📄 rfc2801.txt
字号:
Network Working Group D. BurdettRequest for Comments: 2801 Commerce OneCategory: Informational April 2000 Internet Open Trading Protocol - IOTP Version 1.0Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.Copyright Notice Copyright (C) The Internet Society (2000). All Rights Reserved.Abstract The Internet Open Trading Protocol (IOTP) provides an interoperable framework for Internet commerce. It is payment system independent and encapsulates payment systems such as SET, Secure Channel Credit/Debit, Mondex, CyberCoin, GeldKarte, etc. IOTP is able to handle cases where such merchant roles as the shopping site, the Payment Handler, the Delivery Handler of goods or services, and the provider of customer support are performed by different parties or by one party.Table of Contents 1. Background .....................................................7 1.1 Commerce on the Internet, a Different Model .................7 1.2 Benefits of IOTP ............................................9 1.3 Baseline IOTP ..............................................10 1.4 Objectives of Document .....................................10 1.5 Scope of Document ..........................................11 1.6 Document Structure .........................................11 1.7 Intended Readership ........................................13 1.7.1 Reading Guidelines ...................................13 2. Introduction ..................................................14 2.1 Trading Roles ..............................................16 2.2 Trading Exchanges ..........................................18 2.2.1 Offer Exchange .......................................19 2.2.2 Payment Exchange .....................................21 2.2.3 Delivery Exchange ....................................24 2.2.4 Authentication Exchange ..............................26 2.3 Scope of Baseline IOTP .....................................28Burdett Informational [Page 1]
RFC 2801 IOTP/1.0 April 2000 3. Protocol Structure ............................................31 3.1 Overview ...................................................32 3.1.1 IOTP Message Structure ...............................32 3.1.2 IOTP Transactions ....................................34 3.2 IOTP Message ...............................................35 3.2.1 XML Document Prolog ..................................37 3.3 Transaction Reference Block ................................37 3.3.1 Transaction Id Component .............................38 3.3.2 Message Id Component .................................39 3.3.3 Related To Component .................................41 3.4 ID Attributes ..............................................42 3.4.1 IOTP Message ID Attribute Definition .................43 3.4.2 Block and Component ID Attribute Definitions .........44 3.4.3 Example of use of ID Attributes ......................46 3.5 Element References .........................................46 3.6 Extending IOTP .............................................48 3.6.1 Extra XML Elements ...................................49 3.6.2 Opaque Embedded Data .................................50 3.7 Packaged Content Element ...................................50 3.7.1 Packaging HTML .......................................52 3.7.2 Packaging XML ........................................53 3.8 Identifying Languages ......................................54 3.9 Secure and Insecure Net Locations ..........................54 3.10 Cancelled Transactions .....................................55 3.10.1 Cancelling Transactions ..............................55 3.10.2 Handling Cancelled Transactions ......................56 4. IOTP Error Handling ...........................................56 4.1 Technical Errors ...........................................57 4.2 Business Errors ............................................57 4.3 Error Depth ................................................58 4.3.1 Transport Level ......................................58 4.3.2 Message Level ........................................58 4.3.3 Block Level ..........................................59 4.4 Idempotency, Processing Sequence, and Message Flow .........61 4.5 Server Role Processing Sequence ............................62 4.5.1 Initiating Transactions ..............................62 4.5.2 Processing Input Messages ............................63 4.5.3 Cancelling a Transaction .............................70 4.5.4 Retransmitting Messages ..............................70 4.6 Client Role Processing Sequence ............................71 4.6.1 Initiating Transactions ..............................71 4.6.2 Processing Input Messages ............................72 4.6.3 Cancelling a Transaction .............................74 4.6.4 Retransmitting Messages ..............................74 5. Security Considerations .......................................74 5.1 Determining whether to use digital signatures ..............74 5.2 Symmetric and Asymmetric Cryptography ......................76 5.3 Data Privacy ...............................................77Burdett Informational [Page 2]
