包括由接收服務提交證件加以檢查。這些證件可以是消息的一部分,或者,除了消息之外,發送這些證件。除了驗證之外,通過安全措施可以解決授權。安全簡檔可以包括至少一個授權算法的標識以建立發送服務的特權。這種授權可以由可信代理在傳送消息之前或通過將證件提交給接收消息的服務實現。本發明的進一步方面考慮了用於籤名和/加密的選項子集當中各個服務的偏愛。可以考慮服務之一或兩者的偏愛。可以應用上面討論的判定規則的任何一項,包括接收者取勝、發送者取勝、最安全取勝、最不安全取勝或兩個服務偏愛的加權因素。安全措施的確定可以包括確定各方為了實現籤名、加密、驗證、授權或不拒絕的任意組合而使用的資源。資源、算法和選項集可以被包裝到安全通道。安全通道可以實現安全的一個方面。
雖然通過參照上面詳述的優選實施例和例子公開了本發明,但應該明白,這些例子的用途是說明性的,而不是限制性的。在所述的實施例中暗示了計算機輔助處理。於是,本發明可以用計算機輔助處理的方法、包括實現這些方法的邏輯單元的系統、利用邏輯單元實現這些方法的媒體、利用邏輯單元實現這些方法的數據流或計算機可訪問處理服務具體化。可以設想,本領域的普通技術人員可以容易地作出修改和組合,這些修改和組合在本發明的精神和所附權利要求書的範圍內。
電腦程式列表附錄SecuritySenderReceiverInfo.XSD?xml version=″1.0″encoding=″UTF-8″?-!--edited with XML Spy v4.4U(http//www.xmlspy.com)by Symon Chang(Commerce One)---xsschematargetNamespace=″publicidcom.commerceoneschemas/contract/helperinfo/v1_0/SecuritySenderReceiverInfo.xsd″xmlnsxs=″http//www.w3.org/2001/XMLSchema″xmlnssicd=″publicidcom.commerceoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″xmlnssicdr=″publicidcom.commerceoneschemas/contract/helperinfo/v1_0/SecuritySenderReceiverInfo.xsd″xmlnsds=″http//www.w3.org/2000/09/xmldsig#″xmlnssaml=″urnoasisnamestcSAML1.0assertion″xmlns=″publicidcom.commerceoneschemas/contract/helperinfo/v1_0/SecuritySenderReceiverInfo.xsd″elementFormDefault=″qualified″attributeFormDefault=″unqualified″xsimportnamespace=″publicidcom.commerceoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″schemaLocation=″http//schemas.commerceone.com/schemas/soapextension/contract/security/v1_0/SecurityContract.xsd″/xsimport namespace=″urnoasisnamestcSAML1.0assertion″schemaLocation=″http//www.oasis-open.org/committees/security/docs/cs-sstc-schema-assertion-01.xsd″/-!--Sender Security ICD Infomation Block---xselement name=″SecuritySenderInfo″type=″SecuritySenderInfoType″-xsannotation
xsdocumentationThe root for all ICD security policyinfo fromthe sender./xsdocumentation/xsannotation/xselement-!--Receiver Security ICD Infomation Block---xselement name=″SecurityReceiverInfo″type=″SecurityReceiyerInfoType″-xsannotation
xsdocumentationThe root for all ICD security policy info fromthe Recevier./xsdocumentation
/xsannotation/xselement-!--Main Elements---xselement name=″CommunitySecurityTemplatespreference″-xsannotation
xsdocumentationSecurity Policy for this community,Including Security Algorithm Templates,CommunitySsecurity Policy Preferences and Community Security PolicyPreference./xsdocumentation
/xsannotation
-xscomplexType
-xssequence minOccurs=″0″
xselement ref=″sicdrSecurityAlgorithmTemplates″minOccurs=″0″/
-xselement name=″CommunitySecurityPolicyPreference″type=″sicdrConfiguredPreferencePolicyType″minOccurs=″0″
-xsannotation
xsdocumentationThe preference will be signheader,encrypt credential,and credentialpreference,etc.It will be the default value forthe whole community./xsdocumentation
/xsannotation
/xselement
xselement ref=″sicdrSecurityPolicyTemplatePreference″minOccurs=″0″maxOccurs=″unbounded″/
/xssequence/xscomplexType/xselement-xselement name=″SendingCPSecurityPolicyProfile″-xsannotation
xsdocumentationThe Security Profile for the sendingCollaboration Party.It has CP′s Available Credentialsinfo./xsdocumentation/xsannotation-xscomplexType-xssequence minOccurs=″0″
xselement name=″AvailableCredentials″type=″sicdrCredentialTypes″maxOccurs=″unbounded″/
/xssequence/xscomplexType/xselement-xselement name=″SAMsgSecurityPolicy″type=″sicdrSAMsgPartsType″-xsannotation
xsdocumentationEach Server/Active/Message have multipleparts and it can have signature and encryption policies forthe whole message.The authentication is defined at theservice level./xsdocumentation/xsannotation/xselement-xselement name=″PublicKeys″type=″sicdPublicKeyType″-xsannotationxsdocumentationPublic key records for this CP.The KeyIDwill be the unique key for the public key records.Thelocation will match all connectors within thisrequest./xsdocumentation/xsannotation/xselement-xselement name=″ConnectorCapability″-xsannotation
xsdocumentationConnector CapabilityParameters/xsdocumentation
/xsannotation-xscomplexType
-xssequence
-xselement name=″EncryptionCapability″type=″xsboolean″
-xsannotation
xsdocumentationYes or No flag.The documentencryption/decryption can be performed at thisconnector or not./xsdocumentation
/xsannotation
/xselement
-xselement name=″SignatureCapability″type=″xsboolean″
-xsannotation
xsdocumentationYes or No Flag.The signing themessage or verify the signature can beperformed at this connector ornot./xsdocumentation
/xsannotation
/xselement
-xselement name=″EncryptionPublicKeyParty″type=″sicdCollaberationPartyID″minOccurs=″0″
-xsannotation
xsdocumentationThe Public Key party that isused for encryption.This can be either sender′sCP or the owner of the connector.If it is notdefined,then the key of message receiver atthis connector location will be used forencryption./xsdocumentation
/xsannotation
/xselement
-xselement name=″SigningPublicKeyParty″type=″sicdCollaberationPartyID″minOccurs=″0″
-xsannotation
xsdocumentationThe Public Key party that isused for signing.This can be any CP or theowner of connector.If it is not defined,thenthe Key of message sender at this location willbe used for signature./xsdocumentation
/xsannotation
/xselement
/xssequence
xsattribute name=″ConnectorName″type=″xsstring″use=″optional″//xscomplexType/xselement-!--Main Complex Types---xscomplexType name=″SendingServicesSecurityPolicyType″-xsannotation
xsdocumentationServcies security policy for each CP.Thiscan be the policy for either sending or receivingservice./xsdocumentation
/xsannotation
-xssequence minOccurs=″0″
xselement ref=″sicdrSecurityPolicyTemplatePreference″minOccurs=″0″maxOccurs=″unbounded″/
-xselement ref=″ServiceAuthentication″minOccurs=″0″
-xsannotation
xsdocumentationAuthentication method for a givenservice,including Accepted Credentials andAuthentication Mode./xsdocumentation
/xsannotation
/xselement
/xssequence
/xscomplexType
-xscomplexType name=″ReceivingServicesSecurityPolicyType″
-xsannotation
xsdocumentationReceiving Services security policy for eachCP/xsdocumentation
/xsannotation
-xscomplexContent
-xsextension base=″sicdrSendingServicesSecurityPolicyType″
-xssequence minOccurs=″0″
-xselement ref=″sicdAuthorization″minOccurs=″0″
-xsannotation
xsdocumentationSAML Attribute Assertionfor the end connector to use.This will be adata type from SMALStandard./xsdocumentation
/xsannotation
/xselement
/xssequence
/xsextension/xscomplexContent/xscomplexType-!--Simple Types---xssimpleType name=″AuthenticateCapabilityTypes″-xsannotation
xsdocumentationThe Authenticate Capability for theconnector./xsdocumentation/xsannotation-xsrestriction base=″xsNMTOKEN″
xsenumeration value=″LOCAL″/
xsenumeration value=″REMOTE″/
xsenumeration value=″BOTM″/
xsenumeration value=″NONE″//xsrestriction/xssimpleType-xssimpleType name=″OverrideTypes″-xsannotation
xsdocumentationType of the override rules.This is used formatching./xsdocumentation
/xsannotation
-xsrestriction base=″xsNMTOKEN″
xsenumeration value=″Required″/
xsenumeration value=″Optional″/
xsenumeration value=″NotRequired″/
/xsrestriction
/xssimpleType-xssimpleType name=″NegotiationRuleTypes″
-xsannotation
xsdocumentationType of the Negotiation Ruleswhen thereare multiple matches during the algorithm negotiation,therule will determine which algorithm will be picked.It can bereceiver wins,sender wins,highest requirement wins orlowest requlrement wins./xsdocumentation
/xsannotation
-xsrestriction base=″xsNMTOKEN″
xsenumeration value=″ReceiverWins″/
xsenumeration value=″SenderWins″/
xsenumeration value=″MoreSecurityWins″/
xsenumeration value=″LessSecurityWins″/
/xsrestriction/xssimpleType-xssimpleType name=″CategoryTypes″-xsannotation
xsdocumentationType of the algorithmcategory/xsdocumentation
/xsannotation-xsrestriction base=″xsNMTOKEN″
xsenumeration value=″XMLSignature″/
xsenumeration value=″Signature″/
xsenumeration value=″XMLEncryption″/
xsenumeration value=″Encryption″/
xsenumeration value=″NonRepudiation″/
xsenumeration value=″NonRepudiationReceipt″/
/xsrestriction/xssimpleType-xssimpleType name=″CredentialTypes″-xsannotation
xsdocumentationType of the credentialalgorithm/xsdocumentation/xsannotation-xsrestriction base=″xsNMTOKEN″
xsenumeration value=″BASIC″/
xsenumeration value=″X509″/
xsenumeration value=″BASE64_BINARY″/
xsenumeration value=″ANONYMOUS″/
xsenumeration value=″NONE″//xsrestriction/xssimpleType-l--Elements and Complex types--
-xselement name=″ServiceAuthentication″
-xsannotation
xsdocumentationAuthentication method for a given service,including Accepted Credentials and AuthenticationMode./xsdocumentation
/xsannotation
-xscomplexType
-xssequence
-xselement name=″AcceptedCredentials″type=″sicdrCredentialTypes″maxOccurs=″5″
-xsannotation
xsdocumentationMultiple credentiails can beaccpeted for a givenservice./xsdocumentation
/xsannotation
/xselement
xselement ref=″sicdAuthenticateMode″/
/xssequence
/xscomplexType
/xselement-xscomplexType name=″XMLSignatureAlgorithmTemplateType″
-xsannotation
xsdocumentationDefine XMLDsig type of policy andaigorithms/xsdocumentation
/xsannotation
-xscomplexContent
-xsextensionbase=″sicdrAbstract_SecurityAlgorithmTemplateType″
-xssequence
xselement ref=″sicdXMLDsigPolicy″/
/xssequence
/xsextension
/xscomplexContent/xscomplexType-xselement name=″XMLSignatureAlgorithmTemplate″type=″sicdrXMLSignatureAlgorithmTemplateType″-xsannotation
xsdocumentationThis is for XML onlysignature./xsdocumentation
/xsannctation/xselement-xselement name=″TemplateDescription″type=″xsstring″-xsannotation
xsdocumentationThis element is not used.It is a placeholderto circumvent a Castor bug./xsdocumentation/xsannotation/xselement-xscomplexType name=″XMLEncryptionAlgorithmTemplateType″-xsannotation
xsdocumentationDefine XMLEnc type of policy andalgorithms/xsdocumentation/xsannotation-xscomplexContent
-xsextensionbase=″sicdrAbstract_SecurityAlgorithmTemplateType″
-xssequence
xselement ref=″sicdXMLEncryptionPolicy″/
/xssequence
/xsextension
/xscomplexContent/xscomplexType-xselement name=″XMLEncryptionAlgorithmTemplate″type=″sicdrXMLEncryptionAlgorithmTemplateType″-xsannotation
xsdocumentationThis is for XML onlyencryption./xsdocumentation
/xsannotation/xselement-xscomplexType name=″Abstract_SecurityAlgorithmTemplateType″abstract=″true″
-xsannotation
xsdocumentationThe template will be used by the SICBuilder during run-time algorithmmatching./xsdocumentation
/xsannotation
-xssequence minOccurs=″0″
-xselement name=″Category″type=″sicdrCategoryTypes″minOccurs=″0″
-xsannotation
xsdocumentationThe category of security algorithmtemplate./xsdocumentation
/xsannotation
/xselement
/xssequence
xsattribute name=″Name″type=″xsstring″use=″optional″/
xsattribute name=″ID″type=″xsstring″use=″optional″//xscomplexType-xscomplexType name=″SecurityAlgorithmPreferenceType″abstract=″false″-xsannotation
xsdocumentationThe preference of each security algorithmpolicy./xsdocumentation
/xsannotation-xscomplexContent
-xsextensionbase=″sicdrAbstract_SecurityAlgorithmTemplateType″
-xssequence
xselement name=″Preference″type=″xsshort″/
/xssequence
/xsextension/xscomplexContent/xscomplexType-xselement name=″SecurityAlgorithmTemplates″-xsannotation
xsdocumentationEach Community will have a set ofrecommended Security Algorithm for CP to selectfrom./xsdocumentation/xsannotation-xscomplexType
-xssequence
xselement ref=″sicdrXMLSignatureAlgorithmTemplate″maxOccurs=″unbounded″/
xselement ref=″sicdrXMLEncryptionAlgorithmTemplate″maxOccurs=″unbounded″/
/xssequence/xscomplexType/xselement-xscomplexType name=″ConfiguredPreferencePolicyType″-xsannotation
xsdocumentationDefine some configurable policy preference.
This can be either at whole community level or at the CPlevel./xsdocumentation/xsannotation-xssequence-xselement name=″SignMessageHeader″type=″xsboolean″minOccurs=″0″
-xsannotation
xsdocumentationIf set then the Header and ICDBlock will be signed./xsdocumentation
/xsannotation/xselement-xselement name=″EncryptCredential″type=″xsboolean″minOccurs=″0″
-xsannotation
xsdocumentationIf set then the credential headerwill be encrypted.This only apply to the non-SAMLtype of of credential,where Authentication mode isTARGET./xsdocumentation
/xsannotation
/xselement-xselement name=″CredentialPreference″type=″sicdrCredentialTypes″minOccurs=″0″
-xsannotation
xsdocumentationSelect one from BASIC and X509.Itwill be used,when there are multiple credentialmatched condition.SICB will pick the one matchesto this field first./xsdocumentation
/xsannotation
/xselement-xselement name=″NegotiationRule″type=″NegotiationRuleTypes″minOccurs=″0″
-xsannotation
xsdocumentationWhen there are multiple matchesduring the algorithm negotiation,the rule willdetermine which algorithm will be picked.It can bereceiver wins,sender wins,highest requirementwins or lowest requirementwins./xsdocumentation
/xsannotation
/xselement/xssequence/xscomplexType-xselement name=″SecurityPolicyTemplatePreference″type=″sicdrSecurityAlgorithmPreferenceType″-xsannotation
xsdocumentationThe preference will be signature,XMLsignature,encryption,XML encryption,etc.It can have anynumber of preferences in each category./xsdocumentation/xsannotation/xselement-xscomplexType name=″SAMsgPartElementType″-xsannotation
xsdocumentationThe element within the part fromServer/Activity/Message./xsdocumentation/xsannotation-xssimpleContent-xsextenslon base=″xsstring″
xsattribute name=″Signature″type=″xsboolean″use=″optional″/
xsattribute name=″SignatureType″type=″xsanyURI″use=″optional″/
xsattribute name=″Encryption″type=″xsboolean″use=″optional″/
xsattribute name=″EncryptionType″type=″xsanyURI″use=″optional″/
xsattribute name=″BlockId″type=″xsshort″use=″optional″//xsextension/xssimpleContent/xscomplexType-xscomplexType name=″SAMsgPartType″-xsannotation
xsdocumentationThe part within amessage./xsdocumentation/xsannotation-xssequence minOccurs=″0″-xselement name=″SAMsgPartElement″minOccurs=″0″maxOccurs=″unbounded″
-xsannotation
xsdocumentationThis is for eachCP/Service/Activity/Message.The element isdefined by using XPath.If an element within thepart is defined,then the attributes of the elementwill be used to determinewhether the element willbe signed or encrypted./xsdocumentation
/xsannotation
-xscomplexType
-xssimpleContent
xsextension base=″sicdrSAMsgPartElementType″/
/xssimpleContent
/xscomplexType/xselement-xselement name=″PartSignatureAlgCategory″type=″sicdrSAMsgPartSignatureAlgorithmType″minOccurs=″0″-xsannotation
xsdocumentationIf the signature algorithm isdefined,then the whole part will besigned./xsdocumentation
/xsannotation
/xselement
-xselement name=″PartEncryptionAlgCategory″type=″sicdrSAMsgPartEncryptionAlgorithmType″minOccurs=″0″
-xsannotation
xsdocumentationIf the encryption algorithm isdefined,then the whole part will beencrypted./xsdocumentation
/xsannotation
/xselement/xssequencexsattribute name=″PartName″type=″xsstring″use=″required″/xsattribute name=″SignatureType″type=″xsanyURI″use=″optional″/xsattribute name=″EncryptionType″type=″xsanyURI″use=″optional″/xsattribute name=″BlockId″type=″xsshort″use=″optional″/xsattribute name=″isOptional″type=″xsboolean″use=″optional″default=″false″//xscomplexType-xscomplexType name=″SAMsgPartsType″-xsannotation
xsdocumentationThe root for parts in a message for eachCP/Service/Activity./xsdocumentation/xsannotation-xssequence-xselement name=″SAMsgPart″type=″sicdrSAMsgPartType″minOccurs=″0″maxOccurs=″unbounded″
-xsannotation
xsdocumentationThis is for eachCP/Service/Activity.Each message part hasmultiple elements and it can have signature orencryption policies for the messagepart./xsdocumentation
/xsannotation/xselement-xselement name=″SAMsgSignatureAlgCategory″type=″sicdrSAMsgSignatureAlgorithmType″minOccurs=″0″
-xsannotation
xsdocumentationIf the signature policy is defined,then the whole message will besigned./xsdocumentation
/xsannotation/xselement-xselement name=″SAMsgEncryptionAlgCategory″type=″sicdrSAMsgEncryptionAlgorithmType″minOccurs=″0″
-xsannotation
xsdocumentationIf the encryption policy is defined,then the whole message will beencrypted./xsdocumentation
/xsannotation
/xselement
/xssequence
xsattribute name=″MessageName″type=″xsstring″use=″optional″/
/xscomplexType
-xscomplexType name=″Abstract_CPMessageSecurityAlgorithmType″abstract=″true″
-xsannotation
xsdocumentationThis type will have Encryption or SignatureAlgorithms./xsdocumentation
/xsannotation
xsattribute name=″Override″type=″sicdrOverrideTypes″use=″optional″/
/xscomplexType
-xscomplexType name=″SAMsgPartEncryptionAlgorithmType″
-xsannotation
xsdocumentationDefine the encryption policy for each partwithin a message perCP/Service/Activity/xsdocumentation
/xsannotation
-xscomplexContent
-xsextensionbase=″sicdrAbstract_CPMessageSecurityAlgorithmType″
-xssequence
-xschoice
xselement name=″XMLEncryptionAlgCategory″type=″sicdrCategoryTypes″fixed=″XMLEncryption″minOccurs=″0″/
xselement name=″EncryptionAlgCategory″type=″sicdrCategoryTypes″fixed=″Encryption″minOccurs=″0″/
/xschoice
/xssequence
/xsextension/xscomplexContent/xscomplexType-xscomplexType name=″SAMsgEncryptionAlgorithmType″-xsannotation
xsdocumentationDefine the category of the encryption policyfor the whole message per CP/Service/Activity.In this case,both XML and Non-XML must be defined./xsdocumentation/xsannotation-xscomplexContent-xsextensionbase=″sicdrAbstract_CPMessageSecurityAlgorithmType″
-xssequence
xselement name=″XMLEncryptionAlgCategory″type=″sicdrCategoryTypes″fixed=″XMLEncryption″/
xselement name=″EncryptionAlgCategory″type=″sicdrCategoryTypes″fixed=″Encryption″minOccurs=″0″/
/xssequence/xsextension/xscomplexContent
/xscomplexType-xscomplexType name=″SAMsgPartSignatureAlgorithmType″
-xsannotation
xsdocumentationDefine the signature policy for each partwithin a message perCP/Service/Activity/xsdocumentation
/xsannotation
-xscomplexContent
-xsextensionbase=″sicdrAbstract_CPMessageSecurityAlgorithmType″
-xssequence
-xschoice
xselement name=″SignatureAlgCategory″type=″sicdrCategoryTypes″fixed=″Signature″minOccurs=″0″/
xselement name=″XMLSignatureAlgCategory″type=″sicdrCategoryTypes″fixed=″XMLSignature″minOccurs=″0″/
/xschoice
/xssequence
/xsextension/xscomplexContent/xscomplexType-xscomplexType name=″SAMsgSignatureAlgorithmType″-xsannotation
xsdocumentationDefine the category of the signature policyfor the whoie message per CP/Service/Activity.In this case,only the XML Signature algorithm will bedefined./xsdocumentation/xsannotation-xscomplexContent-xsextensionbase=″sicdrAbstract_CPMessageSecurityAlgorithmType″
-xssequence
xselement name=″XMLSignatureAlgCategory″type=″sicdrCategoryTypes″fixed=″XMLSignature″/
/xssequence/xsextension/xscomplexContent/xscomplexType-xselement name=″CPSendServicesSecurityPolicy″-xsannotation
xsdocumentationFor the CP/Sending Service will have a setof security policy.The policy is defined per Sending CP′spreferences.This will be used foroverride./xsdocumentation/xsannotation-xscomplexType-xscomplexContent-xsextensionbase=″sicdrSendingServicesSecurityPolicyType″
-xsattribute name=″AuthenticateParty″type=″sicdCollaberationPartyID″use=″optional″
-xsannotation
xsdocumentationHost service delegateparty ID or the Sender′s partyID/xsdocumentation
/xsannotation
/xsattribute
xsattribute name=″DelegateFlag″type=″xsboolean″use=″optional″default=″false″/
/xsextension
/xscomplexContent
/xscomplexType/xselement-xscomplexType name=″SecuritySenderInfoType″-xscomplexContent
-xsextension base=″SecurityInfoType″
-xssequence minOccurs=″0″
xselement ref=″sicdrSendingCPSecurityPolicyProfile″mlnOccurs=″0″/
-xselement ref=″CPSendServicesSecurityPolicy″minOccurs=″0″
-xsannotation
xsdocumentationFor the CP/SendingService will have a set of security policy.
The policy is defined perSending CP′spreferences.This will be used foroverride./xsdocumentation
/xsannotation
/xselement
/xssequence
/xsextension/xscomplexContent/xscomplexType-xselement name=″CPRecvServicesSecurityPolicy″type=″sicdrRecelvingServicesSecurityPolicyType″-xsannotation
xsdocumentationFor each CP,every Receiving Service willhave a set of security policy.The policy is defined perReceiving CP′s requirements./xsdocumentation/xsannotation/xselement-xscomplexType name=″SecurityReceiverInfoType″-xscomplexContent-xsextension base=″sicdrSecurityInfoType″-xssequence minOccurs=″0″
-xselement ref=″sicdrCPRecvServicesSecurityPolicy″minOccurs=″0″
-xsannotation
xsdocumentationFor each CP,everyReceiving Service will have a set ofsecurity policy.The policy is defined perReceiving CP′srequirements./xsdocumentation
/xsannotation
/xselement/xssequence
/xsextension
/xscomplexContent
/xscomplexType
-xscomplexType name=″SecurityInfoType″
-xssequence minOccurs=″0″
-xselementref=″sicdrCommunitySecurityTemplatesPreference″minOccurs=″0″
-xsannotation
xsdocumentationSecurity Policy for this community,including Security Algorithm Templates,defaultsecurity Policy Templates and Community SecurityPolicy Preference./xsdocumentation
/xsannotation
/xselement
-xselement ref=″sicdrSAMsgSecurityPolicy″minOccurs=″0″
-xsannotation
xsdocumentationEach Server/Active/Message havemultiple parts and it can have signature andencryption policles for the whole message.Theauthentication is defined at the servicelevel./xsdocumentation
/xsannotation
/xselement
-xselement ref=″sicdrPublicKeys″minOccurs=″0″maxOccurs=″unbounded″
-xsannotation
xsdocumentationPublic key records for this CP.TheKeyID will be the unique key for the public keyrecords.The location will match all connectorswithin this request./xsdocumentation
/xsannotation
/xselement
-xselement ref=″sicdrConnectorCapability″minOccurs=″0″maxOccurs=″unbounded″
-xsannotation
xsdocumentationConnector CapabilityParameters/xsdocumentation
/xsannotation
/xselement
xselement ref=″sicdSecurityContainer″minOccurs=″0″maxOccurs=″unbounded″/
/xssequence
xsattribute name=″passcode″type=″xsbase64Binary″use=″optional″//xscomplexType/xsschema
SecurityContractKeyInfo.XSD?xml version=″1.0″encoding=″UTF-8″?-!--edited with XML SPy v4.4U(http//www.xmlspy.com)by Symon Chang(Commerce One)---xsschematargetNamespace=″publicidcom.commereeoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″xmlnssicd=″publicidcom.commerceoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″xmlnsxs=″http//www.w3.org/2001/XMLSchema″elementFormDefault=″qualified″attributeFormDefault=″unqualified″version=″1.0″-xssimpleType name=″CollaberationPartyID″
-xsannotation
xsdocumentationThis is the Collaboration Partner′sID/xsdocumentation
/xsannotation
xsrestriction base=″xsstring″//xssimpleType-xssimpleType name=″KeyUsageTypes″-xsannotation
xsdocumentationKey is used for signature,encryption,and/or authentication./xsdocumentation
/xsannotation-xsrestriction base=″xsNMTOKENS″
xsenumeration value=″AUTHENTICATION″/
xsenumeration value=″ENCRYPTION″/
xsenumeration value=″SIGNATURE″/
xsenumeration value=″SSL″/
/xsrestriction/xssimpleType-xssimpleType name=″KeyAlgorithmTypes″-xsannotation
xsdocumentationKey is RSA or DSA type ofkey./xsdocumentation/xsannotation-xsrestriction base=″xsNMTOKENS″
xsenumeration value=″RSA″/
xsenumeration value=″DSA″//xsrestriction/xssimpleType-xssimpleType name=″AuthenticateModeTypes″-xsannotation
xsdocumentationThe locatlon of where the authenticationtakes place.NONE means neither source nor targetconnector will perform the authentlcation.This may be thecase of letting foreign connector to perform theauthentication./xsdocumentation/xsannotation-xsrestrictlon base=″xsNMTOKEN″
xsenumeration value=″SOURCE″/
xsenumeration value=″TARGET″/
xsenumeration value=″NONE″/
/xsrestriction
/xssimpleType
-xselement name=″PublicKey″type=″sicdPublicKeyType″
-xsannotation
xsdocumentationThe Public Key record.Each public key willhave partyID,KeyInfo,description andusages./xsdocumentation
/xsannotation
/xselement
-xselement name=″EncryptionKeyInfo″
-xsannotation
xsdocumentationThe KeyInfo that has both PublicKeyID andX509Data for encryption./xsdocumentation
/xsannotation
-xscomplexType
-xscomplexContent
-xsextension base=″sicdKeyInfoType″
xsattribute name=″KeyOwner″type=″sicdCollaberationPartyID″use=″optional″/
/xsextension
/xscomplexContent/xscomplexType/xselement-xscomplexType name=″PublicKeyType″-xsannotation
xsdocumentationThe Public Key record,including PartyID,KeyInfo,Usages and Description./xsdocumentation/xsannotation-xssequencexselement ref=″sicdPartyID″/-xselement ref=″sicdEncryptlonKeyInfo″-xsannotation
xsdocumentationThe KeyInfo block that has KeyIDand X509 Data./xsdocumentation
/xsannotation/xselement-xselement ref=″sicdKeyTypeUsage″maxOccurs=″4″-xsannotation
xsdocumentationKey is used for signature,encryption,and/orauthentication./xsdocumentation/xsannotation/xselement-xselement name=″KeyAlgorithm″type=″sicdKeyAlgorithmTypes″minOccurs=″0″-xsannotation
xsdocumentationThe Key is RSA or DSAkey/xsdocumentation/xsannotation/xselementxselement ref=″sicdDescription″minOccurs=″0″/-xselement name=″Location″type=″xsstring″minOccurs=″0″-xsannotation
xsdocumentationThe connector ID that key thePrlvate Key./xsdocumentation
/xsannotation
/xselement
/xssequence
/xscomplexType
-xselement name=″PartyID″type=″sicdCollaberationPartyID″
-xsannotation
xsdocumentationTrading partner ID or Collaboration PartnerID in UUID format./xsdocumentation
/xsannotation
/xselement
-xselement name=″Description″type=″xsstring″
-xsannotation
xsdocumentationThe description of thekey/xsdocumentation
/xsannotation
/xselement
-xselement name=″KeyTypeUsage″type=″sicdKeyUsageTypes″
-xsannotation
xsdocumentationKey is used for signature,encryption,and/or authentication./xsdocumentation
/xsannotation
/xselement-xselement name=″KeyInfo″
-xsannotation
xsdocumentationThe KeyInfo object is from the XMLDsigdsKeyInfo object.However,within SICD we only use PublicKey ID field./xsdocumentation
/xsannotation
-xscomplexType
-xssequence
xselement ref=″sicdPublicKeyID″/
/xssequence
/xscomplexType/xselement-xselement name=″PublicKeyID″type=″xsstring″-xsannotation
xsdocumentationThe Public Key ID is a unique key ID(UUIDor from XMKS server)./xsdocumentation
/xsannotation/xselement-xselement name=″PublicKeyName″type=″sicdPublicKeyNameType″-xsannotation
xsdocumentationThe Name of the Public Key.It is same asthe PublicKeyID but has owner name as the optionalattribute./xsdocumentation/xsannotation/xselement-xscomplexType name=″PublicKeyNameType″-xssimpleContent-xsextension base=″xsstring″
xsattribute name=″KeyOwner″type=″sicdCollaberationPartyID″use=″optional″/
/xsextension
/xssimpleContent
/xscomplexType
-xscomplexType name=″KeyInfoType″
-xsannotation
xsdocumentationThis is for Encryption.The KeyInfo object isfrom the XMLDsig dsKeyInfo object.However,within SICDwe only use Public Key ID and X509 Certificate twofields./xsdocumentation
/xsannotation
-xssequence
xselement ref=″sicdPublicKeyID″/
-xselement name=″X509Data″minOccurs=″0″
-xscomplexType
-xssequence
xselement name=″X509Certificate″type=″xsbase64Binary″/
/xssequence
/xscomplexType
/xselement
/xssequence/xscomplexType-!--Policy Types---xscomplexType name=″Abstract_PolicyType″abstract=″true″
-xsannotation
xsdocumentationThis is the abstract policy for all securitypolicy related algorithm.The ID is the Template Name forthe Algorithm./xsdocumentation
/xsannotation
xsattribute name=″PolicyId″type=″xsstring″use=″optional″//xscomplexType-xscomplexType name=″Abstract_CredentialPolicyType″abstract=″true″
-xsannotation
xsdocumentationThis is the abstract policy for authenticationcredential policy algorithm./xsdocumentation
/xsannotation
-xscomplexContent
-xsextension base=″sicdAbstract_PolicyType″
-xssequence
xselement name=″CredentialPolicyAlgorithm″type=″xsstring″/
/xssequence
/xsextension/xscomplexContent/xscomplexType-xselement name=″AuthenticateImplementation″type=″xsstring″-xsannotation
xsdocumentationOptional for different implementation,suchas SAML,SecureID,or Kerberos./xsdocumentation/xsannotation/xselement
-xselement name=″AuthenticateMode″type=″sicdAuthenticateModeTypes″
-xsannotation
xsdocumentationThe location of where the authenticationtakes place.It can be either SOURCE connector or TARGETconnector.SOURCE means the sender′s local connectors willperform SAML Single Sign-On type of authentication.
TARGET means the connector on the receiving end willperform the authentication.NONE means neither source nortarget connector will perform the authentication.This maybe the case of letting forelgn connector to perform theauthentication./xsdocumentation
/xsannotation
/xselement
-xscomplexType name=″AuthenticationCredentialPolicyType″
-xsannotation
xsdocumentationThis authentication and credential policywill work for Basic and X509./xsdocumentation
/xsannotation
-xscomplexContent
-xsextension base=″sicdAbstract_CredentialPolicyType″
-xssequence minOccurs=″0″
xselement ref=″sicdAuthenticateMode″/
xselement ref=″sicdAuthenticateImplementation″minOccurs=″0″/
/xssequence
/xsextension
/xscomplexContent
/xscomplexType
-xscomplexType name=″AnonymousCredentialPolicyType″
-xsannotation
xsdocumentationThis is an anonymous credential policy typethat has no credential./xsdocumentation
/xsannotation
-xscomplexContent
-xsrestriction base=″sicdAbstract_CredentialPolicyType″
-xssequence
xselement name=″CredentialPolicyAlgorithm″type=″xsstring″fixed=″Anonymous″/
/xssequence
/xsrestriction
/xscomplexContent/xscomplexType-xscomplexType name=″BasicCredentialPolicyType″-xsannotation
xsdocumentationThis is a basic credential policy type thatuses ID and password as credential./xsdocumentation/xsannotation-xscomplexContent
xsextension base=″sicdAuthenticationCredentialPolicyType″//xscomplexContent/xscomplexType-xscomplexType name=″X509CredentialPolicyType″
-xsannotation
xsdocumentationThis is a X509 credantial policytype./xsdocumentation
/xsannotation
-xscomplexContent
xsextension base=″sicdAuthenticationCredentialPolicyType″/
/xscomplexContent
/xscomplexType-xscomplexType name=″BASE64_BINARYCredentialPolicyType″
-xsannotation
xsdocumentationThis is a BASE64_BINARY_CREDENTIALpolicy type./xsdocumentation
/xsannotation
-xscomplexContent
-xsextension base=″sicdAuthenticationCredentialPolicyType″
-xssequence
xselement name=″valueType″type=″xsQName″/
xselement name=″encodingType″type=″xsQName″/
/xssequerce
/xsextension
/xscomplexContent/xscomplexType-xscomplexType name=″Abstract_EncryptionPolicyType″abstract=″true″
-xsannotation
xsdocumentationThis is the abstract policy for Encryptionpolicy algorithm./xsdocumentation
/xsannotation
-xscomplexContent
-xsextension base=″sicdAbstract_PolicyType″
-xssequence
xselement name=″EncryptionPolicyAlgorithm″type=″xsstring″/
xselement name=″EncryptionMethod″type=″xsstring″/
xselement ref=″sicdKeySize″/
xselement ref=″sicdSymmetryKeySize″minOccurs=″0″/
/xssequerce
/xsextension/xscomplexContent/xscomplexType-xscomplexType name=″EncryptionPolicyType″-xsannotation
xsdocumentationThis encryption policy will work for bothXMLEnc and PKCS#7./xsdocumentation/xsannotation-xscomplexContent-xsextension base=″sicdAbstract_EncryptionPolicyType″
-xssequence
xselement name=″KeyEncryptionMethod″type=″xsstring″minOccurs=″0″/
/xssequence
/xsextension
/xscomplexContent
/xscomplexType
-xselement name=″KeySize″
-xsannotation
xsdocumentationThis is the asymmetry encryption orsymmetry key size,depends which algorithm is used.For anasymmetry case,this will be the asymmetry key size,andthe symmetry key size is defined on the SymmetryKeySizefield./xsdocumentation
/xsannotation
-xssimpleType
-xsrestriction base=″xsshort″
xsminInclusive value=″56″/
xsmaxExclusive value=″4096″/
/xsrestriction
/xssimpleType
/xselement
-xselement name=″SymmetryKeySize″
-xsannotation
xsdocumentationThis is the symmetry encryption key size,ifthe asymmetry algorithm is used./xsdocumentation
/xsannotation
-xssimpleType
-xsrestriction base=″xsshort″
xsminInclusive value=″56″/
xsmaxExclusive value=″4096″/
/xsrestriction
/xssimpleType/xselement-xscomplexType name=″XMLEncryptionPolicyType″-xsannotation
xsdocumentationThis will work for any encryption policytype./xsdocumentation
/xsannotation-xscomplexContent
-xsextension base=″sicdAbstract_EncryptionPolicyType″
-xssequence
xselement name=″KeyEncryptionMethod″type=″xsstring″default=″http//www.w3.org/2001/04/xmlenc#rsa-1_5″/
xselement name=″DecryptionTransform″type=″xsstring″minOccurs=″0″/
/xssequence
/xsextension/xscomplexContent/xscomplexType-xscomplexType name=″Abstract_SignaturePolicyType″abstract=″true″-xsannotation
xsdocumentationThis is the abstract policy for DigitalSignature policy algorithm./xsdocumentation/xsannotation-xscomplexContent
-xsextension base=″sicdAbstract_PolicyType″
-xssequence
xselement name=″SignaturePolicyAlgorithm″type=″xsstring″/
xselement name=″SignatureAlgorithm″type=″xsstring″/
xselement name=″HashFunction″type=″xsstring″/
/xssequence
/xsextension
/xscomplexContent
/xscomplexType
-xscomplexType name=″SignaturePolicyType″
-xsannotation
xsdocumentationThis will work for any digital signaturepolicy type./xsdocumentation
/xsannotation
-xscomplexContent
xsextension base=″sicdAbstract_SignaturePolicyType″/
/xscomplexContent
/xscomplexType
-xscomplexType name=″XMLDsigPolicyType″
-xsannotation
xsdocumentationThis is for XMLDsigpolicy./xsdocumentation
/xsannotation
-xscomplexContent
-xsextension base=″sicdSignaturePolicyType″
-xssequence
xselement name=″CanonicalizationMethod″type=″xsstring″minOccurs=″0″/
xselement name=″Transform″type=″xsstring″minOccurs=″0″/
/xssequence
/xsextension
/xscomplexContent/xscomplexType-!--Message Part---xscomplexType name=″PartElementType″-xsannotation
xsdocumentationXpath is used to define the element withinthe part of the message./xsdocumentation
/xsannotation-xssimpleContent
-xsextension base=″xsstring″
xsattribute name=″Type″type=″xsanyURI″use=″optional″/
xsattribute name=″BlockId″type=″xsshort″use=″optional″/
/xsextension/xssimpleContent/xscomplexType-xscomplexType name=″MessagePartsType″
-xsannotation
xsdocumentationThe part within a message.URI is used todefine the part./xsdocumentation
/xsannotation
-xssequence
-xselement name=″PartElement″type=″sicdPartElementType″minOccurs=″0″maxOccurs=″unbounded″
-xsannotation
xsdocumentationThe element within the part.It isonly apply to XML type of messagepart./xsdocumentation
/xsannotation
/xselement
/xssequence
xsattribute name=″PartName″type=″xsstring″use=″required″/
xsattribute name=″Type″type=″xsanyURI″use=″optional″/
xsattribute name=″AlgorithmId″type=″xsstring″use=″optional″/
xsattribute name=″BlockId″type=″xsshort″use=″optional″/
xsattribute name=″isOptional″type=″xsboolean″use=″optional″default=″false″//xscomplexType-xselement name=″MessagePart″type=″sicdMessagePartsType″-xsannotation
xsdocumentationThe part within the message.TheAlgorithmId is for this part.If the AlgorithmId is notdefined,then parent′s AlgorithmId will beused./xsdocumentation
/xsannotation/xselement/xsschema
SecurityContract.XSD?xml version=″1.0″encoding=″UTF-8″?-!--edited with XML Spy v4.4U(http//www.xmlspy.com)by Chong Hsu(Commerce One)---!-Security Interop Contract DocumentCreated bySymon ChangCopyright 2002 Commerce One,Inc.---xsschematargetNamespace=″publicidcom.commerceoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″xmlnssaml=″urnoasisnamestcSAML1.0assertion″xmlnssicd=″publicidcom.commerceoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″xmlnsxs=″http//www.w3.org/2001/XMLSchema″xmlnsds=″http//www.w3.org/2000/09/xmldsig#″elementFormDefault=″qualified″attributeFormDefault=″unqualified″version=″1.0″-!--imports--
-!--xsimportnamespace=″publicidcom.commerceoneschemas/soapextension/contract/v1_0/InteroperabilityContract.xsd″schemaLocation=″http//schemas.commerceone.com/schemas/soapextension/contract/v1_0/InteroperabilityContract.xsd″/--xsimport namespace=″urnoasisnamestcSAML1.0assertion″schemaLocation=″http//www.oasis-open.org/committees/security/docs/cs-sstc-schema-assertion-01.xsd″/-!--includes--xsinclude schemaLocation=″SecurityContractKeyInfo.xsd″/-!--Schema for Security Policies---!--top element---xselement name=″SecurityContractICD″type=″sicdSecurityContractType″-xsannotation
xsdocumentationThe Security Interop Contract agreement.Itdefines Policies and channels for securitypolicles./xsdocumentation/xsannotation/xselement-!--Schema for Security Policies---!--Define Crdetential Policies---xselement name=″BasicCredentialPolicy″type=″sicdBaslcCredentialPolicyType″
-xsannotation
xsdocumentationThe credential and authentication algorithmpolicy for ID and Password./xsdocumentation
/xsannotation/xselement-xselement name=″X509CredentialPolicy″type=″sicdX509CredentialPolicyType″
-xsannotation
xsdocumentationThe credential and authentication algorithmpolicy for X.509 Certificate./xsdocumentation
/xsannotation/xselement-xselement name=″AnonymousCredentialPolicy″type=″sicdAnonymousCredentlalPolicyType″
-xsannotation
xsdocumentationThe credential and authentication algorithmpolicy for no credential./xsdocumentation
/xsannotation/xselement-xselement name=″BASE64_BINARYCredentialPolicy″type=″sicdBASE64_BINARYCredentialPolicyType″
-xsannotation
xsdocumentationThe credential and authentication algorithmpolicy for BASE64_BINARY_CREDENTIAL/xsdocumentation
/xsannotation/xselement-xselement name=″AuthenticationPolicies″-xsannotation
xsdocumentationThe abstraction for credential andauthentication algorithm policy./xsdocumentation
/xsannotation-xscomplexType
-xssequence
xselement ref=″sicdBasicCredentialPolicy″minOccurs=″0″maxOccurs=″unbounded″/
xselement ref=″sicdX509CredentialPolicy″minOccurs=″0″maxOccurs=″unbounded″/
xselement ref=″sicdBASE64_BINARYCredentialPolicy″minOccurs=″0″maxOccurs=″unbounded″/
xselement ref=″sicdAnonymousCredentialPolicy″minOccurs=″0″maxOccurs=″unbounded″/
/xssequence/xscomplexType/xselement-!--Define Encryption Policies
--
-xselement name=″EncryptionPolicy″type=″sicdEncryptionPolicyType″
-xsannotation
xsdocumentationThe encryption algorithm and policy,suchas PCSK#7,or S/MIME./xsdocumentation
/xsannotation
/xselement
-xselement name=″XMLEncryptionPolicy″type=″sicdXMLEncryptionPolicyType″
-xsannotation
xsdocumentationThe encryption algorithm and policy forXMLEnc./xsdocumentation
/xsannotation
/xselement
-xselement name=″EncryptionPolicies″
-xsannotation
xsdocumentationThe group of encryption algorithms andpolicies for XMLEnc,PCSK#7,or S/MIME.The PolicyID willbe the TemplateID in the Registry.This ID will be used inthe Channel Section as AlgorithmID to identify whichencryption policy algorithm will be used./xsdocumentation
/xsannotation
-xscomplexType
-xssequence
xselement ref=″sicdXMLEncryptionPolicy″minOccurs=″0″maxOccurs=″unbounded″/
xselement ref=″sicdEncryptionPolicy″minOccurs=″0″maxOccurs=″unbounded″/
/xssequence
/xscomplexType/xselement-!--Digital Signature Policy---xselement name=″XMLDsigPolicy″type=″sicdXMLDsigPolicyType″-xsannotation
xsdocumentationThe signature algorithm and policy forXMLDsig./xsdocumentation
/xsannotation/xselement-xselement name=″SignaturePolicy″type=″sicdSignaturePolicyType″-xsannotation
xsdocumentationThe signature algorithm and policy forXMLDsig,PCSK#7 or S/MIME./xsdocumentation/xsannotation/xselement-xselement name=″SignaturePolicies″-xsannotation
xsdocumentationThe group of digital signature algorithmsand policies for XMLDsig,PCKS#7,or S/MIME.The Policy IDwill be the TemplateID in the Registry.This Policy ID will beused in the Channel Section as AlgorithmID to identifywhich sinature policy algorithm will beused./xsdocumentation
/xsannotation-xscomplexType
-xssequence
xselement ref=″sicdXMLDsigPolicy″minOccurs=″0″maxOccurs=″unbounded″/
xselement ref=″sicdSignaturePolicy″minOccurs=″0″maxOccurs=″unbounded″/
/xssequence/xscomplexType/xselement-!--Non-repudiation---xselement name=″NonRepudiationPolicy″type=″sicdSignaturePolicyType″substitutionGroup=″sicdNonRepudlationPolicies″-xsannotation
xsdocumentationThe non-repudiation algorithm and policythat use digital signature./xsdocumentation/xsannotation/xselement-xselement name=″NonRepudiationPolicies″type=″sicdAbstract_PolicyType″abstract=″true″-xsannotation
xsdocumentationThe policy and algorithm for non-repudiation of origin./xsdocumentation/xsannotation/xselement-xselement name=″NonRepudiationReceiptPolicy″type=″sicdSignaturePolicyType″substitutionGroup=″sicdNonRepudiationReceiptPolicies″-xsannotation
xsdocumentationThe non-repudiation algorithm and policythat use dlgital signature./xsdocumentation/xsannotation/xselement-xselement name=″NonRepudiationReceiptPolicies″type=″sicdAbstract_PolicyType″abstract=″true″-xsannotation
xsdocumentationThe policy and algorithm for non-repudiation of recelpt./xsdocumentation/xsannotation/xselement-xselement name=″SecurityPolicies″-xsannotation
xsdocumentationThe security Policies section.It defines allpolicy related security policies./xsdocumentation/xsannotation-xscomplexType-xssequence
xselement ref=″sicdAuthenticationPolicies″minOccurs=″0″/
xselement ref=″sicdSignaturePolicies″minOccurs=″0″/
xselement ref=″sicdEncryptionPolicies″minOccurs=″0″/
xselement ref=″sicdNonRepudiationPolicies″minOccurs=″0″maxOccurs=″unbounded″/
xselement ref=″sicdNonRepudiationReceiptPolicies″minOccurs=″0″maxOccurs=″unbounded″/
xselement ref=″sicdEncryptionKeyInfo″minOccurs=″0″maxOccurs=″unbounded″/
/xssequence
/xscomplexType
/xselement-!--Schema for Channel--
-xscomplexType name=″KeyAlgorithmType″
-xsannotation
xsdocumentationThe root for Integrity and Confidentialblocks.All these two types of block within the Securitychannel have to have PublicKeyID and Algorithm Id,so doesthe signing and encryption policy within the Credentialblock./xsdocumentation
/xsannotation
-xssequence
xselement ref=″sicdPublicKeyName″/
/xssequence
xsattribute name=″AlgorithmId″type=″xsstring″use=″optional″/
/xscomplexType-xscomplexType name=″KeyMessagePartsType″
-xsannotation
xsdocumentationThe root for parts in a nessage.It alsodefine the KeyInfo and the algorithm policy for allparts./xsdocumentation
/xsannotation
-xscomplexContent
-xsextension base=″sicdKeyAlgorithmType″
-xssequence minOccurs=″0″
xselement ref=″sicdMessagePart″minOccurs=″0″maxOccurs=″unbounded″/
/xssequence
xsattribute name=″SequenceID″type=″xsshort″use=″optional″/
/xsextension/xscomplexContent/xscomplexType-xselement name=″Credential″-xsannotation
xsdocumentationThe credential and authentication policy.
Note that the CredentailEncryptionAlgorithm is here.This isdue to authentication will be preformed before thedecryption at inbound./xsdocumentation/xsannotation-xscomplexType-xssequence minOccurs=″0″-xschoice minOccurs=″0″
-xselement name=″PartyID″type=″sicdCollaberationPartyID″minOccurs=″0″
-xsannotation
xsdocumentationThe party ID that is usedfor Basic credential./xsdocumentation
/xsannotation
/xselement
-xselement ref=″sicdPublicKeyName″minOccurs=″0″
-xsannotation
xsdocumentationThe key that is used forX.509 credential./xsdocumentation
/xsannotation
/xselement
/xschoice
-xselement name=″CredentialEncryptionAlgorithm″type=″sicdKeyAlgorithmType″minOccurs=″0″
-xsannotation
xsdocumentationThe Encryption Algorithm thatis used to encrypt the credential.This will onlybe used when the Authentication mode isTARGET./xsdocumentation
/xsannotation
/xselement
/xssequence
xsattribute name=″AlgorithmId″type=″xsstring″use=″required″/
xsattribute name=″SequenceID″type=″xsshort″use=″optional″/
xsattribute name=″DelegationFlag″type=″xsboolean″use=″optional″default=″false″/
/xscomplexType
/xselement
-xselement name=″Confidential″
-xsannotation
xsdocumentationThe encryption security policy.TheAlgorithmId will be the tmeplateID from the Registry.If theAlgorithmId is defined and no message parts,then thewhole message will be encrypted.In this case,if there areNon-XML parts,then the NonXMLAlgorithmID will bedefined,too./xsdocumentation
/xsannotation
-xscomplexType
-xscomplexContent
-xsextension base=″sicdKeyMessagePartsType″
xsattribute name=″NonXMLAlgorithmId″type=″xsstring″use=″optional″/
/xsextension
/xscomplexContent/xscomplexType/xselement-xselement name=″Integrity″-xsannotation
xsdocumentationThe digitai slgnature security policy.TheAlgorithmId will be the tmeplateID from the Registry.If theAlgorithmID is defined,and no message parts then thewhole message will be signed./xsdocumentation/xsannotation
-xscomplexType
-xscomplexContent
-xsextension base=″sicdKeyMessagePartsType″
-xssequence minOccurs=″0″
-xselement name=″HeaderSignatureAlgorithm″type=″sicdKeyAlgorithmType″minOccurs=″0″
-xsannotation
xsdocumentationThe SignatureAlgorithm that is used to sign theheader credntial./xsdocumentation
/xsannotation
/xselement
/xssequence
xsattribute name=″NonXMLAlgorithmId″type=″xsstring″use=″optional″/
/xsextension
/xscomplexContent
/xscomplexType
/xselement
-xselement name=″NonRepudiation″
-xsannotation
xsdocumentationThe non-repudiation of orginpolicy./xsdocumentation
/xsannotation
-xscomplexType
-xssequence
xselement name=″NROSignPart″type=″sicdKeyMessagePartsType″/
/xssequence
/xscomplexType/xselement-xselement name=″NonRepudiationReceipt″-xsannotation
xsdocumentationThe non-repudiation of receiptpolicy./xsdocumentation
/xsannotation-xscomplexType
-xssequence
xselement name=″NRRSignPart″type=″sicdKeyMessagePartsType″/
/xssequence/xscomplexType/xselement-xselement name=″Authorization″-xsannotation
xsdocumentationThe SAML attribute assertion for thesending CP that will be pass to the receiving service.Thiswill be shown in the end-to-end securitychannel./xsdocumentation/xsannotation-xscomplexType-xssequence minOccurs=″0″
xselement ref=″samlAssertion″minOccurs=″0″maxOccurs=″unbounded″/
/xssequence
xsattribute name=″RequireSubscription″type=″xsboolean″use=″required″/
/xscomplexType
-!--samlAttributeStatementType″
--
/xselement
-xselement name=″SecurityContainer″
-xsannotation
xsdocumentationThis will be the container for those piggyback security related objects./xsdocumentation
/xsannotation
-xscomplexType
-xssequence minOccurs=″0″
-xselement name=″MMLCredential″minOccurs=″0″
-xscomplexType
-xssequence minOccurs=″0″
xselement name=″MarketParticipantID″type=″xsstring″minOccurs=″0″/
xselement name=″TPName″type=″xsstring″minOccurs=″0″/
xselement name=″TPShortName″type=″xsstring″minOccurs=″0″/
xselement name=″TPRoleName″type=″xsstring″minOccurs=″0″maxOccurs=″unbounded″/
/xssequence
/xscomplexType
/xselement
xselement name=″PiggybackObject″type=″xsanyType″minOccurs=″0″maxOccurs=″unbounded″/
/xssequence/xscomplexType/xselement-xselement name=″SecurityChannel″-xsannotation
xsdocumentationThe Security Channel defines the fromconnector and to connector,and what to do within thechannel,such as authentication,encryption and digitalsignature./xsdocumentation/xsannotation-xscomplexType-xssequence
xselement ref=″sicdCredential″minOccurs=″0″/
xselement ref=″sicdConfidential″minOccurs=″0″/
xselement ref=″sicdIntegrity″minoccurs=″0″/
-xselement ref=″sicdAuthorization″minOccurs=″0″
-xsannotation
xsdocumentationThe SAML attribute assertionfor the sending CP that will be pass to thereceiving service.This will be shown in theend-to-end securitychannel./xsdocumentation
/xsannotation
/xselement
xselement ref=″sicdNonRepudiation″minOccurs=″0″/
xselement ref=″sicdNonRepudiationReceipt″minOccurs=″0″/
-xselement ref=″sicdSecurityContainer″minOccurs=″0″
-xsannotation
xsdocumentationThis will be the container forthose piggy back security relatedobjects./xsdocumentation
/xsannotation
/xselement
/xssequence
xsattribute name=″channelId″type=″xsstring″use=″optional″/
xsattribute name=″sourceConnector″type=″xsstring″use=″required″/
xsattribute name=″targetConnector″type=″xsstring″use=″required″/
/xscomplexType/xselement-xscomplexType name=″SecurityContractType″-xssequence
xselement ref=″sicdSecurityPolicies″/
xselement ref=″sicdSecurityChannel″maxOccurs=″unbounded″/
/xssequence/xscomplexType/xsschema
CommunitySecurityTemplatesInfo.XML?xml version=″1.0″encoding=″UTF-8″?-!--edited with XML Spy v4.4U(http//www.xmlspy.com)by Symon Chang(Commerce One)---sicdrCommunitySecurityTemplatesPreferencexmlnssicdr=″publicidcom.commerceoneschemas/contract/helperinfo/v1_0/SecuritySenderReceiverInfo.xsd″xmlnssicd=″publicidcom.commerceoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″xmlnsxsi=″http//www.w3.org/2001/XMLSchema-instance″xsischemaLocation=″publicidcom.commerceoneschemas/contract/helperinfo/v1_0/SecuritySenderReceiverInfo.xsdhttp//schemas.commerceone.com/schemas/contrect/helperinfo/v1_0/SecuritySenderReceiverInfo.xsd″-sicdrSecurityAlgorithmTemplates-sicdrXMLSignatureAlgorithmTemplate Name=″DSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e9-c40beac518e7″
sicdrCategoryXMLSigneture/sicdrCategory
-sicdXMLDsigPolicy PolicyId=″P-XMLSignetureDSA-SHA1-C14N″
sicdSignaturePolicyAlgorithmhttp//www.w3.org/2000/09/xmldsig#/sicdSignaturePolicyAlgorithm
sicdSignatureAlgorithmSHA1withDSA/sicdSignatureAlgorithm
sicdHashFunctionSHA1/sicdHashFunction
sicdCanonicalizationMethodhttp//www.w3.org/TR/2000/CR-xml-c14n-20001026/sicdCanonicalizationMethod
sicdTransformhttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform/sicdTransform
/sicdXMLDsigPolicy
/sicdrXMLSignatureAlgorithmTemplate
-sicdrXMLSignatureAlgorithmTemplate Name=″DSA-SMA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e6-c40beac518e7″
sicdrCategoryXMLSignature/sicdrCategory
-sicdXMLDsigPolicy PolicyId=″P-XMLSignatureDSA-SHA1-EXC14N″
sicdSignaturePolicyAlgorithmhttp//www.w3.org/2000/09/xmldsig#/sicdSignaturePolicyAlgorithm
sicdSignatureAlgorithmSHA1withDSA/sicdSignatureAlgorithm
sicdHashFunctionSHA1/sicdHashFunction
sicdCanonicalizationMethodhttp//www.w3.org/2001/10/xml-exc-c14n#/sicdCanonicalizationMethod
sicdTransformhttp//msdn.microsoft.com/ws/2002/
01/Security#RoutlngSignatureTransform/sicdTransform/sicdXMLDsigPolicy/sicdrXMLSignatureAlgorithmTempiate-sicdrXMLSignatureAlgorithmTemplate Name=″RSA-MD5-C14N″ID=″bb587fa0-b980-11d6-b8e8-c40beac518e7″
sicdrCategoryXMLSignatute/sicdrCategory-sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-MD5-C14N″
sicdSignaturePolicyAlgorithmhttp//www.w3.org/2000/09/xmldsig#/sicdSignaturePolicyAlgorithm
sicdSignatureAlgorithmMD5withRSA/sicdSignatureAlgorithm
sicdHashFunctionMD5/sicdHashFunction
sicdCanonicalizationMethodhttp//www.w3.org/TR/2000/CR-xml-c14n-20001026/sicdcanonicalizationMethod
sicdTransformhttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform/sicdTransform/sicdXMLDsigPolicy/sicdrXMLSignatureAlgorithmTemplate-sicdrXMLSignatureAlgorithmTemplate Name=″RSA-MD5-EXC14N″ID=″bb587fa0-b980-11d6-b8e5-c40beac518e7″
sicdrCategoryXMLSignature/sicdrCategory-sicdXMLDsigPolicy PolicyId=″P-XMLSignatuteRSA-MD5-EXC14N″
sicdSignaturePolicyAlgorithmhttp//www.w3.org/2000/09/xmldsig#/sicdSignaturePolicyAlgorithm
sicdSignatureAlgorithmMD5withRSA/sicdSignatureAlgorithm
sicdHashFunctionMD5/sicdHashFunction
sicdCanonicalizationMethodhttp//www.w3.org/2001/10/xml-exc-c14n#/sicdCanonicalizationMethod
sicdTransformhttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform/sicdTransform/sicdXMLDsigPolicy/sicdrXMLSignatureAlgorithmTemplate-sicdrXMLSignatureAlgorithmTemplate Name=″RSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e7-c40beac518e7″
sicdrCategoryXMLSignature/sicdrCategory-sicdXMLDsigPolicy PolicyId=″P-XMLSignatuteRSA-SHA1-C14N″
sicdSignaturePolicyAlgorithmhttp//www.w3.org/2000/09/xmldsig#/sicdSignaturePolicyAlgorithm
sicdSignatureAlgorithmSHA1withRSA/sicdSignatureAlgorithm
sicdHashFunctionSHA1/sicdHashFunction
sicdCanonicalizationMethodhttp//www.w3.org/TR/2000/CR-xml-c14n-20001026/sicdCanonicalizationMethod
sicdTransformhttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform/sicdTransform/sicdXMLDsigPolicy/sicdrXMLSignatureAlgorithmTemplate-sicdrXMLSignatureAlgorithmTemplate Name=″RSA-SHA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e4-c40beac518e7″
sicdrCategoryXMLSignature/sicdrCategory-sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-SHA1-EXC14N″
sicdSignaturePolicyAlgorithmhttp//www.w3.org/2000/09/xmldsig#/sicdSignaturePolicyAlgorithm
sicdSignatureAlgorithmSHA1withRSA/sicdSignatureAlgorithm
sicdHashFunctionSHA1/sicdHashFunction
sicdCanonicalizationMethodhttp//www.w3.org/2001/10/xml-exc-c14n#/sicdCanonicalizationMethod
sicdTransformhttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform/sicdTransform
/sicdXMLDsigPolicy/sicdrXMLSignatureAlgorithmTemplate-sicdrXMLEncryptionAlgorithmTemplate Name=″3DES-RSA-2048″ID=″bb587fa0-b980-11d6-b8ea-c40beec518e7″
sicdrCategoryXMLEncryption/sicdrCategory
-sicdXMLEncryptionPolicy PolicyId=″P-XMLEncrypt3DES-RSA-2048″
sicdEncryptionPolicyAlgorithmhttp//www.w3.org/2001/04/xmlenc#/sicdEncryptionPolicyAlgorithm
sicdEncryptionMethodhttp//www.w3.org/2001/04/xmlenc#3des-cbc/sicdEncryptionMethod
sicdKeySize2048/sicdKeySize
sicdKeyEncryptionMethodhttp//www.w3.org/2001/04/xmlenc#rsa-1_5/sicdKeyEncryptionMethod
/sicdXMLEncryptionPolicy/sicdrXMLEncryptionAlgorithmTemplate-sicdrXMLEncryptionAlgorithmTemplate Name=″AES-128-RSA-2048″ID=″bb587fa0-b980-11d6-b8eb-c40beac518e7″
sicdrCategoryXMLEncryption/sicdrCategory
-sicdXMLEncryptionPolicy PolicyId=″P-XMLEncryptAES-128-RSA-2048″
sicdEncryptionPolicyAlgorithmhttp//www.w3.org/2001/04/xmlenc#/sicdEncryptionPolicyAlgorithm
sicdEncryptionMethodhttp//www.w3.org/2001/04/xmlenc#aes128-cbc/sicdEncryptionMethod
sicdKeySize2048/sicdKeySize
sicdSymmetryKeySize128/sicdSymmetryKeySize
sicdKeyEncryptionMethodhttp//www.w3.org/2001/04/xmlenc#rsa-1_5/sicdKeyEncryptionMethod
/sicdXMLEncryptionPolicy/sicdrXMLEncryptionAlgorithmTemplate-sicdrXMLEncryptionAlgorithmTemplate Name=″DES-RSA-1024″ID=″bb587fa0-b980-11d6-b8ec-c40beac518e7″
sicdrCategoryXMLEncryption/sicdrCategory
-sicdXMLEncryptionPolicy PolicyId=″P-XMLEncryptDES-RSA-1024″
sicdEncryptionPolicyAlgorithmhttp//www.w3.org/2001/04/xmlenc#/sicdEncryptionPolicyAlgorithm
sicdEncryptionMethodhttp//www.commerceone.com/security/xmlenc#des/sicdEncryptionMethod
sicdKeySize1024/sicdKeySize
sicdKeyEncryptionMethodhttp//www.w3.org/2001/04/xmlenc#rsa-1_5/sicdKeyEncryptionMethod
/sicdXMLEncryptionPolicy/sicdrXMLEncryptionAlgorithmTemplate/sicdrSecurityAlgorithmTemplates-sicdrCommunitySecurityPolicyPreferencesicdrSignMessageHeaderfalse/sicdrSignMessageHeadersicdrEncryptCredentialfalse/sicdrEncryptCredentialsicdrCredentialPreferenceBASIC/sicdrCredentialPreference/sicdrCommunitySecurityPolicyPreference-sicdrSecurityPolicyTemplatePreference Name=″RSA-SHA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e4-c40beac518e7″sicdrCategoryXMLSignature/sicdrCategorysicdrPreference101/sicdrPreference/sicdrSecurityPolicyTemplatePreference-sicdrSecurityPolicyTemplatePreference Name=″RSA-MD5-EXC14N″ID=″bb587fa0-b980-11d6-b8e5-c40beac518e7″sicdrCategoryXMLSignature/sicdrCategorysicdrPreference102/sicdrPreference/sicdrSecurityPolicyTemplatePreference-sicdrSecurityPolicyTemplatePreference Name=″RSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e7-c40beac518e7″sicdrCategoryXMLSignature/sicdrCategorysicdrPreference104/sicdrPreference/sicdrSecurityPolicyTemplatePreference-sicdrSecurityPolicyTemplatePreference Name=″RSA-MD5-C14N″ID=″bb587fa0-b980-11d6-b8e8-c40beac518e7″sicdrCategoryXMLSignature/sicdrCategorysicdrPreference105/sicdrPreference/sicdrSecurityPolicyTemplatePreference-sicdrSecurityPolicyTemplatePreference Name=″3DES-RSA-2048″ID=″bb587fa0-b980-11d6-b8ea-c40beac518e7″sicdrCategoryXMLEncryption/sicdrCategorysicdrPreference107/sicdrPreference/sicdrSecurityPolicyTemplatePreference-sicdrSecurityPolicyTemplatePreference Name=″AES-128-RSA-2048″ID=″bb587fa0-b980-11d6-b8eb-c40beac518e7″sicdrCategoryXMLEncryption/sicdrCategorysicdrPreference108/sicdrPreference/sicdrSecurityPolicyTemplatePreference-sicdrSecurityPolicyTemplatePreference Name=″DES-RSA-1024″ID=″bb587fa0-b980-11d6-b8ec-c40beac518e7″sicdrCategoryXMLEncryption/sicdrCategorysicdrPreference109/sicdrPreference/sicdrSecurityPolicyTemplatePreference/sicdrCommunitySecurityTemplatesPreference
SecuritySenderInfo.XML?xml version=″1.0″encoding=″UTF-8″?-!--edited with XML Spy v4.4U(http//www.xmlspy.com)by Symon Chang(Commerce One)---!--Sample XML file generated by XML Spy v4.4U(http//www.xmlspy.com)---SecuritySenderInfoxmlns=″publicidcom.commerceoneschemas/contract/helperinfo/v1_0/SecuritySenderReceiverInfo.xsd″xmlnsds=″http//www.w3.org/2000/09/xmldsig#″xmlnssaml=″urnoasisnamestcSAML1.0assertion″xmlnssicd=″publicidcom.commerceoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″xmlnsxsi=″http//www.w3.org/2001/XMLSchema-instance″xsischemaLocation=″publicldcom.commerceoneschemas/contract/helperinfo/v1_0/SecuritySenderReceiverInfo.xsdC\platform\core\main\wse\schema\contract\helperinfo\v1_0\SecuritySenderReceiverInfo.xsd″-CommunitySecurityTemplatesPreference-SecurityAlgorithmTemplates
-XMLSignatureAlgorithmTemplate Name=″DSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e9-c40beac518e7″
CategoryXMLSignature/Category
-sicdXMLDsigPolicy PolicyId=″P-XMLSignatureDSA-SHA1-C14N″
sicdSignaturePolicyAlgorithmhttp//www.w3.org/2000/09/xmldsig#/sicdSignaturePolicyAlgorithm
sicdSignatureAlgorithmSHA1withDSA/sicdSignatureAlgorithm
sicdHashFunctionSHA1/sicdHashFunction
sicdCanonicalizationMethodhttp//www.w3.org/TR/2000/CR-xml-c14n-20001026/slcdCanonicalizationMethod
sicdTransformhttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform/sicdTransform
/sicdXMLDsigPolicy
/XMLSignatureAlgorithmTemplate
-XMLSlgnatureAlgorithmTemplate Name=″DSA-SHA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e6-c40beac518e7″
CategoryXMLSignature/Category
-sicdXMLDsigPolicy PolicyId=″P-XMLSignatureDSA-SHA1-EXC14N″
sicdSignaturePolicyAlgorithmhttp//www.w3.org/2000/09/xmldsig#/sicdSignaturePolicyAlgorithm
sicdSignatureAlgorithmSHA1withDSA/sicdSignatureAlgorithm
sicdHashFunctionSHA1/sicdHashFunction
sicdCanonicalizationMethodhttp//www.w3.org/2001/10/xml-exc-c14n#/sicdCanonicalizationMethod
sicdTransformhttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform/sicdTransform/sicdXMLDsigPolicy/XMLSignatureAlgorithmTemplate-XMLSignatureAlgorithmTemplate Name=″RSA-MD5-C14N″ID=″bb587fa0-b980-11d6-b8e8-c40beac518e7″CategoryXMLSignature/Category-sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-MD5-C14N″
sicdSignaturePolicyAlgorithmhttp//www.w3.org/2000/09/xmldsig#/sicdSignaturePolicyAlgorithm
sicdSignatureAlgorithmMD5withRSA/sicdSignatureAlgorithm
sicdHashFunctionMD5/sicdHashFunction
sicdCanonicalizationMethodhttp//www.w3.org/TR/2000/CR-xml-c14n-20001026/sicdCanonicalizationMethod
sicdTransformhttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform/sicdTransform/sicdXMLDsigPolicy/XMLSignatureAlgorithmTemplate-XMLSignatureAlgorithmTemplate Name=″RSA-MD5-EXC14N″ID=″bb587fa0-b980-11d6-b8e5-c40beac518e7″
CategoryXMLSignature/Category-sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-MD5-EXC14N″
sicdSignaturePolicyAlgorithmhttp//www.w3.org/2000/09/xmldsig#/sicdSignaturePolicyAlgorithm
sicdSignatureAlgorithmMD5withRSA/sicdSignatureAlgorithm
sicdHashFunctionMD5/sicdHashFunction
sicdCanonicalizationMethodhttp//www.w3.org/2001/10/xml-exc-c14n#/sicdCanonicalizationMethod
sicdTransformhttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform/sicdTransform/sicdXMLDsigPolicy/XMLSignatureAlgorithmTemplate-XMLSignatureAlgorithmTemplate Name=″RSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e7-c40beac518e7″CategoryXMLSignature/Category-sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-SHA1-C14N″
sicdSignaturePolicyAlgorithmhttp//www.w3.org/2000/09/xmldsig#/sicdSignaturePolicyAlgorithm
sicdSignatureAlgorithmSHA1withRSA/sicdSignatureAlgorithm
sicdHashFunctionSHA1/sicdHashFunction
sicdCanonicalizationMethodhttp//www.w3.org/TR/2000/CR-xml-c14n-20001026/sicdCanonicalizationMethod
sicdTransformhttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform/sicdTransform/sicdXMLDsigPolicy/XMLSignatureAlgorithmTemplate-XMLSignatureAlgorithmTemplate Name=″RSA-SHA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e4-c40beac518e7″CategoryXMLSignature/Category-sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-SHA1-EXC14N″
sicdSignaturePolicyAlgorithmhttp//www.w3.org/2000/09/xmldsig#/sicdSignaturePolicyAlgorithm
sicdSignatureAlgorithmSHA1withRSA/sicdSignatureAlgorithm
sicdHashFunctionSHA1/sicdHashFunction
sicdCanonicalizationMethodhttp//www.w3.org/2001/10/xml-exc-c14n#/sicdCanonicalizationMethod
sicdTransformhttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform/sicdTransform/sicdXMLDsigPolicy/XMLSignatureAlgorithmTemplate-XMLEncryptionAlgorithmTemplate Name=″3DES-RSA-2048″ID=″bb587fa0-b980-11d6-b8ea-c40beac518e7″CategoryXMLEncryption/Category-sicdXMLEncryptionPolicy PolicyId=″P-XMLEncrypt3DES-RSA-2048″
sicdEncryptionPolicyAlgorithmhttp//www.w3.org/2001/04/xmlenc#/sicdEncryptionPolicyAlgorithm
sicdEncryptionMethodhttp//www.w3.org/2001/04/xmlenc#3des-cbc/sicdEncryptionMethod
sicdKeySize2048/sicdKeySize
sicdKeyEncryptionMethodhttp//www.w3.org/2001/04/xmlenc#rsa-1_5/sicdKeyEncryptionMethod/sicdXMLEncryptionPolicy/XMLEncryptionAlgorithmTemplate-XMLEncryptionAlgorithmTemplate Name=″AES-128-RSA-2048″ID=″bb587fa0-b980-11d6-b8eb-c40beac518e7″CategoryXMLEncryption/Category-sicdXMLEncryptionPolicy PolicyId=″P-XMLEncryptAES-128-RSA-2048″
sicdEncryptionPolicyAlgorithmhttp//www.w3.org/2001/04/xmlenc#/sicdEncryptionPolicyAlgorithm
sicdEncryptionMethodhttp//www.w3.org/2001/04/xmlenc#aes128-cbc/sicdEncryptionMethod
sicdKeySize2048/sicdKeySize
sicdSymmetryKeySize128/sicdSymmetryKeySize
sicdKeyEncryptionMethodhttp//www.w3.org/2001/04/xmlenc#rsa-1_5/sicdKeyEncryptionMethod/sicdXMLEncryptionPolicy/XMLEncryptionAlgorithmTemplate-XMLEncryptionAlgorithmTemplate Name=″DES-RSA-1024″ID=″bb587fa0-b980-11d6-b8ec-c40beac518e7″CategoryXMLEncryption/Category-sicdXMLEncryptionPolicy PolicyId=″P-XMLEncryptDES-RSA-1024″
sicdEncryptionPolicyAlgorithmhttp//www.w3.org/2001/04/xmlenc#/sicdEncryptionPolicyAlgorithm
sicdEncryptionMethodhttp//www.commerceone.com/security/xmlenc#des/sicdEncryptionMethod
sicdKeySize1024/sicdKeySize
sicdKeyEncryptionMethodhttp//www.w3.org/2001/04/xmlenc#rsa-1_5/sicdKeyEncryptionMethod/sicdXMLEncryptionPolicy/XMLEncryptionAlgorithmTemplate/SecurityAlgorithmTemplates-CommunitySecurityPolicyPreferenceSignMessageHeaderfalse/SignMessageHeaderEncryptCredentialfalse/EncryptCredentialCredentialPreferenceBASIC/CredentialPreference/CommunitySecurityPolicyPreference-SecurityPolicyTemplatePreference Name=″RSA-SHA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e4-c40beac518e7″CategoryXMLSignature/CategoryPreference101/Preference/SecurityPolicyTemplatePreference-SecurityPolicyTemplatePreference Name=″RSA-MD5-EXC14N″ID=″bb587fa0-b980-11d6-b8e5-c40beac518e7″CategoryXMLSignature/CategoryPreference102/Preference/SecurityPolicyTemplatePreference-SecurityPolicyTemplatePreference Name=″DSA-SHA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e6-c40beac518e7″CategoryXMLSignature/CategoryPreference103/Preference
/SecurityPolicyTemplatePreference
-SecurityPolicyTemplatePreference Name=″RSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e7-c40beac518e7″
CategoryXMLSignature/Category
Preference104/Preference
/SecurityPolicyTemplatePreference
-SecurityPolicyTemplatePreference Name=″RSA-MD5-C14N″ID=″bb587fa0-b980-11d6-b8e8-c40beac518e7″
CategoryXMLSignature/Category
Preference105/Preference
/SecurityPolicyTemplatePreference
-SecurityPolicyTemplatePreference Name=″DSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e9-c40beac518e7″
CategoryXMLSignature/Category
Preference106/Preference
/SecurityPolicyTemplatePreference
-SecurityPolicyTemplatePreference Name=″3DES-RSA-2048″ID=″bb587fa0-b980-11d6-b8ea-c40beac518e7″
CategoryXMLEncryption/Category
Preference107/Preference
/SecurityPolicyTemplatePreference
-SecurityPolicyTemplatePreference Name=″AES-128-RSA-2048″ID=″bb587fa0-b980-11d6-b8eb-c40beac518e7″
CategoryXMLEncryption/Category
Preference108/preference
/SecurityPolicyTemplatePreference
-SecurityPolicyTemplatePreference Name=″DES-RSA-1024″ID=″bb587fa0-b980-11d6-b8ec-c40beac518e7″
CategoryXMLEncryption/Category
Preference109/Preference
/SecurityPolicyTemplatePreference
/CommunltySecurityTemplatesPreference
-SAMsgSecurityPolicy
-SAMsgPart PartName=″Order″isOptional=″false″
-PartSignatureAlgCategory
XMLSignatureAlgCategoryXMLSignature/XMLSignatureAlgCategory
/PartSignatureAlgCategory
-PartEncryptionAlgCategory
XMLEncryptionAlgCategoryXMLEncryption/XMLEncryptionAlgCategory
/PartEncryptionAlgCategory
/SAMsgPart
-SAMsgPart PartName=″Image″isOptional=″false″
-PartEncryptionAlgCategory
XMLEncryptionAlgCategoryXMLEncryption/XMLEncryptionAlgCategory
/PartEncryptionAlgCategory/SAMsgPart/SAMsgSecurityPolicy-PublicKeyssicdPartyIDx-ccnscommerceone.comCollaborationParty∷buyParty/sicdPartyID-sicdEncryptionKeyInfo KeyOwner=″OwnerA″
sicdPublicKeyIDBuyerPublicKey/sicdPublicKeyID
-sicdX509Data
sicdX509CertificateLS0tLS1CRUdJTIBDRVJUSUZJQ0FURS0tLS0tTUIJREZEQ0NBZnInQxdJQkFnSUVQT0ZQSVRBTKJna3Foa2IHOXcwQkFRVUZBREI2TVFzd0NRWURWUVFHRXdKVIV6RVZNQk1HQTFVRUNoTU1RMjI0YIdWeVkyVWdUMjVsTVMwd0t3WURWUVFMRXISVWFHbHpJRU5CSUdsekIHWnZjaUIwWIhOMGFXNW5JSEIxY25CdmMyVnpJRzI1YkhreEpUQWpCZ05WQkFNVUhFTnZiVzFsY21ObEIFOXVaU0JVWIhOMEIFTkJJRkp2YjNRZ0I6RXdIaGNOTURJd05URTBNVGMxTxpNM1doY05NRE13TIRFME1UWTFNek0zV2pCb01SZ3dGZ1IEVIFRREV3OUVZWFpwWkNCVVpYTjBJREI3TURJeEVqQVFCZ05WQkFjVENVTjFjR1Z5ZEdsdWJ6RVVNQkIHQTFVRUN4TUxSVzVuYVc1bFpYSnBibWN4RIRBVEJnTIZCQW9UREVOdmJXMWxjbU5sSUU5dVpURUxNQWtHQTFVRUJoTUNWVk13Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQU1JR0pBb0dCQU5nc2pTQkxjcFp2QnVDQ2ITTHR3RGFkaFZEMGNLRXJuQ3M2azg5UEhSUGJSMFdYOHBDUzByZWxIMkcyaDMxNU5vNGkzQVNIdHZhYmdHeIIRVFNiR2EzcWtNYmVLNDZTSGxtTKJOTUp2YUkvMmZVQIBxdkkzejILTVJSTGh3eUhCMEdFNmUvSzdnVGZkSUo0MUJobTZzSmcwYzJqZ041cWt1d3FZQkV4eWN1MUFnTUJBQUdqT0RBMk1DY0dBMVVkRVFRZ01CNkJIRzE1VkdWemRFVnRZV2xzUUdOdmJXMWpaWEpqWIc5dVpTNWpiMjB3Q3dZRFZSMFBCQVFEQWdYZ01BMEdDU3FHU0IIM0RRRUJCUVVBQTRJQkFRQ0UrNEVaUWZYZWpmVnBsbXEzZnFtUjJZSGZhczErcXA0MUg4UWRmNmRESXBIYkZ2OUxocnorYkc2c2hWQIptMVpYVXphaHI6N2Q3Z2U3V0MxR2FZVjFHYIdFTXJMUkZkeXM2c1VIQkZNbHZuNkZPRjNqOHdMY3JuN2FFN3pRMEMwa2U5LzVVNVBHTnIaZWVaUGNLNTIKM0hPdWpzbXUvaENPVW1OOXZVM2M3MHVjMmhRaE96aExJQ0VIQ2VTRDFCd2hEMXNkdXZmNnVOanAzUGp2eUpCakITeDVxY2UwS25oQmxpcDR3ejRNTWxpdEtTdkFXSEIqR1Bvb0w0N01ac3I4N3RLamJHaTgxcWJrQ3hiYIZ1dEIoYmkzZDRnaW1Ockc1RXJ0dUUxNmwvRW9GUkJLU2VRTXd2cFdGUIIIN2YreWtKVGE5ZVRLaWF4R2hOcDR4dnc5LS0tLS1FTkQgQ0VSVEIGSUNBVEUtLS0tLQ==/sicdX509Certificate
/sicdX509Data/sicdEncryption KeyInfosicdKeyTypeUsageSIGNATURE/sicdKeyTypeUsagesicdKeyTypeUsageAUTHENrICATION/sicdKeyTypeUsagesicdKeyAlgorithmRSA/sicdKeyAlgorithmsicdDescriptionString/sicdDescriptionsicdLocationString/sicdLocation/PublicKeys-ConnectorCapability ConnectorName=″x-ccnscup.commerceone.comconnector∷buy″EncryptionCapabilityfalse/EncryptionCapabilitySignatureCapabilitytrue/SignatureCapability/ConnectorCapability-ConnectorCapability ConnectorName=″x-ccnscup.commerceone.comconnector∷centerBuyl″
EncryptionCapabilitytrue/EncryptionCapability
SignatureCapabilityfalse/SignatureCapability
EncryptionPublicKeyPartyx-ccnscommerceone.comCollaborationParty∷buyParty/EncryptionPublicKeyParty/ConnectorCapability-SendingCPSecurityPolicyProfile
AvailableCredentialsBASIC/AvailableCredentials
AvailableCredentialsX509/AvailableCredentials/SendingCPSecurityPolicyProfile-CPSendServicesSecurityPolicy AuthenticateParty=″x-ccnscommerceone.comCollaborationParty∷buyParty″
-SecurityPolicyTemplatePreference Name=″3DES-RSA-2048″
CategoryXMLEncryption/Category
Preference1/Preference
/SecurityPolicyTemplatePreference
-SecurityPolicyTemplatePreference Name=″AES-128-RSA-2048″
CategoryXMLEncryption/Category
Preference2/Preference
/SecurityPolicyTemplatePreference
-SecurityPolicyTemplatePreference Name=″RC2-128-RSA-2048″
CategoryXMLEncryption/Category
Preference3/Preference
/SecurityPolicyTemplatePreference/CPSendServicesSecurityPolicy/SecuritySenderInfo
SecurityReceiverInfo.XML?xml version=″1.0″encoding=″UTF-8″?-!--edited with XML Spy v4.4U(http//www.xmlspy.com)by Symon Chang(Commerce One)---SecurityReceiverInfoxmlns=″publicldcom.commerceoneschemas/contract/helperinfo/v1_0/SecuritySenderReceiverInfo.xsd″xmlnsds=″http//www.w3.org/2000/09/xmldsig#″xmlnssaml=″urnoasisnamestcSAML1.0assertion″xmlnssicd=″publicidcom.commerceoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″xmlnsxsi=″http//www.w3.org/2001/XMLSchema-instance″xsischemaLocation=″publicidcom.commerceoneschemas/contract/helperinfo/v1_0/SecuritySenderReceiverInfo.xsdC\platform\core\main\wse\schema\contract\helperinfo\v1_0\SecuritySenderReceiverInfo.xsd″-CommunitySecurityTemplatesPreference-SecurityAlgorithmTemplates
-XMLSignatureAlgorithmTemplate Name=″DSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e9-c40beac518e7″
CategoryXMLSignature/Category
-sicdXMLDsigPolicy PolicyId=″P-XMLSignatureDSA-SHA1-C14N″
sicdSignaturePolicyAlgorithmhttp//www.w3.org/2000/09/xmldsig#/sicdSignaturePolicyAlgorithm
sicdSignatureAlgorithmSHA1withDSA/sicdSignatureAlgorithm
sicdHashFunctionSHA1/sicdHashFunction
sicdCanonicalizationMethodhttp//www.w3.org/TR/2000/CR-xml-c14n-20001026/sicdCanonicalizationMethod
sicdTransformhttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform/sicdTransform
/sicdXMLDsigPolicy
/XMLSignatureAlgorithmTemplate
-XMLSignatureAlgorithmTemplate Name=″DSA-SHA1-EXC14N″ID=″bbS87fa0-b980-11d6-b8e6-c40beac518e7″
CategoryXMLSignature/Category
-sicdXMLDsigPolicy PolicyId=″P-XMLSignatureDSA-SHA1-EXC14N″
sicdSignaturePolicyAlgorithmhttp//www.w3.org/2000/09/xmldsig#/sicdSignaturePolicyAlgorithm
sicdSignatureAlgorithmSHA1withDSA/sicdSignatureAlgorithm
sicdHashFunctionSHA1/sicdHashFunction
sicdCanonicalizationMethodhttp//www.w3.org/2001/10/xml-exc-c14n#/sicdCanonicalizationMethod
sicdTransformhttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform/sicdTransform/sicdXMLDsigPolicy/XMLSignatureAlgorithmTemplate-XMLSignatureAlgorithmTemplate Name=″RSA-MD5-C14N″ID=″bb587fa0-b980-11d6-b8e8-c40beac518e7″CategoryXMLSignature/Category-sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-MD5-C14N″
sicdSignaturePolicyAlgorithmhttp//www.w3.org/2000/09/xmldsig#/sicdSignaturePolicyAlgorithm
sicdSignatureAlgorithmMD5withRSA/sicdSignatureAlgorithm
sicdHashFunctiorMD5/sicdHashFunction
sicdCanonicalizationMethodhttp//www.w3.org/TR/2000/CR-xml-c14n-20001026/sicdCanonicalizationMethod
sicdTransformhtttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform/sicdTransform/sicdXMLDsigPolicy/XMLSignatureAlgorithmTemplate-XMLSignatureAlgorithmTemplate Name=″RSA-MD5-EXC14N″ID=″bb587fa0-b980-11d6-b8e5-c40beac518e7″CategoryXMLSignature/Category-sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-MD5-EXC14N″
sicdSignaturePolicyAlgorithmhttp//www.w3.org/2000/09/xmldsig#/sicdSignaturePolicyAlgorithm
sicdSignatureAlgorithmMD5withRSA/sicdSignatureAlgorithm
sicdHashFunctionMD5/sicdHashFunction
sicdCanonicalizationMethodhttp//www.w3.org/2001/10/xml-exc-c14n#/sicdCanonicalizationMethod
sicdTransformhttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform/sicdTransform/sicdXMLDsigPolicy/XMLSignatureAlgorithmTemplate-XMLSignatureAlgorithmTemplate Name=″RSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e7-c40beac518e7″CategoryXMLSignature/Category-sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-SHA1-C14N″
sicdSignaturePolicyAlgorithmhttp//www.w3.org/2000/09/xmldsig#/sicdSignaturePolicyAlgorithm
sicdSignatureAlgorithmSHA1withRSA/sicdSignatureAlgorithm
sicdHashFunctiorSHA1/sicdHashFunction
sicdCanonicalizationMethodhttp//www.w3.org/TR/2000/CR-xml-c14n-20001026/sicdCanonicalizationMethod
sicdTransformhttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform/sicdTrarsform/sicdXMLDsigPolicy/XMLSignatureAlgorithmTemplate-XMLSignatureAlgorithmTemplate Name=″RSA-SHA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e4-c40beac518e7″CategoryXMLSignature/Category-sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-SHA1-EXC14N″
sicdSigraturePolicyAlgorithmhttp//www.w3.org/2000/09/xmldsig#/sicdSignaturePolicyAlgorithm
sicdSigmatureAlgorithmSHA1withRSA/sicdSignatureAlgorithm
sicdHashFunctionSHA1/sicdHashFunction
sicdCanonlcalizationMethodhttp//www.w3.org/2001/10/xml-exc-c14n#/sicdCanonicalizationMethod
sicdTransformhttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform/sicdTransform/sicdXMLDsigPolicy/XMLSignatureAlgorithmTemplate-XMLEncryptionAlgorithmTemplate Name=″3DES-RSA-2048″ID=″bb587fa0-b980-11d6-b8ea-c40beac518e7″CategoryXMLEncryption/Category-sicdXMLEncryptionPolicy PolicyId=″P-XMLEncrypt3DES-RSA-2048″
sicdEncryptionPolicyAlgorithmhttp//www.w3.org/2001/04/xmlenc#/sicdEncryptionPolicyAlgorithm
sicdEncryptionMethodhttp//www.w3.org/2001/04/xmlenc#3des-cbc/sicdEncryptionMethod
sicdKeySize2048/sicdKeySize
sicdKeyEncryptionMethodhttp//www.w3.org/2001/04/xmlenc#rsa-1_5/sicdKeyEncryptionMethod/sicdXMLEncryptionPolicy/XMLEncryptionAlgorithmTemplate-XMLEncryptionAlgorithmTemplate Name=″AES-128-RSA-2048″ID=″bb587fa0-b980-11d6-b8eb-c40beac518e7″
CategoryXMLEncryption/Category
-sicdXMLEncryptionPolicy PolicyId=″P-XMLEncryptAES-128-RSA-2048″
sicdEncryptionPolicyAlgorithmhttp//www.w3.org/2001/04/xmlenc#/sicdEncryptionPolicyAlgorithm
sicdEncryptionMethodhttp//www.w3.org/2001/04/xmlenc#aes128-cbc/sicdEncryptionMethod
sicdKeySize2048/sicdKeySize
sicdSymmetryKeySize128/sicdSymmetryKeySize
sicdKeyEncryptionMethodhttp//www.w3.org/2001/04/xmlenc#rsa-1_5/sicdKeyEncryptionMethod
/sicdXMLEncryptionPolicy/XMLEncryptlonAlgorithmTemplate-XMLEncryptionAlgorithmTemplate Name=″DES-RSA-1024″ID=″bb587fa0-b980-11d6-b8ec-c40beac518e7″
CategoryXMLEncryption/Category
-sicdXMLEncryptionPolicy PolicyId=″P-XMLEncryptDES-RSA-1024″
sicdEncryptionPolicyAlgorithmhttp//www.w3.org/2001/04/xmlenc#/sicdEncryptionPolicyAlgorithm
sicdEncryptionMethodhttp//www.commerceone.com/security/xmlenc#des/sicdEncryptionMethod
sicdKeySize1024/sicdKeySize
sicdKeyEncryptionMethodhttp//www.w3.org/2001/04/xmlenc#rsa-1_5/sicdKeyEncryptionMethod
/sicdXMLEncryptionPolicy/XMLEncryptionAlgorithmTemplate/SecurityAlgorithmTemplates-CommunitySecurityPolicyPreferenceSignMessageHeaderfalse/SignMessageHeaderEncryptCredentialfalse/EncryptCredentialCredentialPreferenceBASIC/CredentialPreference/CommunitySecurityPolicyPreference-SecurityPolicyTemplatePreference Name=″RSA-SHA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e4-c40beac518e7″CategoryXMLSignature/CategoryPreference101/Preference/SecurityPolicyTemplatePreference-SecurityPolicyTemplatePreference Name=″RSA-MD5-EXC14N″ID=″bb587fa0-b980-11d6-b8e5-c40beac518e7″CategoryXMLSignature/CategoryPreference102/Preference/SecurityPolicyTemplatePreference-SecurityPolicyTemplatePreference Name=″DSA-SHA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e6-c40beac518e7″CategoryXMLSignature/CategoryPreference103/Preference/SecurityPolicyTemplatePreference
-SecurityPolicyTemplatePreference Name=″RSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e7-c40beac518e7″
CategoryXMLSignature/Category
Preference104/Preference
/SecurityPolicyTemplatePreference
-SecurityPolicyTemplatePreference Name=″RSA-MD5-C14N″ID=″bb587fa0-b980-11d6-b8e8-c40beac518e7″
CategoryXMLSignature/Category
Preference105/Preference
/SacurityPolicyTemplatePreference
-SecurityPolicyTemplatePreference Name=″DSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e9-c40beac518e7″
CategoryXMLSignature/Category
Preference106/Preference
/SecurityPolicyTemplatePreference
-SecurityPolicyTemplatePreference Name=″3DES-RSA-2048″ID=″bb587fa0-b980-11d6-b8ea-c40beac518e7″
CategoryXMLEncryption/Category
Preference107/Preference
/SecurityPolicyTemplatePreference
-SecurityPolicyTemplatePreference Name=″AES-128-RSA-2048″ID=″bb587fa0-b980-11d6-b8eb-c40beac518e7″
CategoryXMLEncryption/Category
Preference108/Preference
/SecurityPolicyTemplatePreference
-SecurityPolicyTemplatePreference Name=″DES-RSA-1024″ID=″bb587fa0-b980-11d6-b8ac-c40beac518e7″
CategoryXMLEncryption/Category
Preference109/Preference
/SecurityPolicyTemplatePreference
/CommunitySecurityTemplatesPreference
-SAMsgSecurityPolicy
-SAMsgPart PartName=″Order″isOptional=″false″
-PartSignatureAlgCategory
XMLSignatureAlgCategoryXMLSignature/XMLSignatureAlgCategory
/PartSignatureAlgCategory
-PartEncryptionAlgCategory
XMLEncryptionAlgCategoryXMLEncryption/XMLEncryptionAlgCategory
/PartEncryptionAlgCategory
/SAMsgPart-SAMsgPart PartName=″Image″isOptional=″false″
-PartEncryptionAlgCategory
XMLEncryptionAlgCategoryXMLEncryption/XMLEncryptionAlgCategory
/PartEncryptionAlgCategory/SAMsgPart/SAMsgSecurityPolicy-PublicKeyssicdPartyIDx-ccnscommerceone.comCollaborationParty∷sellParty/sicdPartyID-sicdEncryptionKeyInfo KeyOwner=″x-ccnscommerceore.comCollaborationParty∷sellParty″
sicdpublicKeyIDDefaultTestCert/sicdPublicKeyID
-sicdX509Data
sicdX509CertificateLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tTUIJREZEQ0NBZnInQXdJQkFnSUVQT0ZQSVRBTKJna3Foa2IHOXcwQkFRVUZBREI2TVFzd0NRWURWUVFHRXdKVIV6RVZNQk1HQTFVRUNoTU1RMjI0YIdWeVkyVWdUMjVsTVMwd0t3WURWUVFMRXISVWFHbHpJRU5CSUdsekIHWnZjaUIwWIhOMGFXNW5JSEIxY25CdmMyVnpJRzI1YkhreEpUQWpCZ05WQkFNVUhFTnZiVzFsY21ObEIFOXVaU0JVWIhOMEIFTkJJRkp2YjNRZ0I6RXdIaGNOTURJd05URTBNVGMxTXpNM1doY05NRE13TIRFME1UWTFNek0zV2pCb01SZ3dGZ1IEVIFRREV3OUVZWFpwWkNCVVpYTjBJREI3TURJeEVqQVFCZ05WQkFjVENVTjFjR1Z5ZEdsdWJ6RVVNQkIHQTFVRUN4TUxSVzVuYVc1bFpYSnBibWN4RIRBVEJnTIZCQW9UREVOdmJXMWxjbU5sSUU5dVpURUxNQWtHQTFVRUJoTUNWVk13Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQU1JR0pBb0dCQU5nc2pTQkxjcFp2QnVDQ2ITTHR3RGFkaFZEMGNLRXJuQ3M2azg5UEhSUGJSMFdYOHBDUzByZwxIMkcyaDMxNU5vNGkzQVNIdHZhYmdHeIIRVFNiR2EzcWtNYmVLNDZTSGxtTkJOTUp2YUkvMmZVQIBxdkkzejILTVJSTGh3eUhCMEdFNmUvSzdnVGZkSUo0MUJobTZzSmcwYzJqZ041cWt1d3FZQkV4eWN1MUFnTUJBQUdqT0RBMk1DY0dBMVVkRVFRZ01CNkJIRzE1VkdWemRFVnRZV2xzUUdOdmJXMWpaWEpqWIc5dVpTNWpiMjB3Q3dZRFZSMFBCQVFEQWdYZ01BMEdDU3FHU0IiM0RRRUJCUVVBQTRJQkFRQ0UrNEVaUWZYZWpmVnBsbXEzZnFtujJZSGZhczErcXA0MUg4UWRmNmRESXBiYkZ2OUxocnorYkc2c2hWQIptMVpYVXphaHI6N2Q3Z2U3V0MxR2FZVjFHYIdFTXJMUkZkeXM2c1VIQkZNbHZuNkZPRjNqOHdMY3JuN2FFN3pRMEMwa2U5LzVVNVBHTnIaZWVaUGNLNTIKM0hPdWpzbXUvaENPVW1OOXZVM2M3MHVjMmhRaE96aExJQ0VIQ2VTRDFCd2hEMXNkdXZmNnVOanAzUGp2eUpCakITeDVxY2UwS25oQmxpcDR3ejRNTWxpdEtTdkFXSEIqR1Bvb0w0N01ac3I4N3RLamJHaTgxcWJrQ3hiYIZ1dEIoYmkzZDRnaW1Ockc1RXJ0dUUxNmwvRW9GUkJLU2VRTXd2cFdGUIIIN2YreWtKVGE5ZVRLaWF4R2hOcDR4dnc5LS0tLS1FTkQgQ0VSVEIGSUNBVEUtLS0tLQ==/sicdX509Certificate
/sicdX509Data/sicdEncryptionKeyInfosicdKeyTypeUsageENCRYPTION/sicdKeyTypeUsagesicdKeyTypeUsageSIGNATURE/sicdKeyTypeUsagesicdKeyTypeUsageAUTHENTICATION/sicdKeyTypeUsage/PublicKeys-PublicKeys
sicdPartyIDPartyBSeller/sicdPartyID-sicdEncryptionKeyInfo KeyOwner=″PartyBSeller″
sicdPubllcKeyIDRKeyA/sicdPublicKeyID
-sicdX509Data
sicdX509CertificateLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tTUIJREZEQ0NBZnInQXdJQkFnSUVQT0ZQSVRBTkJna3Foa2IHOXcwQkFRVUZBREI2TVFzd0NRWURWUVFHRXdKVIV6RVZNQk1HQTFVRUNoTU1RMjI0YIdWeVkyVWdUMjVsTVMwd0t3WURWUVFMRXISVWFHbHpJRU5CSUdsekIHWnZjaUIwWIhOMGFXNW5JSEIxY25CdmMyVnpJRzI1YkhreEpUQWpCZ05WQkFNVUhFTnZiVzFsY21ObEIFOXVaU0JVWIhOMEIFTKJJRkp2YjNRZ0I6RXdIaGNOTURJd05URTBNVGMxTXpNM1doY05NRE13TIRFME1UWTFNek0zV2pCb01SZ3dGZ1IEVIFRREV3OUVZWFpwWkNCVVpYTjBJREI3TURJeEVqQVFCZ05WQkFjVENVTjFjR1Z5ZEdsdWJ6RVVNQkIHQTFVRUN4TUxSVzVuYVc1bFpYSnBIbWN4RIRBVEJnTIZCQW9UREVOdmJXMWxjbU5sSUU5dVpURUxNQWtHQTFVRUJoTUNWVk13Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQU1JR0pBb0dCQU5nc2pTQkxjcFp2QnVDQ2ITTHR3RGFkaFZEMGNLRXJuQ3M2azg5UEhSUGJSMFdYOHBDUzByZWxIMkcyaDMxNU5vNGkzQVNidHZhYmdHeIIRVFNiR2EzcWtNYmVLNDZTSGxtTKJOTUp2YUkvMmZVQiBxdkkzejILTVJSTGh3eUhCMEdFNmUvSzdnVGZkSUo0MUJobTZzSmcwYzJqZ041cWT1d3FZQkV4eWN1MUFnTUJBQUdqT0RBMk1DY0dBMVVkRVFRZ01CNkJIRzE1VkdWemRFVnRZV2xzUUdOdmJXMWpaWEpqWIc5dVpTNWpiMjB3Q3dZRFZSMFBCQVFEQWdYZ01BMEdDU3FHU0IiM0RRRUJCUVVBQTRJQkFRQ0UrNEVaUWZYZWpmVnBsbXEzZnFtUjJZSGZhczErcXA0MUg4UWRmNmRESXBiYkZ2OUxocnorYkc2c2hWQIptMVpYVXphaHI6N2Q3Z2U3V0MxR2FZVjFHYIdFTXJMUkZkeXM2c1VIQKZNbHZuNkZPRjNqOHdMY3JuN2FFN3pRMEMwa2U5LzVVNVBHTnIaZWVaUGNLNTIKM0hPdWpzbXUvaENPVW1OOXZVM2M3MHVjMmhRaE96aExJQ0VIQ2VTRDFCd2hEMXNkdXZmNnVOanAzUGp2eUpCakITeDVxY2UwS25oQmxpcDR3ejRNTWxpdEtTdkFXSEIqR1Bvb0w0N01ac3I4N3RLamJHaTgxcWJrQ3hiYIZ1dEIoYmkzZDRnaW1Ockc1RXJ0dUUxNmwvRW9GUKJLU2VRTXd2cFdGUIIiN2YreWtKVGE5ZVRLaWF4R2hOcDR4dnc5LS0tLS1FTkQgQ0VSVEIGSUNBVEUtLS0tLQ==/sicdX509Certificate
/sicdX509Data/sicdEncryptionKeyInfosicdKeyTypeUsageENCRYPTION/sicdKeyTypeUsagesicdKeyAlgorithmRSA/sicdKeyAlgorithmsicdDescriptionString/sicdDescriptionsicdLocationString/sicdLocation/PublicKeys-PublicKeyssicdPartyIDConnectorB/sicdPartyID-sicdEncryptionKeyInfo KeyOwrer=″BOwner″
sicdPublicKeyIDRKeyB/sicdPublicKeyID
-sicdX509Data
sicdX509CertificateLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tTUIJREZEQ0NBZnInQXdJQkFnSUVQT0ZQSVRBT
kJna3Foa2IHOXcwQkFRVUZBREI2TVFzd0NRWURWUVFHRXdKYIV6RVZNQk1HQTFVRUNoTU1RMjI0YIdWeVkyVWdUMjVsTVMwd0t3WURWUVFMRXISVWFHbHpJRU5CSUdsekIHWnZjaUIwWIhOMGFXNW5JSEIxY25CdmMyVnpJRzI1YkhreEpUQWpCZ05WQkFNVUhFTnZiVzFsY21ObEIFOXVaU0JVWIhOMEIFTkJJRkp2YjNRZ0I6RxdIaGNOTURJd05URTBNVGMxTXpNM1doY05NRE13TIRFME1UWTFNek0zV2pCb01SZ3dGZ1IEVIFRREV3OUVZWFpwWkNCVVpYTjBJREI3TURJeEVqQVFCZ05WQkFjVENVTjFjR1Z5ZEdsdWJ6RVVNQkIHQTFVRUN4TUxSVzVuYVc1bFpYSnBibWN4RIRBVEJnTIZCQW9UREVOdmJXMWxjbU5sSUU5dVpURUxNQWtHQTFVRUJoTUNWVk13Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQU1JR0pBb0dCQU5nc2pTQkxjcFp2QnVDQ2ITTHR3RGFkaFZEMGNLRXJuQ3M2azg5UEhSUGJSMFdYOHBDUzBVZWxIMkcyaDMxNU5vNGkzQVNidHZhYmdHeIIRVFNiR2EzcWtNYmVLNDZTSGxtTkJOTUp2YUkvMmZVQIBxdkkzejILTVJSTGh3eUhCMEdFNmUvSzdnVGZkSUo0MUJobTZzSmcwYzJqZ041cWt1d3FZQkV4eWN1MUFnTUJBQUdqT0RBMk1DY0dBMVVkRVFRZ01CNkJIRzE1VkdWemRFVnRZV2xzUUdOdmJXMWpaWEpqWIc5dVpTNWpiMjB3Q3dZRFZSMFBCQVFEQWdYZ01BMEdDU3FHU0IiM0RRRUJCUVVBQTRJQkFRQ0UrNEVaUWZYZWpmVnBsbXEzZnFtUjJZSGZhczErcXA0MUg4UWRmNmRESXBiYkZ2OUxocnorYkc2c2hWQIptMVpYVXphaHI6N2Q3Z2U3V0MxR2FZVjFHYIdFTXJMUkZkeXM2c1VIQkZNbHZuNkZPRjNqOHdMY3JuN2FFN3pRMEMwa2U5LzVVNVBHTnIaZWVaUGNLNTIKM0hPdWpzbXUvaENPVN1OOXZVM2M3MHVjMmhRaE96aExJQ0VIQ2VTRDFCd2hEMXNkdXZmNnVOanAzUGp2eUpCakITeDVxY2UwS25oQmxpcDR3ejRNTWxpdEtTdkFXSEIqR1Bvb0w0N01ac3I4N3RLamJHaTgxcWJrQ3hiYIZ1dEIoYmkzZDRnaW1Ockc1RXJ0dUUxNmwvRW9GUkJLU2VRTXd2cFdGUIIiN2YreWtKVGE5ZVRLaWF4R2hOcDRR4dnc5LS0tLS1FTkQgQ0VSVEIGSUNBVEUtLS0tLQ==/sicdX509Certificate
/sicdX509Dara/sicdEncryptionKeyInfosicdKeyTypeUsageSIGNATURE/sicdKeyTypeUsagesicdKeyTypeUsageENCRYPTION/sicdKeyTypeUsagesicdKeyAlgorithmRSA/sicdKeyAlgorithmsicdDescriptionString/sicdDescriptionsicdLocationString/sicdLocation/PublicKeys-ConnectorCapability ConnectorName=″x-ccnscup.commerceone.comconnector∷centerSell″EncryptionCapabilitytrue/EncryptionCapabilitySignatureCapabilitytrue/SignatureCapability/ConnectorCapability-ConnectorCapability ConnectorName=″x-ccnscup.commerceone.comconnector∷sell″EncryptionCapabilityfalse/EncryptionCapabilitySignatureCapabilitytrue/SignatureCapability/ConnectorCapability-CPRecvServlcesSecurityPolicy-SecurityPolicyTemplatePreference Name=″3DES-RSA-2048″
CategoryXMLEncryption/Category
Preference1/Preference
/SecurityPollcyTemplatePreference-SecurityPolicyTemplatePreference Name=″RSA-MD5-C14N″
CategoryXMLSignature/Category
Preference2/Preference
/SecurityPolicyTemplatePreference-SecurityPolicyTemplatePreference Name=″RSA-SHA1-C14N″
CategoryXMLSignature/Category
Preference6/Preference
/SecurityPolicyTemplatePreference-SecurityPolicyTemplatePreference Name=″AES-128-RSA-2048″
CategoryXMLEncryption/Category
Preference5/Preference
/SecurityPolicyTemplatePreference-ServiceAuthentication
AcceptedCredentialsX509/AcceptedCredentials
AcceptedCredentialsBASIC/AcceptedCredentials
sicdAuthenticateModeSOURCE/sicdAuthenticateMode
/ServiceAuthentication/CPRecvServicesSecurityPolicy/SecurityReceiverInfo
ComputeSecurityContract.XML?xml version=″1.0″?-prefix_0SecurityContractICDxmlnsprefix_0=″publicidcom.commerceoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″xmlnsxsi=″http//www.w3.org/2001/XMLSchema-instance″
-prefix_0SecurityPolicies
-prefix_0AuthenticationPolicies
-prefix_0X509CredentialPolicy PolicyId=″P-AuthenX.509Source″
prefix_0CredentialPolicyAlgorithmX.509v3/prefix_oCredentialPolicyAlgorithm
prefix_0AuthenticateModeSOURCE/prefix_0AuthenticateMode
/prefix_0X509CredentialPolicy
/prefix_0AuthenticationPolicies
-prefix_0SignaturePolicies
-prefix_0XMLDsigPolicy PolicyId=″P-XMLSignatureRSA-MD5-C14N″
prefix_0SignaturePolicyAlgorithrhttp//www.w3.org/2000/09/xmldsig#/prefix_0SignaturePolicyAlgorithm
prefix_0SignatureAlgorithmMD5withRSA/prefix_0SignatureAlgorithm
prefix_0HashFunctionMD5/prefix_0HashFunction
prefix_0CanonicalizationMethodhttp//www.w3.org/TR/2000/CR-xml-c14n-20001026/prefix_0CanonicalizationMethod
prefix_0Transformhttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform/prefix_0Transform
/prefix_0XMLDsigPolicy/prefix_0SignaturePolicies-prefix_0EncryptionPolicies-prefix_0XMLEncryptionPolicy PolicyId=″P-XMLEncrypt3DES-RSA-2048″
prefix_0EncryptionPolicyAlgorithmhttp//www.w3.org/2001/04/xmlenc#/prefix_0EncryptionPolicyAlgorithm
prefix_0EncryptionMethodhttp//www.w3.org/2001/04/xmlenc#3des-cbc/prefix_0EncryptionMethod
prefix_0KeySize2048/prefix_0KeySize
prefix_0KeyEncryptionMethodhttp//www.w3.org/2001/04/xmlenc#rsa-1_5/prefix_0KeyEncryptionMethod/prefix_0XMLEncryptionPolicy/prefix_0EncryptionPolicies-prefix_0EncryptionKeyInfo KeyOwner=″x-ccnscommerceone.comCollaborationParty∷sellParty″prefix_0PublicKeyIDDefaultTestCert/prefix_0PublicKeyID
-prefix_0X509Data
prefix_0X509CertificateLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tTUIJREZEQ0NBZnInQXdJQkFnSUVQT0ZQSVRBTkJna3Foa2IHOXcwQkFRVUZBREI2TVFzd0NRWURWUVFHRXdKVIV6RVZNQk1HQTFVRUNoTU1RMjI0YIdWeVkyVWdUMjVsTVMwd0t3WURWUVFMRXISVWFHbHpJRU5CSUdsekIHWnZjaUIwWIhOMGFXNW5JSEIxY25CdmMyVnpJRzi1YkhreEpUQWpCZ05WQkFNVUhFTnZiVzFsY21ObEIFOXVaU0JVWIhOMEIFTKJJRkp2YjNRZ0I6RXdIaGNOTURJd05URTBNVGMxTXpNM1doY05NRE13TIRFME1UWTFNek0zV2pCb01SZ3dGZ1IEVIFRREV3OUVZWFpwWkNCVVpYTjBJREI3TURJeEVqQVFCZ05WQkFjVENVTjFjR1Z5ZEdsdWJ6RVVNQkIHQTFVRUN4TUxSVzVuYVc1bFpYSnBibWN4RIRBVEJnTIZCQW9UREVOdmJXMWxjbU5sSUU5dVpURUxNQWtHQTFVRUJoTUNWVk13Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQU1JR0pBb0dcQU5nc2pTQkxjcFp2QnVDQ2ITTHR3RGFkaFZEMGNLRXJuQ3M2azg5UEhSUGJSMFdYOHBDUzByZWxIMkcyaDMxNU5vNGkzQVNIdHZhYmdHeIIRVFNiR2EzcWtNYmVLNDZTSGxtTKJOTUp2YUkvMmZVQIBxdkkzejILTVJSTGh3eUhCMEdFNmUvSzdnVGZkSUo0MUJobTZzSmcwYzJqZ041cWt1d3FZQkV4eWN1MUFnTUJBQUdqT0RBMk1DY0dBMVVkRVFRZ01CNKJIRzE1VkdWemRFVnRZV2xzUUdOdmJXMWpaWEpqWIc5dVpTNWpiMjB3Q3dZRFZSMFBCQVFEQWdYZ0iBMEdDU3FHU0IiM0RRRUJCUVVBQTRJQkFRQ0UrNEVaUWZYZWpmVnBsbXEzZnFtUjJZSGZhczErcXA0MUg4UWRmNmRESXBiYkZ2OUxocnorYkc2c2hWQIptMVpYVXphaHI6N2Q3Z2U3V0MxR2FZVjFHYIdFTXJMUkZkeXM2c1VIQkZNbHZuNkZPRjNqOHdMY3JUN2FFN3pRMEMwa2U5LzVVNVBHTnIaZWVaUGNLNTIKM0hPdWpzbXUvaENPVW1OOXZVM2M3MHVjMmhRaE96aExJQ0VIQ2VTRDFCd2hEMXNkdXZmNnVOanAzUGp2eUpCakITeDVxY2UwS25oQmxpcDR3ejRNTWxpdEtTdkFXSEIqR1Bvb0w0N01ac3I4N3RLamJHaTgxcWJrQ3hiYIZ1dEIoYmkzZDRnaW1Ockc1RXJ0dUUxNmwvRW9GUKJLU2VRTXd2cFdGUIIiN2YreWtKVGE5ZVRLaWF4R2hOcDR4dnc5LS0tLS1FTkQgQ0VSVEIGSUNBVEUtLS0tLQ==/prefix_0X509Certificate
/prefix_0X509Data/prefix_0EncryptionKeyInfo/prefix_0SecurityPolicies-prefix_0SecurityChannel channelId=″CHANNEL1″sourceConnector=″x-ccnscup.commerceone.comconnector∷buy″targetConnector=″x-ccnscup.commerceone.comconnector∷sell″-prefix_0Credential AlgorithmId=″P-AuthenX.509Source″SequenceID=″4″ DelegationFlag=″false″
prefix_0PublicKeyNameBuyerPublicKey/prefix_0PublicKeyName/prefix_0Credential-prefix_0Integrity AlgorithmId=″P-XMLSlgnatureRSA-MD5-C14N″
prefix_0PublicKeyNameKeyOwner=″OwnerA″BuyerpublicKey/prefix_0PublicKeyName
prefix_0MessagePart PartName=″Order″isOptional=″false″/
/prefix_0Integrity/prefix_0SecurityChannel-prefix_0SecurityChannel channelId=″CHANNEL2″sourceConnector=″x-ccnscup.commerceone.comconnector∷centerSell″targetConnector=″x-ccnscup.commerceone.comconnector∷centerSell″-prefix_0Confidential AlgorithmId=″P-XMLEncrypt3DES-RSA-2048″
prefix_0PublicKeyName KeyOwner=″x-ccnscommerceone.comColiaborationParty∷sellParty″DefaultTestCert/prefix_0PublicKeyName
prefix_0MessagePart PartName=″Order″isOptional=″false″/
prefix_0MessagePart PartName=″Image″isOptional=″false″/
/prefix_0Confidential/prefix_0SecurityChannel/prefix_0SecurityContractICD
權利要求
1.一種為至少一個消息在服務之間的交換動態地確定安全選項的方法,該消息含有一個或多個部分,該方法包括為第一和第二服務提供機器可讀安全簡檔,其中,安全簡檔標識各自服務可接受的數個安全要素,所述安全要素包括籤名消息的一個或多個部分的要求;加密消息的一個或多個部分的要求;包括籤名算法和應用於消息的一個或多個部分的與籤名算法有關的一個或多個籤名選項子集;包括加密算法和應用於消息的一個或多個部分的與加密算法有關的一個或多個加密選項子集;與籤名算法一起使用的一個或多個籤名密鑰;與加密算法一起使用的一個或多個加密密鑰;應用於消息的一個或多個部分的至少一個驗證算法;訪問安全簡檔和為各個服務可接受的消息選擇特定的一組安全要素;和服從特定選項集在各個服務之間傳送消息。
2.根據權利要求1所述的方法,其中,安全簡檔保存在第一和第二服務的安全邏輯單元可訪問的登記表中。
3.根據權利要求1所述的方法,其中,一個或多個安全要素通過機器可讀默認安全簡檔中的默認值指定。
4.根據權利要求1所述的方法,其中,籤名的要求應用於消息的各個部分。
5.根據權利要求1所述的方法,其中,籤名的要求應用於整個消息。
6.根據權利要求1所述的方法,其中,加密的要求應用於消息的各個部分。
7.根據權利要求1所述的方法,其中,加密的要求應用於整個消息。
8.根據權利要求1所述的方法,其中,籤名算法應用於整個消息。
9.根據權利要求1所述的方法,其中,加密算法應用於整個消息。
10.根據權利要求1所述的方法,其中,籤名和加密密鑰是非對稱的。
11.根據權利要求1所述的方法,其中,加密密鑰是對稱的。
12.根據權利要求1所述的方法,其中,驗證算法由可信代理在傳送消息之前完成和通過驗證斷言證明。
13.根據權利要求1所述的方法,其中,驗證算法包括由接收消息的服務提交伴隨著消息的證件加以檢查。
14.根據權利要求1所述的方法,其中,安全要素進一步包括至少一個驗證算法的標識以建立發送服務的特權。
15.根據權利要求14所述的方法,其中,授權算法由可信代理在傳送消息之前完成和通過授權斷言證明。
16.根據權利要求14所述的方法,其中,驗證算法包括由接收消息的服務提交伴隨著消息的證件加以檢查。
17.根據權利要求1所述的方法,其中,安全簡檔進一步包括籤名和加密安全要素之間的偏愛的聲明,而選擇特定選項子集考慮到至少一個服務的偏愛。
18.根據權利要求17所述的方法,其中,特定選項子集對應於各個服務可接受和接收消息的服務最優選的選項子集。
19.根據權利要求17所述的方法,其中,特定選項子集對應於各個服務可接受和發送消息的服務最優選的選項子集。
20.根據權利要求17所述的方法,其中,選擇特定選項子集考慮兩個服務的偏愛。
21.根據權利要求17所述的方法,其中,選擇特定選項子集考慮各個服務可接受的安全要素當中的最高安全等級。
22.根據權利要求17所述的方法,其中,選擇特定選項子集考慮各個服務可接受的安全要素當中的最低安全等級。
23.根據權利要求17所述的方法,其中,在籤名或加密消息的一個或多個部分的要求之間選擇考慮至少一個服務的偏愛。
24.根據權利要求17所述的方法,其中,在籤名或加密消息的一個或多個部分的要求之間的選擇對應於各個服務可接受和接收消息的服務最優選的選項子集。
25.根據權利要求17所述的方法,其中,在籤名或加密消息的一個或多個部分的要求之間的選擇對應於各個服務可接受和發送消息的服務最優選的選項子集。
26.根據權利要求17所述的方法,其中,在籤名或加密消息的一個或多個部分的要求之間的選擇考慮兩個服務的偏愛。
27.根據權利要求17所述的方法,其中,在籤名或加密消息的一個或多個部分的要求之間的選擇考慮各個服務可接受的安全要素當中的最高安全等級。
28.根據權利要求17所述的方法,其中,在籤名或加密消息的一個或多個部分的要求之間的選擇考慮各個服務可接受的安全要素當中的最低安全等級。
29.根據權利要求1所述的方法,其中,安全簡檔進一步包括各個服務用來實現籤名和加密的一個或多個資源。
30.根據權利要求17所述的方法,其中,安全簡檔進一步包括各個服務用來實現籤名和加密的一個或多個資源。
31.根據權利要求1所述的方法,其中,安全簡檔進一步包括各個服務用來驗證發送消息的服務的一個或多個資源。
全文摘要
本發明涉及協商和實現兩個或更多個全球資訊網服務之間的安全措施的基於計算機的設備和方法。更具體地說,本發明涉及指定輸入和輸出接口、與輸入一致的安全合同的計算和生成以及按照協商的安全措施的安全實現的設備和方法。在權利要求書、說明書和附圖中描述了本發明的具體方面。
文檔編號G06F15/00GK1695123SQ03825165
公開日2005年11月9日 申請日期2003年8月19日 優先權日2002年9月18日
發明者西蒙·S·Y·常, 約瑟夫·S·桑菲利波, 傑雅拉姆·R·卡西, 克里斯多福·克拉爾 申請人:Jgr阿奎西申公司

同类文章

一種新型多功能組合攝影箱的製作方法

一種新型多功能組合攝影箱的製作方法【專利摘要】本實用新型公開了一種新型多功能組合攝影箱,包括敞開式箱體和前攝影蓋,在箱體頂部設有移動式光源盒,在箱體底部設有LED脫影板,LED脫影板放置在底板上;移動式光源盒包括上蓋,上蓋內設有光源,上蓋部設有磨沙透光片,磨沙透光片將光源封閉在上蓋內;所述LED脫影

壓縮模式圖樣重疊檢測方法與裝置與流程

本發明涉及通信領域,特別涉及一種壓縮模式圖樣重疊檢測方法與裝置。背景技術:在寬帶碼分多址(WCDMA,WidebandCodeDivisionMultipleAccess)系統頻分復用(FDD,FrequencyDivisionDuplex)模式下,為了進行異頻硬切換、FDD到時分復用(TDD,Ti

個性化檯曆的製作方法

專利名稱::個性化檯曆的製作方法技術領域::本實用新型涉及一種檯曆,尤其涉及一種既顯示月曆、又能插入照片的個性化檯曆,屬於生活文化藝術用品領域。背景技術::公知的立式檯曆每頁皆由月曆和畫面兩部分構成,這兩部分都是事先印刷好,固定而不能更換的。畫面或為風景,或為模特、明星。功能單一局限性較大。特別是畫

一種實現縮放的視頻解碼方法

專利名稱:一種實現縮放的視頻解碼方法技術領域:本發明涉及視頻信號處理領域,特別是一種實現縮放的視頻解碼方法。背景技術: Mpeg標準是由運動圖像專家組(Moving Picture Expert Group,MPEG)開發的用於視頻和音頻壓縮的一系列演進的標準。按照Mpeg標準,視頻圖像壓縮編碼後包

基於加熱模壓的纖維增強PBT複合材料成型工藝的製作方法

本發明涉及一種基於加熱模壓的纖維增強pbt複合材料成型工藝。背景技術:熱塑性複合材料與傳統熱固性複合材料相比其具有較好的韌性和抗衝擊性能,此外其還具有可回收利用等優點。熱塑性塑料在液態時流動能力差,使得其與纖維結合浸潤困難。環狀對苯二甲酸丁二醇酯(cbt)是一種環狀預聚物,該材料力學性能差不適合做纖

一種pe滾塑儲槽的製作方法

專利名稱:一種pe滾塑儲槽的製作方法技術領域:一種PE滾塑儲槽一、 技術領域 本實用新型涉及一種PE滾塑儲槽,主要用於化工、染料、醫藥、農藥、冶金、稀土、機械、電子、電力、環保、紡織、釀造、釀造、食品、給水、排水等行業儲存液體使用。二、 背景技術 目前,化工液體耐腐蝕貯運設備,普遍使用傳統的玻璃鋼容

釘的製作方法

專利名稱:釘的製作方法技術領域:本實用新型涉及一種釘,尤其涉及一種可提供方便拔除的鐵(鋼)釘。背景技術:考慮到廢木材回收後再加工利用作業的方便性與安全性,根據環保規定,廢木材的回收是必須將釘於廢木材上的鐵(鋼)釘拔除。如圖1、圖2所示,目前用以釘入木材的鐵(鋼)釘10主要是在一釘體11的一端形成一尖

直流氧噴裝置的製作方法

專利名稱:直流氧噴裝置的製作方法技術領域:本實用新型涉及ー種醫療器械,具體地說是ー種直流氧噴裝置。背景技術:臨床上的放療過程極易造成患者的局部皮膚損傷和炎症,被稱為「放射性皮炎」。目前對於放射性皮炎的主要治療措施是塗抹藥膏,而放射性皮炎患者多伴有局部疼痛,對於止痛,多是通過ロ服或靜脈注射進行止痛治療

新型熱網閥門操作手輪的製作方法

專利名稱:新型熱網閥門操作手輪的製作方法技術領域:新型熱網閥門操作手輪技術領域:本實用新型涉及一種新型熱網閥門操作手輪,屬於機械領域。背景技術::閥門作為流體控制裝置應用廣泛,手輪傳動的閥門使用比例佔90%以上。國家標準中提及手輪所起作用為傳動功能,不作為閥門的運輸、起吊裝置,不承受軸向力。現有閥門

用來自動讀取管狀容器所載識別碼的裝置的製作方法

專利名稱:用來自動讀取管狀容器所載識別碼的裝置的製作方法背景技術:1-本發明所屬領域本發明涉及一種用來自動讀取管狀容器所載識別碼的裝置,其中的管狀容器被放在循環於配送鏈上的文檔匣或託架裝置中。本發明特別適用於,然而並非僅僅專用於,對引入自動分析系統的血液樣本試管之類的自動識別。本發明還涉及專為實現讀