RFC 2801 IOTP/1.0 April 2000 5.4 Payment Protocol Security ..................................77 6. Digital Signatures and IOTP ...................................77 6.1 How IOTP uses Digital Signatures ...........................77 6.1.1 IOTP Signature Example ...............................80 6.1.2 OriginatorInfo and RecipientInfo Elements ............82 6.1.3 Using signatures to Prove Actions Complete Successfully .........................................83 6.2 Checking a Signature is Correctly Calculated ...............84 6.3 Checking a Payment or Delivery can occur ...................85 6.3.1 Check Request Block sent Correct Organisation ........86 6.3.2 Check Correct Components present in Request Block ....91 6.3.3 Check an Action is Authorised ........................91 7. Trading Components ............................................93 7.1 Protocol Options Component .................................96 7.2 Authentication Request Component ...........................97 7.3 Authentication Response Component ..........................98 7.4 Trading Role Information Request Component .................99 7.5 Order Component ...........................................100 7.5.1 Order Description Content ...........................101 7.5.2 OkFrom and OkTo Timestamps ..........................101 7.6 Organisation Component ....................................102 7.6.1 Organisation IDs ....................................104 7.6.2 Trading Role Element ................................105 7.6.3 Contact Information Element .........................108 7.6.4 Person Name Element .................................109 7.6.5 Postal Address Element ..............................110 7.7 Brand List Component ......................................111 7.7.1 Brand Element .......................................113 7.7.2 Protocol Brand Element ..............................115 7.7.3 Protocol Amount Element .............................116 7.7.4 Currency Amount Element .............................117 7.7.5 Pay Protocol Element ................................118 7.8 Brand Selection Component .................................120 7.8.1 Brand Selection Brand Info Element ..................122 7.8.2 Brand Selection Protocol Amount Info Element ........122 7.8.3 Brand Selection Currency Amount Info Element ........123 7.9 Payment Component .........................................123 7.10 Payment Scheme Component ..................................125 7.11 Payment Receipt Component .................................126 7.12 Payment Note Component ....................................128 7.13 Delivery Component ........................................129 7.13.1 Delivery Data Element ...............................130 7.14 Consumer Delivery Data Component ..........................132 7.15 Delivery Note Component ...................................133 7.16 Status Component ..........................................134 7.16.1 Offer Completion Codes ..............................137 7.16.2 Payment Completion Codes ............................138 7.16.3 Delivery Completion Codes ...........................140Burdett Informational [Page 3]
RFC 2801 IOTP/1.0 April 2000 7.16.4 Authentication Completion Codes .....................142 7.16.5 Undefined Completion Codes ..........................144 7.16.6 Transaction Inquiry Completion Codes ................144 7.17 Trading Role Data Component ...............................144 7.17.1 Who Receives a Trading Role Data Component ..........145 7.18 Inquiry Type Component ....................................146 7.19 Signature Component .......................................147 7.19.1 IOTP usage of signature elements and attributes .....148 7.19.2 Offer Response Signature Component ..................150 7.19.3 Payment Receipt Signature Component .................151 7.19.4 Delivery Response Signature Component ...............152 7.19.5 Authentication Request Signature Component ..........152 7.19.6 Authentication Response Signature Component .........153 7.19.7 Inquiry Request Signature Component .................153 7.19.8 Inquiry Response Signature Component ................153 7.19.9 Ping Request Signature Component ....................153 7.19.10 Ping Response Signature Component...................154 7.20 Certificate Component .....................................154 7.20.1 IOTP usage of signature elements and attributes .....154 7.21 Error Component ...........................................154 7.21.1 Error Processing Guidelines .........................157 7.21.2 Error Codes .........................................158 7.21.3 Error Location Element ..............................162 8. Trading Blocks ...............................................163 8.1 Trading Protocol Options Block ............................166 8.2 TPO Selection Block .......................................167 8.3 Offer Response Block ......................................168 8.4 Authentication Request Block ..............................169 8.5 Authentication Response Block .............................170 8.6 Authentication Status Block ...............................171 8.7 Payment Request Block .....................................171 8.8 Payment Exchange Block ....................................173 8.9 Payment Response Block ....................................173 8.10 Delivery Request Block ....................................175 8.11 Delivery Response Block ...................................176 8.12 Inquiry Request Trading Block .............................177 8.13 Inquiry Response Trading Block ............................177 8.14 Ping Request Block ........................................179 8.15 Ping Response Block .......................................179 8.16 Signature Block ...........................................181 8.16.1 Signature Block with Offer Response .................182 8.16.2 Signature Block with Payment Request ................182 8.16.3 Signature Block with Payment Response ...............182 8.16.4 Signature Block with Delivery Request ...............182 8.16.5 Signature Block with Delivery Response ..............182 8.17 Error Block ...............................................183 8.18 Cancel Block ..............................................184 9. Internet Open Trading Protocol Transactions ..................184Burdett Informational [Page 4]
RFC 2801 IOTP/1.0 April 2000 9.1 Authentication and Payment Related IOTP Transactions ......185 9.1.1 Authentication Document Exchange ....................188 9.1.2 Offer Document Exchange .............................194 9.1.3 Payment Document Exchange ...........................203 9.1.4 Delivery Document Exchange ..........................209 9.1.5 Payment and Delivery Document Exchange ..............212 9.1.6 Baseline Authentication IOTP Transaction ............216 9.1.7 Baseline Deposit IOTP Transaction ...................218 9.1.8 Baseline Purchase IOTP Transaction ..................220 9.1.9 Baseline Refund IOTP Transaction ....................222 9.1.10 Baseline Withdrawal IOTP Transaction ................224 9.1.11 Baseline Value Exchange IOTP Transaction ............226 9.1.12 Valid Combinations of Document Exchanges ............230 9.1.13 Combining Authentication Transactions with other Transactions ........................................234 9.2 Infrastructure Transactions ...............................235 9.2.1 Baseline Transaction Status Inquiry IOTP Transaction 235 9.2.2 Baseline Ping IOTP Transaction ......................241 10. Retrieving Logos .............................................244 10.1 Logo Size .................................................245 10.2 Logo Color Depth ..........................................245 10.3 Logo Net Location Examples ................................246 11. Brands .......................................................246 11.1 Brand Definitions and Brand Selection .....................246 11.1.1 Definition of Payment Instrument ....................247 11.1.2 Definition of Brand .................................247 11.1.3 Definition of Dual Brand ............................248 11.1.4 Definition of Promotional Brand .....................248 11.1.5 Identifying Promotional Brands ......................249 11.2 Brand List Examples .......................................251 11.2.1 Simple Credit Card Based Example ....................252 11.2.2 Credit Card Brand List Including Promotional Brands..253 11.2.3 Brand Selection Example .............................254 11.2.4 Complex Electronic Cash Based Brand List ............255 12. IANA Considerations ..........................................257 12.1 Codes Controlled by IANA ..................................257 12.2 Codes not controlled by IANA ..............................263 13. Internet Open Trading Protocol Data Type Definition ..........263 14. Glossary .....................................................277 15. References ...................................................284 16. Author's Address .............................................287 17. Full Copyright Statement .....................................290Burdett Informational [Page 5]
RFC 2801 IOTP/1.0 April 2000Table of Figures Figure 1 IOTP Trading Roles 16 Figure 2 Offer Exchange 19 Figure 3 Payment Exchange 22 Figure 4 Delivery Exchange 25 Figure 5 Authentication Exchange 27 Figure 6 IOTP Message Structure 33 Figure 7 An IOTP Transaction 34 Figure 8 Example use of ID attributes 46 Figure 9 Element References 48 Figure 10 Signature Digests 79 Figure 11 Example use of Signatures for Baseline Purchase 81 Figure 12 Checking a Payment Handler can carry out a Payment 87 Figure 13 Checking a Delivery Handler can carry out a Delivery 90 Figure 14 Trading Components 94 Figure 15 Brand List Element Relationships 113 Figure 16 Trading Blocks 164 Figure 17 Payment and Authentication Message Flow Combinations 187 Figure 18 Authentication Document Exchange 190 Figure 19 Brand Dependent Offer Document Exchange 196 Figure 20 Brand Independent Offer Exchange 198 Figure 21 Payment Document Exchange 204 Figure 22 Delivery Document Exchange 210 Figure 23 Payment and Delivery Document Exchange 214 Figure 24 Baseline Authentication IOTP Transaction 217 Figure 25 Baseline Deposit IOTP Transaction 219⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -