draft-ietf-trade-iotp-v1.0-protocol-01.txt   draft-ietf-trade-iotp-v1.0-protocol-02.txt 
September 1998 TRADE Working Group David Burdett
Expires March 1999
Internet Open Trading Protocol (IOTP) Version 1.0
-------- ---- ------- -------- ------ ------- ---
Donald E. Eastlake 3rd Internet Draft Mondex International
draft-ietf-trade-iotp-v1.0-protocol-02.txt 23 October 1998
Expires: 23 March 1998
Status of This Document Internet Open Trading Protocol - IOTP
Version 1.0
A later version of this draft, file name draft-ietf-trade-iotp-v1.0- Status of this Memo
protocol-01.txt, is intended to become an Informational RFC.
Distribution of this document is unlimited. Comments should be sent
to the TRADE WG mailing list <ietf-trade@eListX.com>.
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet draft. Internet drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas and
and its working groups. Note that other groups may also distribute its working groups. Note that other groups may also distribute working
working documents as Internet-Drafts. information as Internet drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet Drafts are draft documents valid for a maximum of six months
months. Internet-Drafts may be updated, replaced, or obsoleted by and can be updated, replaced or obsoleted by other documents at any
other documents at any time. It is not appropriate to use Internet- time. It is inappropriate to use Internet drafts as reference material
Drafts as reference material or to cite them other than as a or to cite them as other than as "work in progress".
``working draft'' or ``work in progress.''
To view the entire list of current Internet-Drafts, please check the To learn the current status of any Internet draft please check the
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow "lid-abstracts.txt" listing contained in the Internet drafts shadow
Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific munnari.oz.au (Pacific Rim), ftp.ietf.org (US East coast) or
Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). ftp.isi.edu (US West coast). Further information about the IETF can be
found at URL: http://www.ietf.org/
Technical control over the Internet Open Trading Protocol is being Distribution of this document is unlimited. Please send comments to
transfered to the IETF TRADE working group from the OTP Consortium. the TRADE working group at <ietf-trade@lists.elistx.com >, which may
In some cases, the most current version of techncial documents is an be joined by sending a message with subject "subscribe" to <ietf-
OTP Consortium version that has not yet been republished as an RFC trade-request@lists.elistx.com>.
and is available from <http://www.otp.org> web site (which has not
yet been fully updates to indicate the technical switch to the IETF).
In this case, see Discussions of the TRADE working group are archived at
<http://www.otp.org/otp/Home.nsf/f86055a20977be50862564b3004d010a/ http://www.elistx.com/archives/ietf-trade.
42b496239c5956aa8625655a007b1835/$FILE/OTP_Spec_v_0-9-9_ltr.pdf>. It
is intended that that document be published as an later verson of
this internet-draft and then as an Informational RFC.
Abstract Abstract
The Internet Open Trading Protocol (IOTP) provides an interoperable The Internet Open Trading Protocol (IOTP) provides an interoperable
framework for Internet commerce. It is payment system independent framework for Internet commerce. It is payment system independent and
and can encapsulates a variety of payment systems. IOTP is able to encapsulates payment systems such as SET, Mondex, CyberCash, DigiCash,
handle cases where such merchant roles as the shopping site, the GeldKarte, etc. IOTP is able to handle cases where such merchant roles
payment handler, the delivery handler of goods or services, and the as the shopping site, the payment handler, the Delivery Handler of
provider of customer care are performed by different parties or by goods or services, and the provider of customer support are performed
one party. by different parties or by one party.
[This draft is a place holder for an internet-draft version of the
v1.0 starting point for the trade working group.]
Table of Contents Table of Contents
Status of This Document....................................1 Status of this Memo................................................1
Abstract...................................................2 Abstract...........................................................1
Table of Contents..........................................2
1. Place Holder............................................3 1. Background......................................................9
2. Security Considerations.................................3 1.1 Commerce on the Internet _ a Different Model................9
1.2 Benefits of IOTP...........................................10
1.3 Baseline IOTP..............................................12
1.4 Objectives of Document.....................................12
1.5 Purpose....................................................12
1.6 Scope of Document..........................................13
1.7 Document Structure.........................................13
1.8 Intended Readership........................................14
1.8.1 Reading Guidelines ....................................14
1.9 History....................................................15
References.................................................4 2. Introduction...................................................16
Author's Address...........................................4 2.1 Trading Roles..............................................16
Expiration and File Name...................................4 2.2 Trading Exchanges..........................................18
2.2.1 Offer Exchange ........................................19
2.2.2 Payment Exchange ......................................20
2.2.3 Delivery Exchange .....................................23
2.2.4 Authentication Exchange ...............................24
2.3 Scope of Baseline IOTP.....................................25
1. Place Holder 3. Protocol Structure.............................................28
3.1 Overview...................................................29
3.1.1 IOTP Message Structure ................................29
3.1.2 IOTP Transactions .....................................30
3.2 IOTP Message...............................................31
3.2.1 XML Document Prolog ...................................33
3.3 Transaction Reference Block................................33
3.3.1 Transaction Id Component ..............................34
3.3.2 Message Id Component ..................................35
3.3.3 Related To Component ..................................36
3.4 ID Attributes..............................................37
3.4.1 IOTP Message ID Attribute Definition ..................38
3.4.2 Block and Component ID Attribute Definitions ..........39
3.4.3 Example of use of ID Attributes .......................40
3.5 Element References.........................................40
3.6 Brands and Brand Selection.................................42
3.6.1 Definition of Payment Instrument ......................42
3.6.2 Definition of Brand ...................................42
3.6.3 Definition of Dual Brand ..............................43
3.6.4 Definition of Promotional Brand .......................43
3.6.5 Identifying Promotional Brands ........................44
3.7 Extending IOTP.............................................46
3.7.1 Extra XML Elements ....................................46
3.7.2 Opaque Embedded Data ..................................47
3.7.3 User Defined Codes ....................................47
3.8 Packaged Content Element...................................48
3.9 Identifying Languages......................................49
3.10 Secure and Insecure Net Locations.........................50
Technical control over the Internet Open Trading Protocol is being 4. IOTP Error Handling............................................50
transfered to the IETF TRADE working group from the OTP Consortium. 4.1 Technical Errors...........................................51
In some cases, the most current version of technical documents is an 4.2 Business Errors............................................51
OTP Consortium version that has not yet been republished as an RFC 4.3 Error Depth................................................52
and is available from <http://www.otp.org> web site (which has not 4.3.1 Transport Level .......................................52
yet been fully updates to indicate the technical switch to the IETF). 4.3.2 Message Level .........................................52
4.3.3 4Block Level ..........................................53
4.4 Idempotency, Processing Sequence, and Message Flow.........54
4.4.1 Server Role Processing Sequence .......................55
4.4.2 Client Role Processing Sequence .......................59
In this case, see 5. Security Considerations........................................64
<http://www.otp.org/otp/Home.nsf/f86055a20977be50862564b3004d010a/ 5.1 Digital Signatures and IOTP................................64
42b496239c5956aa8625655a007b1835/$FILE/OTP_Spec_v_0-9-9_ltr.pdf>. It 5.1.1 IOTP Signature Example ................................65
is intended that that document be appropriately reformated / edited 5.1.2 SignerOrgRef and VerifierOrgRef Attributes ............66
and published as an later verson of this internet-draft and then as 5.1.3 Symmetric and Asymmetric Cryptography .................67
an Informational RFC. 5.1.4 Mandatory and Optional Signatures .....................67
5.1.5 Using signatures to Prove Actions Complete Successfully68
5.2 Checking a Signature is Correctly Calculated...............68
5.3 Checking a Payment or Delivery can occur...................69
5.3.1 Check the Action Request was sent to the Correct
Organisation ................................................69
5.3.2 Check the Correct Components are present in the Request
Block .......................................................73
5.3.3 Check an Action is Authorised .........................73
5.4 Data Integrity and Privacy.................................74
2. Security Considerations 6. Trading Components.............................................75
6.1 Protocol Options Component.................................76
6.2 Authentication Data Component..............................77
6.3 Authentication Response Component..........................79
6.4 Order Component............................................80
6.4.1 Order Description Content .............................81
6.4.2 OkFrom and OkTo Timestamps ............................82
6.5 Organisation Component.....................................82
6.5.2 Trading Role Element ..................................85
6.5.3 Contact Information Element ...........................87
6.5.4 Person Name Element ...................................87
6.5.5 Postal Address Element ................................88
6.6 Brand List Component.......................................89
6.6.1 Brand Element .........................................91
6.6.2 Protocol Amount Element ...............................94
6.6.3 Currency Amount Element ...............................95
6.6.4 Pay Protocol Element ..................................96
6.7 Brand Selection Component..................................98
6.7.1 Brand Selection Brand Info Element ....................99
6.7.2 Brand Selection Protocol Amount Info Element .........100
6.7.3 Brand Selection Currency Amount Info Element .........100
6.8 Payment Component.........................................101
6.9 Payment Scheme Component..................................102
6.10 Payment Receipt Component................................104
6.11 Payment Note Component...................................105
6.12 Delivery Component.......................................106
6.12.1 Delivery Data Element ...............................108
6.13 Delivery Note Component..................................110
6.14 Payment Method Information Component.....................111
6.15 Status Component.........................................112
6.16 Trading Role Data Component..............................117
6.16.1 Who Receives a Trading Role Data Component ..........118
6.17 Inquiry Type Component...................................118
6.18 Signature Component......................................119
6.18.1 Offer Response Signature Component ..................119
6.18.2 Payment Receipt Signature Component .................120
6.18.3 Ping Signature Components ...........................120
6.19 Error Component..........................................121
6.19.1 Error Processing Guidelines .........................123
6.19.2 Error Codes .........................................124
6.19.3 Error Location Element ..............................127
Security of Internet Open Trade Protocol messages is primarily 7. Trading Blocks................................................128
dependent on signatures within IOTP as described in [v0.9.9]. 7.1 Trading Protocol Options Block............................130
7.2 TPO Selection Block.......................................131
7.3 Offer Response Block......................................132
7.4 Authentication Request Block..............................133
7.5 Authentication Response Block.............................134
7.6 Payment Request Block.....................................134
7.7 Payment Exchange Block....................................136
7.8 Payment Response Block....................................136
7.9 Delivery Request Block....................................137
7.10 Delivery Response Block..................................138
7.11 Payment Instrument Customer Care Request Block...........139
7.12 Payment Instrument Customer Care Exchange Block..........140
7.13 Payment Instrument Customer Care Response Block..........140
7.14 Inquiry Request Trading Block............................141
7.15 Inquiry Response Trading Block...........................141
7.16 Ping Request Block.......................................142
7.17 Ping Response Block......................................143
7.18 Signature Block..........................................144
7.18.1 Offer Response ......................................145
7.18.2 Payment Request .....................................145
7.18.3 Payment Response ....................................145
7.18.4 Delivery Request ....................................145
7.19 Error Block..............................................146
Note that the security of payment protocols transported by IOTP is 8. Open Trading Protocol Transactions............................147
the responsibility of those payment protocols. 8.1 Baseline Authentication IOTP Transaction..................147
8.1.1 Trading Protocol Options Block .......................150
8.1.2 Authentication Request Block .........................150
8.1.3 Signature Block (Authentication Request) .............150
8.1.4 Authentication Response Block ........................150
8.1.5 Signature Block (Authentication Response) ............150
8.2 Baseline Deposit IOTP Transaction.........................151
8.2.1 Baseline Deposit Variations ..........................152
8.2.2 Baseline Deposit Authentication ......................152
8.2.3 Baseline Deposit Payment Messages ....................154
8.2.4 TPO (Trading Protocol Options) Block .................155
8.2.5 TPO Selection Block ..................................156
8.2.6 Authentication Request Block .........................156
8.2.7 Authentication Response Block ........................156
8.2.8 Offer Response Block .................................156
8.2.9 Signature Block (Offer Response) .....................157
8.2.10 Payment Request Block ...............................157
8.2.11 Signature Block (Payment Request) ...................158
8.2.12 Payment Exchange Block ..............................158
8.2.13 Payment Response Block ..............................158
8.2.14 Signature Block (Payment Response) ..................158
8.3 Baseline Purchase IOTP Transaction........................159
8.3.1 Baseline Purchase Variations .........................159
8.3.2 TPO (Trading Protocol Options) Block .................167
8.3.3 TPO Selection Block ..................................167
8.3.4 Offer Response Block .................................167
8.3.5 Signature Block (Offer Response) .....................168
8.3.6 Payment Request Block ................................169
8.3.7 Signature Block (Payment Request) ....................169
8.3.8 Payment Exchange Block ...............................169
8.3.9 Payment Response Block ...............................169
8.3.10 Signature Block (Payment Response) ..................170
8.3.11 Delivery Request Block ..............................170
8.3.12 Signature Block (Delivery Request) ..................171
8.3.13 Delivery Response Block .............................171
8.4 Baseline Refund IOTP Transaction..........................171
8.4.1 Baseline Refund Variations ...........................172
8.4.2 Baseline Refund Authentication .......................172
8.4.3 Baseline Refund Payment Messages .....................174
8.4.4 TPO (Trading Protocol Options) Block .................175
8.4.5 TPO Selection Block ..................................175
8.4.6 Authentication Request Block .........................176
8.4.7 Authentication Response Block ........................176
8.4.8 Offer Response Block .................................176
8.4.9 Signature Block (Offer Response) .....................176
8.4.10 Payment Request Block ...............................177
8.4.11 Signature Block (Payment Request) ...................177
8.4.12 Payment Exchange Block ..............................177
8.4.13 Payment Response Block ..............................178
8.4.14 Signature Block (Payment Response) ..................178
8.5 Baseline Withdrawal IOTP Transaction......................178
8.5.1 Baseline Withdrawal Variations .......................179
8.5.2 Baseline Withdrawal Authentication ...................179
8.5.3 Baseline Withdrawal Payment Messages .................182
8.5.4 TPO (Trading Protocol Options) Block .................183
8.5.5 TPO Selection Block ..................................183
8.5.6 Authentication Request Block .........................183
8.5.7 Authentication Response Block ........................184
8.5.8 Offer Response Block .................................184
8.5.9 Signature Block (Offer Response) .....................184
8.5.10 Payment Request Block ...............................185
8.5.11 Signature Block (Payment Request) ...................185
8.5.12 Payment Exchange Block ..............................185
8.5.13 Payment Response Block ..............................186
8.5.14 Signature Block (Payment Response) ..................186
8.6 Baseline Value Exchange IOTP Transaction..................186
8.6.1 Baseline Value Exchange Variations ...................187
8.6.2 PO (Trading Protocol Options) Block ..................191
8.6.3 TPO Selection Block ..................................192
8.6.4 Offer Response Block .................................192
8.6.5 Signature Block (Offer Response) .....................192
8.6.6 Payment Request Block (first payment) ................193
8.6.7 Signature Block (Payment Request - first payment) ....194
8.6.8 Payment Exchange Block (first payment) ...............194
8.6.9 Payment Response Block (first payment) ...............194
8.6.10 Signature Block (Payment Response - first payment) ..195
8.6.11 Payment Request Block (second payment) ..............195
8.6.12 Signature Block (Payment Request - second payment) ..196
8.6.13 Payment Exchange Block (second payment) .............196
8.6.14 Payment Response Block (second payment) .............196
8.6.15 Signature Block (Payment Response - second payment) .197
8.6.16 Baseline Value Exchange Signatures ..................197
8.7 Payment Instrument Customer Care IOTP Transaction.........198
8.7.1 Payment Instrument Customer Care Request Block .......200
8.7.2 Payment Instrument Customer Care Exchange Block ......200
8.7.3 Payment Instrument Customer Care Response Block ......200
8.7.4 Signature Block ......................................200
8.8 Baseline Transaction Status Inquiry IOTP Transaction......201
8.8.1 Which Trading Roles can receive Inquiry Requests .....201
8.8.2 Transaction Status Inquiry Transport Session .........201
8.8.3 Transaction Status Inquiry Error Handling ............202
8.8.4 Inquiry Transaction Messages .........................202
8.8.5 Transaction Reference Block ..........................203
8.8.6 Inquiry Request Block ................................203
8.8.7 Inquiry Response Block ...............................203
8.9 Baseline Ping IOTP Transaction............................204
8.9.1 Ping Messages ........................................204
8.9.2 Transaction Reference Block ..........................205
8.9.3 Ping Request Block ...................................205
8.9.4 Signature Block (Ping Request) .......................206
8.9.5 Ping Response Block ..................................206
8.9.6 Signature Block (Ping Response) ......................206
References 9. Retrieving Logos..............................................206
9.1 Logo Size.................................................207
9.2 Logo Color Depth..........................................207
9.3 Logo Net Location Examples................................208
v0.9.9 - David Burdett, "Internet Open Trading Protocol, Version 10. Brand List Examples..........................................208
0.9.9", OTP Consortium, 17 August 1998. 10.1 Simple Credit Card Based Example.........................208
10.2 Credit Card Brand List Including Promotional Brands......209
10.3 Brand Selection Example..................................211
10.4 Complex Electronic Cash Based Brand List.................211
11. XML Overview.................................................213
11.1 Document Definition......................................214
11.2 Element Declaration......................................214
11.2.1 Example 1 ...........................................215
11.2.2 Example 2 ...........................................215
11.2.3 Example 3 ...........................................215
11.2.4 Data Types used in element declarations .............216
11.3 Attribute declarations...................................216
11.3.1 Declared value ......................................216
11.3.2 Default value .......................................217
Author's Address 12. Open Trading Protocol Data Type Definition...................218
Donald E. Eastlake 3rd 13. Glossary.....................................................229
IBM
318 Acton Street
Carlisle, MA 01741 USA
Telephone: +1 978 287 4877 14. Copyrights...................................................232
+1 914 784-7913
FAX: +1 978 371 7148
email: dee3@us.ibm.com
Expiration and File Name 15. References...................................................233
This draft expires December 1998. 16. Author's Address.............................................235
Table of Figures
Its file name is draft-ietf-trade-iotp-v1.0-protocol-01.txt. Figure 1 IOTP Trading Roles ......................................17
Figure 2 Offer Exchange ..........................................19
Figure 3 Payment Exchange ........................................21
Figure 4 Delivery Exchange .......................................24
Figure 5 Authentication Exchange .................................25
Figure 6 IOTP Message Structure ..................................29
Figure 7 An IOTP Transaction .....................................30
Figure 8 Example use of ID attributes ............................40
Figure 9 Element References ......................................41
Figure 10 Server Role Processing Sequence ........................56
Figure 11 Client Role Processing Sequence ........................61
Figure 12 Signature Hashing ......................................65
Figure 13 Example use of Signatures for Baseline Purchase ........66
Figure 14 Checking a Payment Handler can carry out a Payment .....70
Figure 15 Checking a Delivery Handler can carry out a Delivery ...72
Figure 16 Trading Components .....................................75
Figure 17 Brand List Element Relationships .......................91
Figure 18 Trading Blocks ........................................129
Figure 19 Baseline Authentication ...............................149
Figure 20 Baseline Deposit with Authentication ..................153
Figure 21 Baseline Deposit without Authentication ...............154
Figure 22 Baseline Deposit Payment Messages .....................155
Figure 23 Brand Dependent Baseline Purchase .....................161
Figure 24 Brand Independent Baseline Purchase ...................162
Figure 25 Baseline Purchase, Delivery Response Block and Payment
Response Blocks Not Combined .................................163
Figure 26 Baseline Purchase, Delivery Response Block and Payment
Response Block Combined ......................................164
Figure 27 Baseline Purchase, Purchase without Delivery Exchange .166
Figure 28 Baseline Purchase Variations ..........................167
Figure 29 Baseline Refund with Authentication ...................173
Figure 30 Baseline Refund without Authentication ................174
Figure 31 Baseline Refund Payment Messages ......................175
Figure 32 Baseline Withdrawal with Authentication ...............180
Figure 33 Baseline Withdrawal without Authentication ............181
Figure 34 Baseline Withdrawal Payment Messages ..................183
Figure 35 Brand Dependent Value Exchange ........................189
Figure 36 Brand Independent Value Exchange ......................189
Figure 37 Baseline Value Exchange Payment Messages ..............191
Figure 38 Baseline Value Exchange Signatures ....................198
Figure 39 IOTP Payment Instrument Customer Care Transaction Message
Flows ........................................................200
Figure 40 Baseline Transaction Status Inquiry ...................203
Figure 41 Baseline Ping Messages ................................204
1. Background
The Internet Open Trading Protocol (IOTP) provides an interoperable
framework for Internet commerce. It is payment system independent and
encapsulates payment systems such as SET, Mondex, CyberCash, DigiCash,
GeldKarte, etc. IOTP is able to handle cases where such merchant roles
as the shopping site, the payment handler, the Delivery Handler of
goods or services, and the provider of customer support are performed
by different parties or by one party.
The developers of IOTP seek to provide a virtual capability that
safely replicates the real world, the paper based, traditional,
understood, accepted methods of trading, buying, selling, value
exchanging that has existed for many hundreds of years. The
negotiation of who will be the parties to the trade, how it will be
conducted, the presentment of an offer, the method of payment, the
provision of a payment receipt, the delivery of goods and the receipt
of goods. These are events that are taken for granted in the course of
real world trade. IOTP has been produced to provide the same for the
virtual world, and to prepare and provide for the introduction of new
models of trading made possible by the expanding presence of the
virtual world.
The other fundamental ideal of the IOTP effort is to produce a
definition of these trading events in such a way that no matter where
produced, two unfamiliar parties using electronic commerce
capabilities to buy and sell that conform to the IOTP specifications
will be able to complete the business safely and successfully.
In summary, IOTP supports:
o Familiar trading models
o New trading models
o Global interoperability
The remainder of this section provides background to why IOTP was
developed. The specification itself starts in the next chapter.
1.1 Commerce on the Internet _ a Different Model
The growth of the Internet and the advent of electronic commerce are
bringing about enormous changes around the world in society, politics
and government, and in business. The ways in which trading partners
communicate, conduct commerce, are governed have been enriched and
changed forever.
One of the very fundamental changes about which IOTP is concerned is
taking place in the way consumers and merchants trade. Characteristics
of trading that have changed markedly include:
o Presence: Face-to-face transactions become the exception, not
the rule. Already with the rise of mail order and telephone
order placement this change has been felt in western commerce.
Electronic commerce over the Internet will further expand the
scope and volume of transactions conducted without ever seeing
the people who are a part of the enterprise with whom one does
business.
o Authentication: An important part of personal presence is the
ability of the parties to use familiar objects and dialogue to
confirm they are who they claim to be. The seller displays one
or several well known financial logos that declaim his ability
to accept widely used credit and debit instruments in the
payment part of a purchase. The buyer brings government or
financial institution identification that assures the seller
she will be paid. People use intangibles such as personal
appearance and conduct, location of the store, apparent
quality and familiarity with brands of merchandise, and a good
clear look in the eye to reinforce formal means of
authentication.
o Payment Instruments: Despite the enormous size of bank card
financial payments associations and their members, most of the
world's trade still takes place using the coin of the realm or
barter. The present infrastructure of the payments business
cannot economically support low value transactions and could
not survive under the consequent volumes of transactions if it
did accept low value transactions.
o Transaction Values: New meaning for low value transactions
arises in the Internet where sellers may wish to offer for
example, pages of information for fractions of currency that
do not exist in the real world.
o Delivery: New modes of delivery must be accommodated such as
direct electronic delivery. The means by which receipt is
confirmed and the execution of payment change dramatically
where the goods or services have extremely low delivery cost
but may in fact have very high value. Or, maybe the value is
not high, but once delivery occurs the value is irretrievably
delivered so payment must be final and non-refundable but
delivery nonetheless must still be confirmed before payment.
Incremental delivery such as listening or viewing time or
playing time are other models that operate somewhat
differently in the virtual world.
1.2 Benefits of IOTP
Electronic Commerce Software Vendors
Electronic Commerce Software Vendors will be able to develop e-
commerce products which are more attractive as they will inter-operate
with any other vendors' software. However since IOTP focuses on how
these solutions communicate, there is still plenty of opportunity for
product differentiation.
Payment Brands
IOTP provides a standard framework for encapsulating payment
protocols. This means that it is easier for payment products to be
incorporated into IOTP solutions. As a result the payment brands will
be more widely distributed and available on a wider variety of
platforms.
Merchants
There are several benefits for Merchants:
o they will be able to offer a wider variety of payment brands,
o they can be more certain that the customer will have the
software needed to complete the purchase
o through receiving payment and delivery receipts from their
customers, they will be able to provide customer care knowing
that they are dealing with the individual or organisation with
which they originally traded
o new merchants will be able to enter this new (Internet)
market-place with new products and services, using the new
trading opportunities which IOTP presents
Banks and Financial Institutions
There are also several benefits for Banks and Financial Institutions:
o they will be able to provide IOTP support for merchants
o they will find new opportunities for IOTP related services:
- providing customer care for merchants
- fees from processing new payments and deposits
o they have an opportunity to build relationships with new types
of merchants
Customers
For Customers there are several benefits:
o they will have a larger selection of merchants with whom they
can trade
o there is a more consistent interface when making the purchase
o there are ways in which they can get their problems fixed
through the merchant (rather than the bank!)
o there is a record of their transaction which can be used, for
example, to feed into accounting systems or, potentially, to
present to the tax authorities
1.3 Baseline IOTP
This specification is Baseline IOTP. It is a Baseline in that it
contains ways of doing trades on the Internet which are the most
common. The team working on the IOTP see an extended versions of this
specification being developed as needs demand but at this stage feel a
need to develop a limited function but usable specification in order
that technology providers can develop pathway-pilot products that will
be placed in the market in order to understand the real _market
place_ demands and requirements for electronic trading or electronic
commerce. To proceed otherwise would be presumptuous, time consuming,
expensive and foolish.
Accordingly the IOTP Baseline specification has been produced for
pathway-pilot product development, expecting to transact live trades
to prove the interoperability of solutions based on this specification
by end '98.
During this period it is anticipated that there will be no changes to
the scope of this specification with the only changes made being
limited to corrections where problems are found. Software solutions
have been developed based on earlier versions of this specification
which prove that the basic concepts work.
1.4 Objectives of Document
The objectives of this document are to provide a functional
specification of version 1.0 of the Open Trading Protocols which can
be used to design and implement systems which support electronic
trading on the Internet using the Open Trading Protocols.
An overview of IOTP is provided the IOTP Business Description which
explains the Business Requirements for IOTP.
1.5 Purpose
The purpose of the document is:
o to allow potential developers of products based on the
protocol to start development of software/hardware solutions
which use the protocol
o to allow the financial services industry to understand a
developing electronic commerce trading protocol that
encapsulates (without modification) any of the current or
developing payment schemes now being used or considered by
their merchant customer base
1.6 Scope of Document
The protocol describes the content, format and sequences of messages
that pass among the participants in an electronic trade - consumers,
merchants and banks or other financial institutions, and customer care
providers. These are required to support the electronic commerce
transactions outlined in the objectives above.
The protocol is designed to be applicable to any electronic payment
scheme since it targets the complete purchase process where the
movement of electronic value from the payer to the payee is only one,
but important, step of many that may be involved to complete the
trade.
Payment Scheme which IOTP could support include MasterCard Credit,
Visa Credit, Mondex Cash, Visa Cash, GeldKarte, DigiCash, CyberCoin,
Millicent, Proton etc.
Each payment scheme contains some message flows which are specific to
that scheme. These scheme-specific parts of the protocol are contained
in a set of payment scheme supplements to this specification.
The document does not prescribe the software and processes that will
need to be implemented by each participant. It does describe the
framework necessary for trading to take place.
This document also does not address any legal or regulatory issues
surrounding the implementation of the protocol or the information
systems which use them.
1.7 Document Structure
The document consists of the following sections:
o Section 1 - Background: This section gives a brief background
on electronic commerce and the benefits IOTP offers.
o Section 2 - Introduction: This section describes the various
Trading Exchanges and shows how these trading exchanges are
used to construct the IOTP Transactions. This section also
explains various Trading Roles that would participate in
electronic trade.
o Section 3 - Protocol Structure: This section summarises how
various IOTP transactions are constructed using the Trading
Blocks and Trading Components that are the fundamental
building blocks for IOTP transactions. All IOTP transaction
messages are well formed XML documents.
o Section 4 - IOTP Error Handling: This section describes how to
process exceptions and errors during the protocol message
exchange and trading exchange processing. This section
provides a generic overview of the exception handling. This
section should be read carefully.
o Section 5 - Security Considerations: This section describes
security considerations and digital signatures for the XML
elements exchanged between the Trading Roles.
o Section 6 - Trading Components: This section defines the XML
elements required by Trading Components.
o Section 7 - Trading Blocks: This section describes how Trading
Blocks are constructed from Trading Components.
o Section 8 - Open Trading Protocol Transactions: This section
describes all the IOTP Baseline transactions. It refers to
Trading Blocks and Trading Components and Signatures. This
section doesn't directly link error handling during the
protocol exchanges, the reader is advised to understand Error
Handling as defined in section before reading this section.
o Section 9 - Retrieving Logos: This section describes how IOTP
specific logos can be retrieved.
o Section 10 - Brand List Examples: This section gives some
examples for Brand List.
o Section 11 - XML Overview: This section gives brief
introduction to XML.
o Section 12 - Open Trading Protocol Data Type Definition: This
section contains the XML Data Type Definitions for IOTP.
o Section 12 - Glossary. This describes all the major
terminology used by IOTP.
1.8 Intended Readership
Software and hardware developers; development analysts; business and
technical planners; industry analysts; merchants; bank and other
payment handlers; owners, custodians, and users of payment protocols.
1.8.1 Reading Guidelines
This IOTP specification is structured primarily in a sequence targeted
at people who want to understand the principles of IOTP. However from
practical implementation experience by implementers of earlier of
versions of the protocol new readers who plan to implement IOTP may
prefer to read the document in a different sequence as described
below.
Review the transport independent parts of the specification: This
covers
o Section 12 - Glossary
o Section 1 - Background
o Section 2 - Introduction
o Section 3 - Protocol Structure
o Section 4 - IOTP Error Handling
o Section 8 - Open Trading Protocol Transactions
o Section 10 - Brand List Examples
o Section 4 - IOTP Error Handling
o Section 9 - Retrieving Logos
Review the detailed XML definitions:
o Section 11 - XML Overview (if the reader does not know XML)
o Section 7 - Trading Blocks
o Section 6 - Trading Components
1.9 History
Version 0.1 20 February Initial draft for comment
1997
Version 0.2 14 April 1997 Revised draft including changes
arising from comments
Version 0.2a 24 April 1997 Same as version 0-2 with
typographic corrections
Version 0.3 9 October 1997 Revised draft for comment
including revised encoding
approach using [XML]
Version 0.4 31 October 1997 Published draft for limited public
review by groups working within
IOTP dev
Version 0.9 12 January 1998 Revisions following limited public
review _ draft for public comment
only.
Version 0.9.1 20 May 1998 Revisions following public review
- internal IOTP Consortium review.
Version 0.9.9 17 August 1998 Draft published for submission to
IETF for information.
Version 1.0 23 October 1998 Draft published incorporating
comments received on version
0.9.9.
2. Introduction
The Open Trading Protocols (IOTP) define a number of different types
of IOTP Transactions:
o Purchase. This supports a purchase involving an offer, a
payment and optionally a delivery
o Refund. This supports the refund of a payment as a result of,
typically, an earlier purchase
o Value Exchange. This involves two payments which result in the
exchange of value from one combination of currency and payment
method to another
o Authentication. This supports the remote authentication of a
Consumer by another Trading Role using a variety of
authentication methods, and the provision of an Organisation
Component about a Consumer to another Trading Role for use in,
for example the creation of an offer
o Withdrawal. This supports the withdrawal of electronic cash
from a financial institution
o Deposit. This supports the deposit of electronic cash at a
financial institution
o Payment Instrument Customer Care. This supports the provision
of Payment Brand or Payment Method specific customer care of a
Payment Instrument
o Inquiry This supports inquiries on the status of an IOTP
transaction which is either in progress or is complete
o Ping This supports a simple query which enables one IOTP aware
application to determine whether another IOTP application
running elsewhere is working or not.
These IOTP Transactions are "Baseline" transactions since they have
been identified as a minimum useful set of transactions. Later
versions of IOTP may include additional types of transactions.
Each of the IOTP Transactions above involve:
o a number organisations playing a Trading Role, and
o a set of Trading Exchanges. Each Trading Exchange involves the
exchange of data, between Trading Roles, in the form of a set
of Trading Components.
Trading Roles, Trading Exchanges and Trading Components are described
below.
2.1 Trading Roles
The Trading Roles identify the different parts which organisations can
take in a trade. The five Trading Roles used within IOTP are
illustrated in the diagram below.
Merchant Customer Care Provider resolves ----------
---------------------------------------------->| Merchant |
| Consumer disputes and problems |Cust.Care.|
| | Provider |
| ----------
|
| Payment Handler accepts or makes ----------
| ------------------------------------------>| Payment |
| | Payment for Merchant | Handler |
| | ----------
v v
---------- Consumer makes purchases or obtains ----------
| Consumer |<--------------------------------------->| Merchant |
---------- refund from Merchant ----------
^ ^
| | Delivery Handler supplies goods or ----------
| ------------------------------------------>|Deliverer |
| services for Merchant ----------
|
| ----------
| Payment Instrument Customer Care Provider | Payment |
---------------------------------------------->|Instrument|
resolves problems with Payment Instruments |Cust.Care.|
| Provider |
----------
Figure 1 IOTP Trading Roles
The roles are:
o Consumer. The person or organisation which is to receive and
pay for the goods or services
o Merchant. The person or organisation from whom the purchase is
being made and who is legally responsible for providing the
goods or services and receives the benefit of the payment made
o Payment Handler. The entity that physically receives the
payment from the Consumer on behalf of the Merchant
o Delivery Handler. The entity that physically delivers the
goods or services to the Consumer on behalf of the Merchant.
o Merchant Customer Care Provider. The entity that is involved
with customer dispute negotiation and resolution on behalf of
the Merchant
o Payment Instrument Customer Care Provider. The entity that
resolves problems with a particular Payment Instrument
Roles may be carried out by the same organisation or different
organisations. For example:
o in the simplest case one physical organisation (e.g. a
merchant) could handle the purchase, accept the payment,
deliver the goods and provide merchant customer care
o at the other extreme, a merchant could handle the purchase but
instruct the consumer to pay a bank or financial institution,
request that delivery be made by an overnight courier firm and
to contact an organisation which provides 24x7 service if
problems arise.
Note that in this specification, unless stated to the contrary, when
the words Consumer, Merchant, Payment Handler, Delivery Handler or
Customer Care Provider are used, they refer to the Trading Role rather
than an actual organisation.
An individual organisation may take multiple roles. For example a
company which is selling goods and services on the Internet could take
the role of Merchant when selling goods or services and the role of
Consumer when the company is buying goods or services itself.
As roles occur in different places there is a need for the
organisations involved in the trade to exchange data, i.e. to carry
out Trading Exchanges, so that the trade can be completed.
2.2 Trading Exchanges
The Open Trading Protocols identify four Trading Exchanges which
involve the exchange of data between the Trading Roles. The Trading
Exchanges are:
o Offer. The Offer Exchange results in the Merchant providing
the Consumer with the reason why the trade is taking place. It
is called an Offer since the Consumer must accept the Offer if
a trade is to continue
o Payment. The Payment Exchange results in a payment of some
kind between the Consumer and the Payment Handler. This may
occur in either direction
o Delivery. The Delivery Exchange transmits either the on-line
goods, or delivery information about physical goods from the
Delivery Handler to the Consumer, and
o Authentication. The Authentication Exchange can be used by any
Trading Role to authenticate another Trading Role to check
that they are who they appear to be.
IOTP Transactions are composed of various combinations of these
Trading Exchanges. For example, an IOTP Purchase transaction includes
Offer, Payment, and Delivery Trading Exchanges. As another example,
an IOTP Value Exchange transaction is composed of an Offer Trading
Exchange and two Payment Trading Exchanges.
Trading Exchanges consist of Trading Components that are transmitted
between the various Trading Roles. Where possible, the number of
round-trip delays in an IOTP Transaction is minimised by packing the
Components from several Trading Exchanges into combination IOTP
Messages. For example, the IOTP Purchase transaction combines a
Delivery Organisation Component with an Offer Response Component in
order to avoid an extra Consumer request and response.
Each of the IOTP Trading Exchanges is described in more detail below.
For clarity of description, these describe the Trading Exchanges as
though they were standalone operations. For performance reasons, the
Trading Exchanges are intermingled in the actual IOTP Transaction
definitions.
2.2.1 Offer Exchange
The goal of the Offer Exchange is for the Merchant to provide the
Consumer with information about the trade so that the Consumer can
decide whether to continue with the trade. This is illustrated in the
figure below.
CONSUMER OTP MESSAGE MERCHANT
1. Consumer decides to ----------------------> 2. Merchant checks
pay (request an offer) Information on what is the information
and sends information being purchased (Offer provided by the
on what to purchase to Request) (outside scope Consumer, creates
the Merchant using e.g. of OTP) and Offer and sends
HTML it to the Consumer.
|
v
Components: Organisation(s)
3. Consumer checks the (Consumer, DeliverTo, Merchant,
information from the <---------- Payment Handler, Delivery
Merchant and decides Offer Handler, Cust Care); Order; Pay
whether to continue Response Amount; Delivery; Signature
(Offer Response)(which signs
other components)
Figure 2 Offer Exchange
An Offer Exchange uses the following Trading Components that are
passed between the Consumer and the Merchant:
o the Organisation Component contains information which
describes the organisations which are taking a role in the
trade:
- the consumer provides information, about who the consumer is
and, if goods or services are being delivered, where the goods
or services are to be delivered to
- the merchant augments this information by providing information
about the merchant, the Payment Handler, the customer care
provider and, if goods or services are being delivered, the
Delivery Handler
o the Order Component contains descriptions of the goods or
services which will result from the trade if the consumer
agrees to the offer. This information is sent by the Merchant
to the consumer who should verify it
o the Payment Component generated by the Merchant, contains
details of how much to pay, the currency and the payment
direction, for example the consumer could be asking for a
refund. Note that there may be more than one payment in a
trade
o the Delivery Component, also generated by the Merchant, is
used if goods or services are being delivered. This contains
information about how delivery will occur, for example by post
or using e-mail
o the "Offer Response" Signature Component, if present,
digitally signs all of the above components to ensure their
integrity.
The exact content of the information provided by the Merchant to the
Consumer will vary depending on the type of IOTP Transaction. For
example:
o low value purchases may not need a signature
o the amount to be paid may vary depending on the payment brand
and payment protocol used
o some offers may not involve the delivery of any goods
o a value exchange will involve two payments
o a merchant may not offer customer care.
Information provided by the consumer to the merchant could be provided
using a variety of methods, for example, it could be provided:
o using [HTML] pages as part of the "shopping experience" of the
consumer.
o using the Open Profiling Standard [OPS] which has recently
been proposed,
o in the form of Organisation and Order Components in a later
version of IOTP.
2.2.2 Payment Exchange
The goal of the Payment Exchange is for a payment to be made from the
Consumer to a Payment Handler or vice versa using a payment brand and
payment protocol selected by the Consumer. A secondary goal is to
optionally provide the Consumer with a digitally signed Payment
Receipt which can be used to link the payment to the reason for the
payment as described in the Offer Exchange.
Payment Exchanges can work in a variety of ways. The most general case
where the trade is dependent on the payment brand and protocol used is
illustrated in the diagram below. Simpler payment exchanges are
possible.
CONSUMER OTP MESSAGE MERCHANT
1. Consumer decides to 2. Merchant decides
trade and sends Information on what is which payment brand
information on what to being paid for and protocols to
purchase to the ----------------------> offer, places then
Merchant, e.g. using (outside scope of OTP) in a Brand List
HTML Component and sends
them to the
Consumer.
|
v
3. Consumer selects the payment <----------------- Brand List
brand and protocol to use, creates a Brand List Component
Brand Selection Component and sends
it to the Merchant
|
v
Brand Selection ----------------> 4. Merchant checks Brand
Brand Selection Selection, creates Payment Amount
Information, optionally signs it
to authorise payment and send it
to the consumer
|
v
5. Consumer checks the Components:
Payment Amount information <-------- Pay Amount; Auth data;
and if OK requests that the Payment Organisation(s) (Merchant &
payment starts by sending Information Payment Handler); Signature
information to the Payment (Offer) (signs other
Handler components)
|
| ========================================
v PAYMENT HANDLER
Components: Pay Scheme; Auth 6. Payment Handler checks
Data; Brand List; Pay Amount; information including
Brand Selection; ----------> optional signature and if
Organisation(s) (Merchant & Payment OK starts exchanging Pay
Payment Handler); Signature Request Scheme Components using
(Offer) (signs all other messages for selected
components except payment brand and payment
------ Pay Scheme) protocol
| | |
| v v
| Component: Pay Scheme <------------------> Component: Pay Scheme
| Payment Exchange
| |
| v
| 7. Eventually payment protocol messages
---------- finish so Payment Handler sends Pay
| Receipt and optional signature to
| Consumer as proof of payment
| |
| v
v Components: Pay Receipt; Pay
8 Consumer checks Pay scheme; Signature (Offer);
Receipt is OK <------- Signature (Pay Receipt)
Payment (signs Pay Receipt and
Response Signature (Offer) components)
Figure 3 Payment Exchange
A Payment Exchange uses the following Trading Components that are
passed between the Consumer, the Merchant and the Payment Handler:
o The Brand List Component contains a list of payment brands
(for example, MasterCard, Visa, Mondex, GeldKarte) and payment
protocols (for example SET Version 1.0, Secure Channel Credit
Debit (SCCD - the name used for a credit or debit card payment
where unauthorised access to account information is prevented
through use of secure channel transport mechanisms such as
SSL). The Merchant sends the Brand List to the Consumer. The
consumer compares the payment brands and protocols on offer
with those that the Consumer supports and makes a selection.
o The Brand Selection Component contains the Consumer's
selection. Payment brand, protocol and possibly protocol-
specific information is sent back to the Merchant. This
information may be used to change information in the Offer
Exchange. For example, a merchant could choose to offer a
discount to encourage the use of a store card.
o The Organisation Components are generated by the Merchant.
They contain details of the Merchant and Payment Handler
Roles:
- the Merchant role is required so that the Payment Handler can
identify which Merchant initiated the payment. Typically, the
result of the Payment Handler accepting (or making) a payment on
behalf of the Merchant will be a credit or debit transaction to
the Merchant's account held by the Payment Handler. These
transactions are outside the scope of IOTP
- the Payment Handler role is required so that the Payment Handler
can check that it is the correct Payment Handler to be used for
the payment
o The optional Authentication Data Component contains challenge
data which is used by the payment protocol to authenticate the
consumer. Authentication may not always occur
o The Payment Component contains details of how much to pay, the
currency and the payment direction, and identifies the
Authentication Data Component to use.
o The "Offer Response" Signature Component, if present,
digitally signs all of the above components to ensure their
integrity. Note that the Brand List and Brand Selection
Components are not signed until the payment information is
created (step 3 in the diagram)
o The Payment Scheme Component contains messages from the
payment protocol used in the Trade. For example they could be
SET messages, Mondex messages, GeldKarte Messages or one of
the other payment methods supported by IOTP. The content of
the Payment Scheme Component is defined in the supplements
that describe how IOTP works with various payment protocols.
o The Payment Receipt Component contains a record of the
payment. The content depends upon the payment protocol used.
o The "Payment Receipt" Signature Component provides proof of
payment by digitally signing both the Payment Receipt
Component and the Offer Signature. The signature on the offer
digitally signs the Order, Organisation and Delivery
Components contained in the Offer. This signature effectively
binds the payment to the offer.
The example of a Payment Exchange above is the most general case.
Simpler cases are also possible. For example, if the amount paid is
not dependent on the payment brand and protocol selected then the
payment information generated by step 3 can be sent to the Consumer at
the same time as the Brand List Component generated by step 1. These
and other variations are described in the Baseline Purchase IOTP
Transaction (see section 8.3).
2.2.3 Delivery Exchange
The goal of the Delivery Exchange is to cause purchased goods to be
delivered to the consumer either online or via physical delivery. A
second goal is to provide a "delivery note" to the consumer, providing
details about the delivery, such as shipping tracking number. A future
goal is to have a signed delivery that can be used for customer care
in the case of problems with physical delivery. This is illustrated in
the diagram below.
CONSUMER OTP MESSAGE MERCHANT
1. Consumer decides to ------------> 2. Merchant checks the
trade and sends Information information provided by the
information about what on what is Consumer, adds information
to deliver and who is being about how the delivery will
to take delivery, to delivered occur, information about the
the Merchant, using for (outside organisations involved in the
example, HTML scope of OTP) delivery and optionally signs
it
|
v
3. Consumer checks the Components:
delivery information is OK, Delivery;
obtains authorisation for <----------------- Organisation(s)
the delivery, for example by Delivery Delivery Handler,
making a payment, and sends Information Deliver To; Order;
the delivery information to Signature (Offer)
the Delivery Handler.
|
v
Components: Delivery; 4. Delivery Handler checks
Organisation(s), Merchant, information and
Delivery Handler, DelivTo; --------> authorisation. Starts or
Order; Signature (Offer); Delivery schedules delivery and
Signature (Pay Receipt) Request creates and then sends a
(from Payment Exchange) delivery note to the Consumer
|
v
5. Consumer checks delivery <--------- Component: Delivery
note is OK and accepts or waits Delivery Note
for delivery as described in Response
the Delivery Note
Figure 4 Delivery Exchange
A Delivery Exchange uses the following Trading Components that are
passed between the Consumer, the Merchant and the Delivery Handler:
o The Organisation Component(s) contain details of the Deliver
To, Delivery Handler and Merchant Roles:
- the Deliver To role indicates where the goods or services are to
be delivered to
- the Delivery Handler role is required so that the Delivery
Handler can check that she is the correct Delivery Handler to do
the delivery
- the Merchant role is required so that the Delivery Handler can
identify which Merchant initiated the delivery
o The Order Component, contains information about the goods or
services to be delivered
o The Delivery Component contains information about how delivery
will occur, for example by post or using e-mail.
o The "Offer Response" Signature Component, if present,
digitally signs all of the above components to ensure their
integrity.
o The " Payment Receipt" Signature Component provides proof of
payment by digitally signing the Payment Receipt Component and
the Offer Signature. This is used by the Delivery Handler to
check that delivery is authorised
o The Delivery Note Component contains customer care information
related to a physical delivery, or alternatively the actual
"electronic goods". The Consumer's software does not interpret
information about a physical delivery but should have the
ability to display the information, both at the time of the
delivery and later if the Consumer selects the Trade to which
this delivery relates from a transaction list.
2.2.4 Authentication Exchange
The goal of the Authentication Exchange is to allow one organisation,
for example a financial institution, to be able to check that another
organisation, for example a consumer, is who they appear to be. It
uses a "challenge-response" mechanism. This is illustrated in the
diagram below.
ORGANISATION 1 OTP MESSAGE ORGANISATION 2
1. First organisation, 2. The second
e.g a consumer, takes an organisation generates
action (for example by ----------------> Authentication Data
pressing a button on an Need for containing challenge data
HTML page) which Authentication and the method of
requires that the (outside scope of authentication to be used
organisation is OTP) then sends it to the
authenticated first organisation
|
v
3. The first organisation uses Component:
the challenge data with the <------------ Authentication Data
specified authentication method Authentication
to generate an Authentication Request
Response which is sent back to
the second organisation
|
v
Component:
Authentication -------------> 4. The Authentication Response is
Response Authentication checked against the challenge data to
Response check that the first organisation is
who they appear to be
Figure 5 Authentication Exchange
An Authentication Exchange uses the following Trading Components that
are passed between the two organisations:
o the Authentication Data Component which contains the challenge
data to be used in the "challenge-response" mechanism and
indicates the authentication method to be used. It is sent by
one organisation to the other.
o the Authentication Response Component which contains the
challenge response generated by the recipient of the
Authentication Data Component. It is sent back to the first
organisation for verification.
2.3 Scope of Baseline IOTP
This specification describes the IOTP Transactions which make up
Baseline IOTP. As described in the preface, IOTP will evolve over
time. This section defines the initial conformance criteria for
implementations that claim to _support IOTP._
The main determinant on the scope of an IOTP implementation is the
roles which the solution is designed to support. The roles within IOTP
are described in more detail in section 2.1 Trading Roles. To
summarise the roles are: Merchant, Consumer, Payment Handler, Delivery
Handler and Customer Care Provider.
Payment Handlers who can be of three types:
o those who accept a payment as part of a purchase or make a
payment as part of a refund,
o those who accept value as part of a deposit transaction, or
o those that issue value a withdrawal transaction
The following table defines, for each role, the IOTP Transactions and
Trading Blocks which must be supported for that role.
Merchants
ECash ECash
Store Value Value Consumer Payment Delivery Pay
Issuer Acquirer Handler Handler Inst.
Cuts
Care
TRANSACTIONS
Purchase Must Must
Refund Must b)
Depends
Authent- May Must May b)
ication Depends
Value May Must
Exchange
Withdrawal Must b)
Depends
Deposit Must b)
Depends
Inquiry Must Must Must Must Must Must Must
Ping Must Must Must Must Must Must Must
Pay Inst. b) Must
Cust. Care Depends
TRADING
BLOCKS
TPO Must Must Must Must
TPO Must Must Must Must
Selection
Auth-Requesta) a) a)
Depends Depends Depends
Auth-Reply a) a) a)
Depends Depends Depends
Offer Must Must Must Must
Response
Payment Must Must
Merchants
ECash ECash
Store Value Value Consumer Payment Delivery Pay
Issuer Acquirer Handler Handler Inst.
Cuts
Care
Request
Payment Must Must
Exchange
Payment Must Must
Response
Delivery Must Must
Request
Delivery Must Must
Response
Pay Inst. b) Must
Cust Care Depends
Req.
Pay Inst. b) Must
Cust Care Depends
Resp
Inquiry Must Must Must Must Must Must Must
Request
Inquiry Must Must Must Must Must Must Must
Response
Ping RequestMust Must Must Must Must Must Must
Ping Must Must Must Must Must Must Must
Response
Signature Must Must Must Limited Must Must b)
Depends
Error Must Must Must Must Must Must Must
In the above table:
o _Must_ means that a Trading Role must support the
Transaction or Trading Block.
o _May_ means that an implementation may support the
Transaction or Trading Block at the option of the developer.
o _Depends_ means implementation of the Transaction or Trading
Block depends on one of the following conditions:
- if Baseline Authentication IOTP Transaction is
supported;
- if required by a Payment Method as defined in its IOTP
Supplement document.
o "Limited" means the Trading Block must be understood and its
content manipulated but not in every respect. Specifically, on
the Signature Block, Consumers do not have to be able to
validate digital signatures.
An IOTP solution must support all the IOTP Transactions and Trading
Blocks required by at least one role (column) as described in the
above table for that solution to be described as "supporting IOTP".
3. Protocol Structure
The previous section provided an introduction which explained:
o Trading Roles which are the different roles which
organisations can take in a trade: Consumer, Merchant, Payment
Handler, Delivery Handler and Merchant and Payment Instrument
Customer Care Provider, and
o Trading Exchanges where each Trading Exchange involves the
exchange of data, between Trading Roles, in the form of a set
of Trading Components.
This section describes:
o how Trading Components are constructed into Trading Blocks and
the IOTP Messages which are physically sent in the form of
[XML] documents between the different Trading Roles,
o how IOTP Messages are exchanged between Trading Roles to
create an IOTP Transaction
o the XML definitions of an IOTP Message including a Transaction
Reference Block - an XML element which identifies an IOTP
Transaction and the IOTP Message within it
o the definitions of the XML ID Attributes which are used to
identify IOTP Messages, Trading Blocks and Trading Components
and how these are referred to using Element References from
other XML elements such as
o IOTP Signature Components which use digital signature
techniques to preserve the integrity of IOTP Messages and
provide the trust relationships required by IOTP
o how extra XML Elements and new user defined values for
existing IOTP codes can be used when Extending IOTP, and
finally
3.1 Overview
3.1.1 IOTP Message Structure
The structure of an IOTP Message and its relationship with Trading
Blocks and Trading Components is illustrated in the diagram below.
OTP MESSAGE <----------- OTP Message - an XML Document which is
| transported between the Trading Roles
|-Trans Ref Block <----- Trans Ref Block - contains information which
| | describes the OTP Transaction and the OTP
| | Message.
| |-Trans Id Comp. <--- Transaction Id Component - uniquely
| | identifies the OTP Transaction. The Trans Id
| | Components are the same across all OTP
| | messages that comprise a single OTP
| | transaction.
| |-Msg Id Comp. <----- Message Id Component - identifies and
| describes an OTP Message within an OTP
| Transaction
|-Signature Block <----- Signature Block (optional) - contains one or
| | more Signature Components and their
| | associated Certificates
| |-Signature Comp. <-- Signature Component - contains digital
| | signatures. Signatures may sign hashes of the
| | Trans Ref Block and any Trading Component in
| | any OTP Message in the same OTP Transaction.
| |-Certificate Comp. < Certificate Component. Used to check the
| signature.
|-Trading Block <------- Trading Block - an XML Element within an OTP
| |-Component Message that contains a predefined set of
| |-Component Trading Components
| |-Component
| |-Component <-------- Trading Components - XML Elements within a
| Trading Block that contain a predefined set
|-Trading Block of XML elements and attributes containing
| |-Component information required to support a Trading
| |-Component Exchange
| |-Component
| |-Component
| |-Component
|
|
Figure 6 IOTP Message Structure
The diagram also introduces the concept of a Transaction Reference
Block. This block contains, amongst other things, a globally unique
identifier for the IOTP Transaction. Also each block and component is
given an ID Attribute (see section 3.4) which is unique within an IOTP
Transaction. Therefore the combination of the ID attribute and the
globally unique identifier in the Transaction Reference Block is
sufficient to uniquely identify any Trading Block or Trading
Component.
3.1.2 IOTP Transactions
A predefined set of IOTP Messages exchanged between the Trading Roles
constitute an IOTP Transaction. This is illustrated in the diagram
below.
CONSUMER MERCHANT
Generate first
OTP Message
--- |
| | v
Process incoming | I | -------------
OTP Message & <------------- | | -------------- | OTP Message |
generate next OTP | | -------------
Message | N |
| | |
v | |
------------- | T | Process incoming
| OTP Message | -------------- | | -------------> OTP Message &
------------- | | generate next OTP
| E | Message
| | |
| | v
Process incoming | R | -------------
OTP Message <------------- | | -------------- | OTP Message |
generate last OTP | | -------------
Message & stop | N |
| | |
v | |
------------- | E | Process last
| OTP Message | -------------- | | -------------> incoming OTP
------------- | | Message & stop
| | T | |
v | | v
STOP --- STOP
Figure 7 An IOTP Transaction
In the above diagram the Internet is shown as the transport mechanism.
This is not necessarily the case. IOTP Messages can be transported
using a variety of transport mechanisms.
The IOTP Transactions (see section 8) in this version of IOTP are
specifically:
o Purchase. This supports a purchase involving an offer, a
payment and optionally a delivery
o Refund. This supports the refund of a payment as a result of,
typically, an earlier purchase
o Value Exchange. This involves two payments which result in the
exchange of value from one combination of currency and payment
method to another
o Authentication. This supports the remote authentication of a
Consumer by another Trading Role using a variety of
authentication methods, and the provision of an Organisation
Component about a Consumer to another Trading Role for use in,
for example the creation of an offer
o Withdrawal. This supports the withdrawal of electronic cash
from a financial institution
o Deposit. This supports the deposit of electronic cash at a
financial institution
o Payment Instrument Customer Care. This supports the provision
of Payment Brand or Payment Method specific customer care of a
Payment Instrument
o Inquiry This supports inquiries on the status of an IOTP
transaction which is either in progress or is complete
o Ping This supports a simple query which enables one IOTP aware
application to determine whether another IOTP application
running elsewhere is working or not.
3.2 IOTP Message
As described earlier, IOTP Messages are [XML] documents which are
physically sent between the different organisations that are taking
part in a trade.
The XML definition of an IOTP Message is as follows.
<!ELEMENT OtpMessage (TransRefBlk, SigBlk?, ErrorBlk?,
( AuthReqBlk |
AuthRespBlk |
DeliveryReqBlk |
DeliveryRespBlk |
InquiryReqBlk |
InquiryRespBlk |
OfferRespBlk |
PayExchBlk |
PayReqBlk |
PayInstCCExchBlk |
PayInstCCReqBlk |
PayInstCCRespBlk
PayRespBlk |
PingReqBlk |
PingRespBlk |
TpoBlk |
TpoSelectionBlk |
)*
) >
Content:
TransRefBlk This contains information which describes an
IOTP Message within an IOTP Transaction (see
section 3.3 immediately below)
AuthReqBlk, These are the Trading Blocks.
AuthRespBlk,
DeliveryReqBlk, The Trading Blocks present within an IOTP
DeliveryRespBlk Message, and the content of a Trading Block
ErrorBlk itself is dependent on the type of IOTP
InquiryReqBlk, Transaction being carried out - see the
InquiryRespBlk, definition of each transaction in section 8 Open
OfferRespBlk, Trading Protocol Transactions.
PayExchBlk,
PayReqBlk, Full definitions of each Trading Block are
PayInstCCExchBlk, described in section 7.
PayInstCCReqBlk,
PayInstCCRespBlk
PayRespBlk,
PingReqBlk,
PingRespBlk,
SigBlk,
TpoBlk,
TpoSelectionBlk
3.2.1 XML Document Prolog
The IOTP Message is the root element of the XML document. It therefore
needs to be preceded by an appropriate XML Document Prolog. For
example:
<?XML Version='1.0'?>
<!DOCTYPE OtpMessage >
<OtpMessage>
...
</OtpMessage>
3.3 Transaction Reference Block
A Transaction Reference Block contains information which identifies
the IOTP Transaction and IOTP Message. The Transaction Reference Block
contains:
o a Transaction Id Component which globally uniquely identifies
the IOTP Transaction. The Transaction Id Components are the
same across all IOTP messages that comprise a single IOTP
transaction,
o a Message Id Component which provides control information
about the IOTP Message as well as uniquely identifying the
IOTP Message within an IOTP Transaction, and
o zero or more Related To Components which link this IOTP
Transaction to either other IOTP Transactions or other events
using the identifiers of those events.
The definition of a Transaction Reference Block is as follows:
<!ELEMENT TransRefBlk (TransId, MsgId, RelatedTo*) >
<!ATTLIST TransRefBlk
ID ID #REQUIRED >
Attributes:
ID An identifier which uniquely identifies the
Transaction Reference Block within the IOTP
Transaction (see section 3.4 ID Attributes).
Content:
TransId See 3.3.1 Transaction Id Component immediately
below.
MsgId See 3.3.2 Message Id Component immediately below.
RelatedTo See 3.3.3 Related To Component immediately below.
3.3.1 Transaction Id Component
This contains information which globally uniquely identifies the IOTP
Transaction. Its definition is as follows:
<!ELEMENT TransId EMPTY>
<!ATTLIST TransId
ID ID #REQUIRED
Version NMTOKEN #FIXED '1.0'
OtpTransId NMTOKEN #REQUIRED
OtpTransType CDATA #REQUIRED >
TransTimeStamp CDATA #REQUIRED >
Attributes:
ID An identifier which uniquely identifies the
Transaction Id Component within the IOTP
Transaction.
Version This identifies the version of IOTP, and therefore
the structure of the IOTP Messages, which the IOTP
Transaction is using.
OtpTransId Contains data which uniquely identifies the IOTP
Transaction. It must conform to the rules for
Message Ids in [RFC 822].
OtpTransType This is the type of IOTP Transaction being carried
out. For Baseline IOTP it identifies a "standard"
IOTP Transaction and implies the sequence and
content of the IOTP Messages exchanged between the
Trading Roles. The valid values for Baseline IOTP
are:
o BaselineAuthentication
o BaselineDeposit
o BaselinePurchase
o BaselineRefund
o BaselineWithdrawal
o BaselineValueExchange
o BaselineInquiry
o BaselinePing
o BaselinePayInstrumentCustomerCare
o x-ddd:nnn
A value for OtpTransType of x-ddd:nnn indicates a
user defined transaction type. See section 3.7.3
User Defined Codes.
In later versions of IOTP, this list will be
extended to support different types of standard
IOTP Transaction based on market demand. It is
also likely to support the type Dynamic which
indicates that the sequence of steps within the
transaction are non-standard.
TransTimeStamp Where the system initiating the IOTP Transaction
has an internal clock, it is set to the time at
which the IOTP Transaction started in [UTC]
format.
The main purpose of this attribute is to provide
an alternative way of identifying a transaction by
specifying the time at which it started.
Some systems, for example, hand held devices may
not be able to generate a time stamp. In this
case this attribute should contain the value "NA"
for Not Available.
3.3.2 Message Id Component
The Message Id Component provides control information about the IOTP
Message as well as uniquely identifying the IOTP Message within an
IOTP Transaction. Its definition is as follows.
<!ELEMENT MsgId EMPTY >
<!ATTLIST MsgId
ID ID #REQUIRED
RespOtpMsg NMTOKEN #IMPLIED
xml:lang NMTOKEN #REQUIRED
SoftwareId CDATA #REQUIRED
TimeStamp CDATA #IMPLIED >
Attributes:
ID An identifier which uniquely identifies the IOTP
Message within the IOTP Transaction (see section
3.4 ID Attributes). Note that if an IOTP Message
is resent then the value of this attribute remains
the same.
RespOtpMsg This contains the ID attribute of the Message Id
Component of the IOTP Message to which this IOTP
Message is a response. In this way all the IOTP
Messages in an IOTP Transaction are unambiguously
linked together. This field is required on every
IOTP Message except the first IOTP Message in an
IOTP Transaction.
xml:lang Defines the language used by attributes or child
elements within this component, unless overridden
by an xml:lang attribute on a child element. See
section 3.9 Identifying Languages.
SoftwareId This contains information which identifies the
software which generated the IOTP Message. Its
purpose is to help resolve interoperability
problems that might occur as a result of
incompatibilities between messages produced by
different software. It is a single text string in
the language defined by xml:lang. It must contain,
as a minimum:
o the name of the software manufacturer
o the name of the software
o the version of the software, and
o the build of the software
TimeStamp Where the device sending the message has an
internal clock, it is set to the time at which the
IOTP Message was created in [UTC] format.
3.3.3 Related To Component
The Related To Component links IOTP Transactions to either other IOTP
Transactions or other events using the identifiers of those events.
Its definition is as follows.
<!ELEMENT RelatedTo (PackagedContent) >
<!ATTLIST RelatedTo
ID ID #REQUIRED
xml:lang NMTOKEN #REQUIRED
RelationshipType NMTOKEN #REQUIRED
Relation CDATA #REQUIRED
RelnKeyWords NMTOKENS #IMPLIED >
Attributes:
ID An identifier which uniquely identifies the
Related To Component within the IOTP Transaction.
xml:lang Defines the language used by attributes or child
elements within this component, unless overridden
by an xml:lang attribute on a child element. See
section 3.9 Identifying Languages.
RelationshipType Defines the type of the relationship. Valid values
are:
o OtpTransaction. in which case the Packaged
Content Element contains an OtpTransId of
another IOTP Transaction
o Reference in which case the Packaged Content
Element contains the reference of some other,
non-IOTP document.
o x-ddd:nnn a user defined code (see section
3.7.3)
Relation The Relation attribute contains a phrase in the
language defined by xml:lang which describes the
nature of the relationship between the IOTP
transaction that contains this component and
another IOTP Transaction or other event. The exact
words to be used are left to the implementer of
the IOTP software.
The purpose of the attribute is to provide the
Trading Roles involved in an IOTP Transaction with
an explanation of the nature of the relationship
between the transactions.
Care should be taken that the words used to in the
Relation attribute indicate the "direction" of the
relationship correctly. For example: one
transaction might be a refund for another earlier
transaction. In this case the transaction which is
a refund should contain in the Relation attribute
words such as "refund for" rather than "refund to"
or just "refund".
RelnKeyWords This attribute contains keywords which could be
used to help identify similar relationships, for
example all refunds. It is anticipated that
recommended keywords will be developed through
examination of actual usage. In this version of
the specification there are no specific
recommendations and the keywords used are at the
discretion of the implementer.
Content:
PackagedContent The Packaged Content (see section 3.8) contains
data which identifies the related transaction. Its
format varies depending on the value of the
RelationshipType.
3.4 ID Attributes
IOTP Messages, Blocks (i.e. Transaction Reference Blocks and Trading
Blocks), Trading Components (including the Transaction Id Component
and the Signature Component) and some of their child elements are each
given an XML "ID" attribute which is used to identify an instance of
these XML elements. These identifiers are used so that one element can
be referenced by another. All these attributes are given the attribute
name ID.
The values of each ID attribute are unique within an IOTP transaction
i.e. the set of IOTP Messages which have the same globally unique
Transaction ID Component. Also, once the ID attribute of an element
has been assigned a value it is never changed. This means that
whenever an element is copied, the value of the ID attribute remains
the same.
As a result it is possible to use these IDs to refer to and locate the
content of any IOTP Message, Block or Component from any other IOTP
Message, Block or Component in the same IOTP Transaction using Element
References (see section 3.5).
This section defines the rules for setting the values for the ID
attributes of IOTP Messages Blocks and Components.
3.4.1 IOTP Message ID Attribute Definition
The ID attribute of the Message Id Component of an IOTP Message must
be unique within an IOTP Transaction. It's definition is as follows:
OtpMsgId_value ::= OtpMsgIdPrefix OtpMsgIdSuffix
OtpMsgIdPrefix ::= NameChar (NameChar)*
OtpMsgIdSuffix ::= Digit (Digit)*
OtpMsgIdPrefix Apart from messages which contain an Inquiry
Request Trading Block (see section 7.14), the same
prefix is used for all messages sent by the
Merchant or Consumer role as follows:
o "M" - Merchant
o "C" - Consumer
For messages which contain an Inquiry Request
Trading Block, the prefix is set to "I" for
Inquiry.
The prefix for the other roles in a trade is
contained within the Organisation Component for
the role and are typically set by the Merchant.
The following is recommended as a guideline and
must not be relied upon:
o "P" - First (only) Payment Handler
o "R" - Second Payment Handler
o "D" - Delivery Handler
As a guideline, prefixes should be limited to one
character.
NameChar has the same definition as the [XML]
definition of NameChar.
OtpMsgIdSuffix The suffix consists of one or more digits. The
suffix must be unique within a Trading Role within
an IOTP Transaction. The following is recommended
as a guideline and must not be relied upon:
o the first IOTP Message sent by a trading role
is given the suffix "1"
o the second and subsequent IOTP Messages sent by
the same trading role are incremented by one for
each message
o no leading zeroes are included in the suffix
Put more simply the Message Id Component of the
first IOTP Message sent by a Consumer would have
an ID attribute of, "C1", the second "C2", the
third "C3" etc.
Digit has the same definition as the [XML]
definition of Digit.
3.4.2 Block and Component ID Attribute Definitions
The ID Attribute of Blocks and Components must also be unique within
an IOTP Transaction. Their definition is as follows:
BlkOrCompId_value ::= OtpMsgId "." IdSuffix
IdSuffix ::= Digit (Digit)*
OtpMsgId The ID attribute of the Message ID Component of
the IOTP Message where the Block or Component is
first used.
In IOTP, Trading Components and Trading Blocks are
copied from one IOTP Message to another. The ID
attribute does not change when an existing Trading
Block or Component is copied to another IOTP
Message.
IdSuffix The suffix consists of one or more digits. The
suffix must be unique within the ID attribute of
the Message ID Component used to generate the ID
attribute. The following is recommended as a
guideline and must not be relied upon:
o the first Block or Component sent by a trading
role is given the suffix "1"
o the ID attributes of the second and subsequent
Blocks or Components are incremented by one for
each new Block or Component added to an IOTP
Message
o no leading zeroes are included in the suffix
Put more simply, the first new Block or Component
added to the second IOTP Message sent, for
example, by a consumer would have a an ID
attribute of "C2.1", the second "C2.2", the third
"C2.3" etc.
Digit has the same definition as the [XML]
definition of Digit.
3.4.3 Example of use of ID Attributes
The diagram below illustrates how ID attribute values are used.
1st OTP MESSAGE 2nd OTP MESSAGE
(e.g. from Merchant to (e.g. from Consumer to
Consumer Payment Handler)
OTP MESSAGE OTP MESSAGE *
|-Trans Ref Block. ID=M1.1 |-Trans Ref Block.ID=C1.1*
| |-Trans Id Comp. ID = M1. ------------->| |-Trans Id Comp.
| | Copy Element | | ID=M1.2
| |-Msg Id Comp. ID = M1 | |-Msg Id Comp. ID=C1 *
| |
|-Signature Block. ID=M1.8 |-Signature Block.ID=C1.5*
| |-Sig Comp. ID=M1.15 ---- ------------->| |-Comp. ID=M1.15
| Copy Element |
|-Trading Block. ID=M1.3 |-Trading Block. ID=C1.2 *
| |-Comp. ID=M1.4 --------- ---------------->|-Comp. ID=M1.4
| | Copy Element |
| |-Comp. ID=M1.5 --------- ---------------->|-Comp. ID=M1.5
| | Copy Element |
| |-Comp. ID=M1.6 |-Comp. ID=C1.3 *
| |-Comp. ID=M1.7 |-Comp. ID=C1.4 *
|
|-Trading Block. ID=M1.3
|-Comp. ID=M1.4 * = new elements
|-Comp. ID=M1.5
|-Comp. ID=M1.6
|-Comp. ID=M1.7
Figure 8 Example use of ID attributes
3.5 Element References
A Trading Component or one of its child XML elements, may contain an
XML attribute that refers to another Block (i.e. a Transaction
Reference Block or a Trading Block) or Trading Component (including a
Transaction Id and Signature Component). These Element References are
used for many purposes, a few examples include:
o identifying an XML element whose hash value is included in a
Signature Component,
o referring to the Payment Handler Organisation Component which
is used when making a Payment
An Element Reference always contains the value of an ID attribute of a
Block or Component.
Identifying the IOTP Message, Trading Block or Trading Component which
is referred to by an Element Reference, involves finding the XML
element which:
o belongs to the same IOTP Transaction (i.e. the Transaction Id
Components of the IOTP Messages match), and
o where the value of the ID attribute of the element matches the
value of the Element Reference.
[Note] The term "match" in this specification has the same
definition as the [XML] definition of match.
[Note End]
An example of "matching" an Element Reference is illustrated in the
example below.
1st OTP MESSAGE 2nd OTP MESSAGE
(e.g. from Merchant to (e.g. from Consumer to
Consumer Payment Handler)
OTP MESSAGE OTP MESSAGE
|-Trans Ref Block. ID=M1.1 Trans ID |-Trans Ref Block. ID=C1.1
| |-Trans Id Comp. ID = M1. <-Components--|->|-Trans Id Comp.ID=M1.2
| | must be | |
| |-Msg Id Comp. ID = M1 Identical | |-Msg Id Comp. ID=C1
| ^ |
|-Signature Block. ID=M1.8 | |-Signature Block. ID=C1.5
| |-Sig Comp. ID=M1.15 | | |-Comp. ID=M1.15
| AND |
|-Trading Block. ID=M1.3 | |-Trading Block. ID=C1.2
| |-Comp. ID=M1.4 | |-Comp. ID=M1.4
| | v |
| |-Comp. ID=M1.5 <-------- -ID Attribute |-Comp. ID=M1.5
| | and El Ref |
| |-Comp. ID=M1.6 values must |-Comp. ID=C1.3
| | match--------|--> El Ref=M1.6
| |-Comp. ID=M1.7 |-Comp. ID=C1.4
|
|-Trading Block. ID=M1.3
|-Comp. ID=M1.4
|-Comp. ID=M1.5
|-Comp. ID=M1.6
|-Comp. ID=M1.7
Figure 9 Element References
[Note] Element Reference attributes are defined as "NMTOKEN" rather
than "IDREF" (see [XML]). This is because an IDREF requires
that the XML element referred to is in the same XML
Document. With IOTP this is not necessarily the case.
[Note End]
3.6 Brands and Brand Selection
One of the key features of IOTP is the ability for a merchant to offer
a list of Brands from which a consumer may make a selection. This
section provides an overview of what is involved and provides guidance
on how selection of a brand and associated payment instrument can be
carried out by a Consumer. It covers:
o definitions of Payment Instruments and Brands - what are
Payment Instruments and Brands in an IOTP context. Further
categorises Brands as optionally a "Dual Brand" or a
"Promotional Brand",
o identification and selection of Promotional Brands -
Promotional Brands offer a Consumer some additional benefit,
for example loyalty points or a discount. This means that both
Consumers and Merchant must be able to correctly identify that
a valid Promotional Brand is being used.
Also see the following sections:
o Brand List Component (section 6.6) which contains definitions
of the XML elements which contain the list of Brands offered
by a Merchant to a Consumer, and
o Brand Selection Component (section 6.7) for details of how a
Consumer records the Brand that was selected.
3.6.1 Definition of Payment Instrument
A Payment Instrument is the means by which Consumer pays for goods or
services offered by a Merchant. It can be, for example:
o a credit card such as MasterCard or Visa;
o a debit card such as MasterCard's Maestro;
o a smart card based electronic cash payment instrument such as
a Mondex Card, a GeldKarte card or a Visa Cash card
o a software based electronic payment account such as a
CyberCash or DigiCash account.
All Payment Instruments have a number, typically an account number, by
which the Payment Instrument can be identified.
3.6.2 Definition of Brand
A Brand is the mark which identifies a particular type of Payment
Instrument. A list of Brands are the payment options which are
presented by the Merchant to the Consumer and from which the Consumer
makes a selection. Each Brand may have a different Payment Handler.
Examples of Brands include:
o payment association and proprietary Brands, for example
MasterCard, Visa, American Express, Diners Club, American
Express, Mondex, GeldKarte, CyberCash, etc.
o promotional brands (see below). These include:
- store brands, where the Payment Instrument is issued to a
Consumer by a particular Merchant, for example Walmart, Sears,
or Marks and Spencer (UK)
- cobrands, for example American Advantage Visa, where an
organisation uses their own brand in conjunction with,
typically, a payment association Brand.
3.6.3 Definition of Dual Brand
A Dual Brand means that a single payment instrument may be used as if
it were two separate Brands. For example there could be a single
Japanese "UC" MasterCard which can be used as either a UC card or a
regular MasterCard. The UC card Brand and the MasterCard Brand could
each have their own separate Payment Handlers. This means that:
o the merchant treats, for example "UC" and "MasterCard" as two
separate Brands when offering a list of Brands to the
Consumer,
o the consumer chooses a Brand, for example either "UC" or
"MasterCard,
o the consumer IOTP aware application determines which Payment
Instrument(s) match the chosen Brand, and selects, perhaps
with user assistance, the correct Payment Instrument to use.
[Note] Dual Brands need no special treatment by the Merchant and
therefore no explicit reference is made to Dual Brands in
the DTD. This is because, as far as the Merchant is
concerned, each Brand in a Dual Brand is treated as a
separate Brand. It is at the Consumer, that the matching of
a Brand to a Dual Brand Payment Instrument needs to be done.
[Note End]
3.6.4 Definition of Promotional Brand
A Promotional Brand means that, if the Consumer pays with that Brand,
then the Consumer will receive some additional benefit which can be
received in two ways:
o at the time of purchase. For example if a Consumer pays with a
"Walmart MasterCard" at a Walmart web site, then a 5% discount
might apply, which means the consumer actually pays less,
o from their Payment Instrument (card) issuer when the payment
appears on their statement. For example loyalty points in a
frequent flyer scheme could be awarded based on the total
payments made with the Payment Instrument since the last
statement was issued.
Note that:
o the first example (obtaining the benefit at the time of
purchase), requires that:
- the Consumer is informed of the benefits which arise if that
Brand is selected
- if the Brand is selected, the Merchant changes the relevant IOTP
Components in the Offer Response to reflect the correct amount
to be paid
o the second (obtaining a benefit through the Payment Instrument
issuer) does not require that the Offer Response is changed
o each Promotional Brand should be identified as a separate
Brand in the list of Brands offered by the Merchant. For
example: "Walmart", "Sears", "Marks and Spencer" and "American
Advantage Visa", would each be a separate Brand.
3.6.5 Identifying Promotional Brands
There are two problems which need to handled in identifying
Promotional Brands:
o how does the Merchant or their Payment Handler positively
identify the promotional brand being used at the time of
purchase
o how does the Consumer reliably identify the correct
promotional brand from the Brand List presented by the
Merchant
The following is a description of how this could be achieved.
[Note] Please note that the approach described here is a model
approach that solves the problem. Other equivalent methods
may be used.
[Note End]
3.6.5.1 Merchant/Payment Handler Identification of Promotional Brands
Correct identification that the Consumer is paying using a Promotional
Brand is important since a Consumer might fraudulently claim to have a
Promotional Brand that offers a reduced payment amount when in reality
they do not.
Two approaches seem possible:
o use some feature of the Payment Instrument or the payment
method to positively identify the Brand being used. For
example, the SET certificate for the Brand could be used, if
one is available, or
o use the Payment Instrument (card) number to look up
information about the Payment Instrument on a Payment
Instrument issuer database to determine if the Payment
Instrument is a promotional brand
Note that:
o the first assumes that SET is available.
o the second is only possible if the Merchant, or alternatively
the Payment Handler, has access to card issuer information.
IOTP does not provide the Merchant with Payment Instrument information
(e.g. a card or account number). This is only sent as part of the
encapsulated payment protocol to a Payment Handler. This means that:
o the Merchant would have to assume that the Payment Instrument
selected was a valid Promotional Brand, or
o the Payment Handler would have to check that the Payment
Instrument was for the valid Promotional Brand and fail the
payment if it was not.
A Payment Handler checking that a brand is a valid Promotional Brand
is most likely if the Payment Handler is also the Card Issuer.
3.6.5.2 Consumer Selection of Promotional Brands
Two ways by which a Consumer can correctly select a Promotional Brand
are:
o the Consumer visually matching a logo for the Promotional
Brand which has been provided to the Consumer by the Merchant,
o the Consumer's IOTP aware application matching a code for the
Promotional Brand which the application has registered against
a similar code contained in the list of Brands offered by the
Merchant.
In the latter case, the code contained in the Consumer wallet must
match exactly the code in the list offered by the Merchant otherwise
no match will be found. Ways in which the Consumer's IOTP Aware
Application could obtain such a code include:
o the Consumer types the code in directly. This is error prone
and not user friendly, also the consumer needs to be provided
with the code. This approach is not recommended,
o using some information contained in the software or other data
associated with the Payment Instrument. This could be:
- a SET certificate for Brands which use this payment method
- a code provided by the payment software which handles the
particular payment method, this could apply to, for example,
GeldKarte, Mondex, CyberCash and DigiCash
o the consumer making a initial "manual" link between a
Promotional Brand in the list of Brands offered by the
Merchant and an individual Payment Instrument, the first time
the promotional brand is used. The IOTP Aware application
would then "remember" the code for the Promotional Brand for
use in future purchases
[Note] It is not the intention of the developers of this
specification to develop a prescriptive list of payment
brands. It is anticipated that owners of brands will develop
distinctive names for Brands which should mean that name
clashes are unlikely.
[Note End]
3.7 Extending IOTP
Baseline IOTP defines a minimum protocol which systems supporting IOTP
must be able to accept. As new versions of IOTP are developed,
additional types of IOTP Transactions will be defined. In addition to
this, Baseline and future versions of IOTP will support user
extensions to IOTP through two mechanisms:
o extra XML elements, and
o new user-defined values for existing IOTP codes.
3.7.1 Extra XML Elements
The XML element and attribute names used within IOTP constitute an
[XML Namespace]. This allows IOTP to support the inclusion of
additional XML elements within IOTP messages through the use of [XML
Namespaces].
[Note] In drafts of the [XML] specification, the concept of
"Namespaces" have been discussed. However they are not
present in the XML documentation submitted for approval (see
XML draft dated 8 December 1997) although it appears as if
they may be included in version 1.1 of XML. It is considered
by the authors of this document that IOTP would be an ideal
example of a Namespace so that other XML elements with
potentially the same name can be included unambiguously in
XML documents which conform to this specification. If
Namespaces, or an equivalent, is not developed for XML as a
whole then IOTP is likely to propose its own equivalent. The
Views of other organisations on this topic are sought.
[Note End]
Extra XML elements may be included at any level within an IOTP message
including:
o new Trading Blocks
o new Trading Components
o new XML elements within a Trading Component.
The following rules apply:
o any new XML element must be declared according to the rules
for [XML Namespaces]. This means that:
- the namespace must be declared to the XML parser
- each element must have a start and end tags which conform to the
rules for XML Namespaces
o new XML elements which are either Trading Blocks or Trading
Components must contain an ID attributes with an attribute
name of ID.
In order to make sure that extra XML elements can be processed
properly, IOTP reserves the use of a special attribute, IOTP:Critical,
which takes the values True or False and may appear in extra elements
added to an IOTP message.
The purpose of this attribute is to allow an IOTP aware application to
determine if the IOTP transaction can safely continue. Specifically:
o if an extra XML element has an "IOTP:Critical" attribute with
a value of "True" and an IOTP aware application does not know
how to process the element and its child elements, then the
IOTP transaction must fail. See section 6.19 Error Component.
o if an extra XML element has an "IOTP:Critical" attribute with
a value of "False" then the IOTP transaction may continue if
the IOTP aware application does not know how to process it. In
this case:
- any extra XML elements contained within an XML element defined
within the IOTP namespace, must be included with that element
whenever the IOTP XML element is used or copied by IOTP
- the content of the extra element must be ignored except that it
must be included when it is hashed as part of the generation of
a signature
o if an extra XML element has no "IOTP:Critical" attribute then
it must be treated as if it had an "IOTP:Critical" attribute
with a value of "True"
o if an XML element contains an "IOTP:Critical" attribute, then
the value of that attribute is assumed to apply to all the
child elements within that element
In order to ensure that documents containing "IOTP:Critical" are
valid, it is declared as part of the DTD for the extra element as:
IOTP:Critical (True | False ) #TRUE
3.7.2 Opaque Embedded Data
If IOTP is to be extended using Opaque Embedded Data then a Packaged
Content Element (see section 3.8) should be used to encapsulate the
data.
3.7.3 User Defined Codes
User defined codes provide a simple way to identify additional values
for the codes contained within this specification.
The definition of a user defined code is as follows:
user_defined_code ::= ( "x-" | "X-" ) domain_name ":" name
domain_name A name which identifies the organisation which is
creating the user defined code (see [DNS]). The
purpose of this field is to reduce the probability of
two organisations creating the same user-defined name
name A name specified by the organisation which owns the
domain_name which identifies the user defined code
within the domain_name.
User defined codes are identified in this specification as "x-
ddd:nnn". The values of User Defined Codes must conform to the rules
for the specific code (see explanations of the individual codes).
3.8 Packaged Content Element
The Packaged Content element supports the concept of an embedded data
stream, transformed to both protect it against misinterpretation by
transporting systems and to ensure XML compatibility. Examples of its
use in IOTP include:
o to encapsulate payment scheme messages, such as SET messages,
o to encapsulate a description of an order.
In general it is used to encapsulate any data stream.
This data stream has two standardised attributes that allow for
decoding and interpretation of the contents. Its definition is as
follows.
<!ELEMENT PackagedContent (#PCDATA)>
<!ATTLIST PackagedContent
Content CDATA "PCDATA"
Transform (NONE|BASE64) "NONE" >
Attributes:
Content This identifies what type of data is contained
within the Content of the Packaged Content
Element. The valid values for the Content
attribute are as follows:
o PCDATA.The content of the Packaged Content
Element can be treated as PCDATA with no further
processing.
o MIME. The content of the Packaged Content
Element is a complete MIME item. Processing
should include looking for MIME headers inside
the Packaged Content Element.
o MIME:mimetype. The content of the Packaged
Content Element is MIME content, with the
following header "Content-Type: mimetype".
Although it is possible to have MIME:mimetype
with the Transform attribute set to NONE, it is
far more likely to have Transform attribute set
to BASE64. Note that if Transform is NONE is
used, then the entire content must still conform
to PCDATA. Some characters will need to be
encoded either as the XML default entities, or
as numeric character entities.
o XML. The content of the Packaged Content
Element can be treated as an XML document.
Entities and CDATA sections, or Transform set to
BASE64, must be used to ensure that the Packaged
Content Element contents are legitimate PCDATA.
o x-ddd:usercode. The content is private, where
ddd represents a domain name of a user, and
usercode represents a particular content format
defined by that user. The guidelines around a x-
ddd are very loose. Given company FFGGHH Inc.,
all of x-www.ffgghh.com, x-ffgghh.comand and
x-ffgghh are legitimate examples. However, only
one should be the correct format, as defined by
FFGGHH Inc.
Transform This identifies the transformation that has been
done to the data before it was placed in the
content. Valid values are:
o NONE. The PCDATA content of the Packaged
Content Element is the correct representation of
the data. Note that entity expansion must occur
first (i.e. replacement of &amp; and &#9;)
before the data is examined. CDATA sections may
legitimately occur in a Packaged Content Element
where the Transform attribute is set to NONE.
o BASE64. The PCDATA content of the Packaged
Content Element represents a BASE64 encoding of
the actual content.
Content:
PCDATA This is the actual data which has been embedded.
The format of the data and rules on how to decode
it are contained in the Content and the Transform
attributes
Note that any special details, especially custom attributes, must be
represented at a higher level.
3.9 Identifying Languages
IOTP uses [XML] Language Identification to specify which languages are
used within the content and attributes of IOTP Messages.
The following principles have been used in order to determine which
XML elements contain an xml:lang Attributes:
o a mandatory xml:lang attribute is contained on every Trading
Component which contains attributes or content which may need
to be displayed or printed in a particular language
o an optional xml:lang attribute is included on child elements
of these Trading Components. In this case the value of
xml:lang, if present, overrides the value for the Trading
Component.
xml:lang attributes which follow these principles are included in the
Trading Components and their child XML elements defined in section 6.
3.10 Secure and Insecure Net Locations
IOTP contains several "Net Locations" which identify places where,
typically, IOTP Messages may be sent. Net Locations come in two types:
o "Secure" Net Locations which are net locations where privacy
of data is secured using, for example, encryption methods such
as [SSL], and
o "Insecure" Net Locations where privacy of data is not assured.
Where both types of net location are present, the following rules
apply:
o either a Secure Net Location or an Insecure Net Location or
both must be present
o if only one of the two Net Locations is present, then the one
present must be used
o if both are present, then the either may be used depending on
preference the preference of the sender of the message.
4. IOTP Error Handling
IOTP is designed as a request/response protocol where each message is
composed of a number of Trading Blocks which contain a number of
Trading Components. There are a several interrelated considerations in
handling errors, re-transmissions, duplicates, and the like. These
factors mean IOTP aware applications must manage message flows more
complex than the simple request/response model. Also a wide variety of
errors can occur in messages as well as at the transport level or in
Trading Blocks or Components.
This section describes at a high level how IOTP handles errors,
retries and idempotency. It covers:
o the different types of errors which can occur. This is divided
into:
- "technical errors" which are independent of the meaning of the
IOTP Message,
- "business errors" which indicate that there is a problem
specific to the process (payment or delivery) which is being
carried out, and
o the depth of the error which indicates whether the error is at
the transport, message or block/component level
o how the different trading roles should handle the different
types of messages which they may receive.
4.1 Technical Errors
Technical errors are those which are independent of the meaning of the
message. This means, they can affect any attempt at IOTP
communication. Typically they are handled in a standard fashion with a
limited number of standard options for the user. Specifically these
are:
o retrying the transmission, or
o cancelling the transaction.
When communications are operating sufficiently well, a technical error
is indicated by an Error Component (see section 6.19) in an Error
Block (see section 7.19) sent by the party which detected the error in
an IOTP message to the party which sent the erroneous message.
If communications too poor, a message which was sent may not reach its
destination. In this case a time-out might occur.
The Error codes associated with Technical Errors are recorded in Error
Components (see section 6.19) which lists all the different technical
errors which can be set.
4.2 Business Errors
Business errors may occur when the IOTP messages are "technically"
correct. They are connected with a particular process, for example, an
offer, payment, delivery or authentication where each process has a
different set of possible business errors.
For example, "Insufficient funds" is a reasonable payment error but
makes no sense for a delivery while "Back ordered" is a reasonable
delivery error but not meaningful for a payment. Business errors are
indicated in the Status Component (see section 6.15) of a "response
block" of the normal type, for example a Payment Response Block or a
Delivery Response Block. This allows whatever additional response
related information is needed to accompany the error indication.
Business errors must usually be presented to the user so that they can
decide what to do next. For example, if the error is insufficient
funds in a Brand Independent Purchase (see section 8.3.1), the user
might wish to choose a different payment instrument/account of the
same brand or a different brand or payment system. Alternatively, if
the IOTP based implementation allows it and it makes sense for that
instrument, the user might want to put more funds into the
instrument/account and try again.
4.3 Error Depth
The three levels at which IOTP errors can occur are the transport
level, the message level, and the block level. Each is described
below.
4.3.1 Transport Level
This level of error indicates a fundamental problem in the transport
mechanism over which the IOTP communication is taking place.
All transport level errors are technical errors and are indicated by
either an explicit transport level error indication, such as a "No
route to destination" error from TCP/IP, or by a time out where no
response has been received to a request.
The only reasonable automatic action when faced with transport level
errors is to retry and, after some number of automatic retries, to
inform the user.
The explicit error indications that can be received are transport
dependent and the documentation for appropriate IOTP Transport
supplement should be consulted for errors and appropriate actions.
Appropriate time outs to use are a function of both the transport
being used and of the payment system if the request encapsulates
payment information. The transport and payment system specific
documentation should be consulted for time out and automatic retry
parameters. Frequently there is no way to directly inform the other
party of transport level errors but they should generally be logged
and if automatic recovery is unsuccessful and there is a human user,
the user should be informed.
4.3.2 Message Level
This level of error indicates a fundamental technical problem with an
entire IOTP message. For example, the XML is not Well formed, or the
message is too large for the receiver to handle or there are errors in
the Transaction Reference Block (see section 3.3) so it is not
possible to figure out what transaction the message relates to.
All message level errors are technical errors and are indicated by an
Error Component (see section 6.19) sent to the other party. The Error
Component includes a Severity attribute which indicates whether the
error is a Warning and may be ignored, a TransientError which
indicates that a retry may resolve the problem or a HardError in which
case the transaction must fail.
The Technical Errors (see section 6.19.2 Error Codes) that are Message
Level errors are:
o XML not well formed. The document is not well formed XML (see
[XML])
o XML not valid. The document is not valid XML (see [XML])
o block level technical errors (see section 4.3.3) on the
Transaction Reference Block (see section 3.3) and the
Signature Block only. This should only be carried out if the
XML is valid
Note that checks on the Signature Block includes checking, where
possible, that each Signature Component is correctly calculated. If
the Digital Signature Element is incorrectly calculated then the data
that should have been covered by the signature can not be trusted and
must be treated as erroneous. A description of how to check a
signature is correctly calculate is contained in section 5.2 Checking
a Signature is Correctly Calculated.
4.3.3 4Block Level
A Block level error indicates a problem with a block or one of its
components in an IOTP message (apart from Transaction Reference or
Signature Blocks). The message has been transported properly, the
overall message structure and the block/component(s) including the
Transaction Reference and Signature Blocks are meaningful but there is
some error related to one of the other blocks.
Block level errors can be either:
o technical errors, or
o business errors
Technical Errors are further divided into:
o Block Level Attribute and Element Checks, and
o Block and Component Consistency Checks
If a technical error occurs related to a block or component, then an
Error Component is returned and, unless it is merely a warning, the
usual response block is suppressed.
4.3.3.1 Block Level Attribute and Element Checks
Block Level Attribute and Element Checks occur only within the same
block. Checks which involve cross-checking against other blocks are
covered by Block and Component Consistency Checks.
The Block Level Attribute & Element checks are:
o checking that each attribute value within each element in a
block conforms to any rules contained within this IOTP
specification
o checking that the content of each element conforms to any
rules contained within this IOTP specification
o if the previous checks are OK, then cross-checking attribute
values and element content against other attribute values or
element content within any other components in the same block.
4.3.3.2 Block and Component Consistency Checks
Block and Component Consistency Checks consist of:
o checking that the combination of blocks and/or components
present in the IOTP Message are consistent with the rules
contained within this IOTP specification
o checking for consistency between attributes and element
content within the blocks within the same IOTP message.
o checking for consistency between attributes and elements in
blocks in this IOTP message and blocks received in earlier
IOTP messages for the same IOTP transaction
4.3.3.3 Block Business Errors
If a business error occurs in a process such as a Payment or a
Delivery, then the usual type of response block is returned. The
Status Component (see section 6.15) within that response block
indicates the error and its severity. No Error Component or Error
Block is generated for business errors.
4.4 Idempotency, Processing Sequence, and Message Flow
IOTP messages are actually a combination of blocks and components as
described in 3.1.1 IOTP Message Structure. Especially in future
extensions of IOTP, a rich variety of combinations of such blocks and
components can occur. It is important that the multiple
transmission/receipt of the "same" request for state changing action
not result in that action occurring more than once. This is called
idempotency. For example, a customer paying for an order would want to
pay the full amount only once. Most network transport mechanisms have
some probability of delivering a message more than once or not at all,
perhaps requiring retransmission. On the other hand, a request for
status can reasonably be repeated and should be processed fresh each
time it is received.
Correct implementation of IOTP can be modelled by a particular
processing order as detailed below. Any other method that is
indistinguishable in the messages sent between the parties is equally
acceptable.
4.4.1 Server Role Processing Sequence
"Server roles" are any Trading Role which is not the Consumer role.
They are "Server roles" since they typically receive a request which
they must service and then produce a response.
The model processing sequence for a Server role is indicated in the
diagram below.
-------------
| Input |
| OTP Message |
-------------
|
v
1. Check for transport -------------->
or message level errors Errors |
|OK |
v |
11. Generate output <-------2. More Blocks <------------------ +-
message No to process? | |
| |Yes | |
v v | |
------------- 3. Check Block OK ---------------> | |
| Output | | Errors | |
| OTP Message | |Checks OK | |
------------- v | |
----- ---4. Type of Block ? ------- | |
| | | | | |
----- ---Status Action Encapsulating Error | |
| Request Request Block Block | |
| | | | | |
| v v v | |
| 6a. Action 7. Process 8.Error | |
| Request - encapsulated Block ? | |
| received message and | | |
| before?-- generate -- v | |
| | | response | STOP ---- |
| |Yes |No OK| | | |
| v v | |Errors v |
| 6b. Processing 6e. Process Action | ------> 9. Gen |
| of Block Request & generate-+--------->Error |
| Complete ?- response block- | Errors Block & |
| | | ^ | | store |
| | | | | | | |
| |Yes |No | Ok or | | | |
| | --- | Warning | -------- | |
v v v | v | | |
5. Generate 6c. Retrieve 6d. Wait for 6f. Store | | |
Status and resend process request & | | |
Response previous completion response | | |
Block Block block | | |
| | | v v |
---------------------------------------------- 10. Add block--
to output
message
Figure 10 Server Role Processing Sequence
Each of the processes in the sequence is described in more detail
below.
4.4.1.1 Check for Transport or Message Level Error
On receipt of an IOTP request message (step 1), first check for
transport or message level errors (see sections 4.3.1 and 4.3.2).
These are errors which indicate that the entire message is corrupt and
can not reliably be associated with any particular transaction or, if
it can be associated with a transaction, the interior information in
the message can not be reliably accessed.
If the OtpTransId attribute in the Transaction Id Component (see
section 3.3.1) can be determined, set up a response message with an
appropriate Error Component. Perform local actions such as making log
entries.
If the value of the OtpTransId attribute is not recognised as
belonging to an IOTP transaction when other Blocks in the IOTP Message
indicate that it should be recognised, then report the error using an
Error Component with a Severity of HardError, an ErrorCode set to
AttValNotRecog (attribute value not recognised), and an Error Location
element (see section 6.19.3) that points to the OtpTransId attribute.
No idempotency related actions are necessary.
4.4.1.2 Process all the blocks
If there are no message level errors, process each of the blocks
within the message which has not been processed (step 2).
Once all the blocks have been processed, generate a response message
(step 11) and send it to the requester unless there are fatal
transport level problems. As recommended for the particular transport
used, a limited number of automatic response retransmission attempts
may be appropriate.
It may be desirable to log the complete response message at the
server. Failure of the requester to receive a response may lead to a
time-out and a retransmission of the request. Following the procedures
above, a duplicate request message should produce a duplicate of the
previous response except for changes in status and transient error
conditions that have changed.
4.4.1.3 Check the Block is OK
Check the block is OK (see section 4.3.3). For each block level error
found, an appropriate Error Component should be created to be included
in the IOTP Message sent back to the Consumer. Note that some checking
of the Transaction Reference Block and the Signature Block has
occurred as part of Message Level error checking.
If one or more of the Error Components contain a Severity attribute
with a value of TransientError or HardError, then no response block
need be generated and no further processing of the block, including
idempotency related actions are necessary.
4.4.1.4 Determine the Type of the Block
Trading Blocks that survive the above steps and thus have no errors,
or at worst have added a warning error component to the response, can
receive further processing. The nature of the processing depends (step
4) on whether the block is a Status Request, Action Request, an Error
Block or contains an Encapsulated Message.
4.4.1.5 Status Request Blocks
Status Request Blocks (step 5) are either:
o Inquiry Request Trading Block (see section 7.14), or
o Ping Request Block (see section 7.16).
These status requests do not change state and are processed fresh to
get the current status. The appropriate response block should be added
to the IOTP message being composed.
No idempotency actions are required.
4.4.1.6 Action Request Blocks
Blocks which request an action and change state need to be subject to
idempotency duplicate filtering by checking to see if the same block
for the same transaction has been previously stored (step 6a) at the
server as described later.
If the Block has been received previously then:
o if processing of the previously stored block is complete (step
6b) then the same IOTP Block as previously produced must be
included for resending to the Consumer (step 6c).
o if processing is not complete, wait until the processing is
complete (step 6d) before sending the response.
If the block has not been received before, the action request is
processed normally (step 6e) producing a response block that is added
to the response message. This might or might not indicate a business
error.
If there is a transient error indicated by an Error Component that
contains a Severity attribute set to TransientError, then apart from
sending the Error Block, no further actions should be taken so the
action can be retried.
If there is no Transient Error, then the transaction id, the request
block, and the response block must be stored (step 6f) so they can be
found as described above (step 6a) should a duplicate IOTP action
request block be received for this transaction in the future.
[Note] Most business errors should be labelled as a TransientError
as there is usually some possibility they will be corrected
over time or some user action exists that can fix them.
Requesters are expected to understand business errors and
the appropriate time scale for user actions for retrying.
[Note End]
4.4.1.7 Encapsulating Blocks
Blocks which encapsulate a payment protocol (step 7) pass along the
enclosed information to the payment system involved.
IOTP does not know the meaning of the enclosed information. It is thus
up to the payment system involved to handle error detection and
idempotency. Payment systems adapted for the Internet include
idempotency handling because duplicates are always possible. Should a
payment system have no idempotency handling, a layer between IOTP and
the payment system must be added to take care of this.
No IOTP level idempotency actions are required for encapsulating
blocks. The payment system must return material to be encapsulated in
the IOTP response message along with indications as to whether the
exchange will continue or this is the final response and an indication
whether an error occurred. If a payment protocol error has occurred,
an Error Component is added to the response block.
4.4.1.8 Error Block Received
An error block (step 8) should not occur in a request and should be
treated as an unexpected element with a Severity of HardError. No
response to the block should be made in order to avoid the risk of
loops.
[Note] Consumers should send Error Blocks to a server specified in
the ErrorNetLocn attribute of the appropriate Trading Role
element as a response to the detection of an error in an
IOTP Message that has been received (see section 4.4.1.9
Generate Error Block). This may be the same server as is
used to accept IOTP Messages which contain no error. In this
case, the error block must not considered as a fatal error.
[Note End]
4.4.1.9 Generate Error Block
If any of the previous steps resulted in an error being detected and
an Error Component being created then generate an Error Block (step 9)
containing the Error Components that describe the error(s).
Unless the error is a "Transient Error", the Error Component(s) and
the request block which caused the Error Components to be generated
should be stored so that it can be reused if the action request is
received again (step 6a).
"Transient Errors" are not stored so that if the original Response
Block is received again, then it can be processed as if it had never
been received before.
4.4.1.10 Add Block to Output Message
Any Blocks which have been created as a result of processing the block
received are added to the output message.
4.4.2 Client Role Processing Sequence
The "Client role" in IOTP is the Consumer Trading Role.
[Note] A company or organisation that is a Merchant, for example,
may take on the Trading Role of a Consumer when making a
purchase or downloading or withdrawing electronic cash.
[Note End]
The model processing sequence for a Client role is indicted in the
diagram below.
-------------
| Input |
| OTP Message |
-------------
|
v
1. Check for transport -->
or message level errors |Errors
|OK |
v |
11.Blocks to be sent?<---------2. More Blocks <-- --------------------
| |No No to process? | ^
Yes| v |Yes | |
v STOP v | |
12. Generate 3. Check Block OK - -->| |
output message | |Errors |
| |Checks OK | |
v v | |
------------- ------ 4. Type of Block ? -----| |
| Output | | | | | | |
| OTP Message | | ---- | | | |
------------- | | | | | |
------------ | | | | |
| -- | | | |
v v v v | |
Status Action Encapsulating Error | |
Request Response Block Block | |
| | | | | |
| v v v | |
| 6a. Action 7. Process 8a.Error Block---- > Transient |
| Response encapsulated severity ? | Error |
| received message |Hard Error | (retry) |
| before ? | | | | | |
| Yes| |No Ok| | v | WAIT |
| (Ig-| | | | STOP | | |
| nore|) v | | v v |
| | 6b. Process | ----- -> 9. Generate 8b. |
| | Action | Errors Error Block Retrieve |
| | Response---+-------- --> & store and resend |
| | Block | Errors | previous |
| | |Ok | | Block(s) |
| | v v | | |
| | 6c. New | | |
| | request | | |
| | required ? | | |
| | No| |Yes 6d. Generate | | |
| | | ---- > Request | | |
| | | Block & Store v v |
v | | | 10. Add Block to |
----------+-------+-------------------------> output message |
v v |
-------------------------------------------------->
Figure 11 Client Role Processing Sequence
Each of the processes in the sequence is described in more detail
below.
4.4.2.1 Check for Transport or Message Level Error
On receipt of an IOTP response message (step 1), first check for
transport or message level errors (see sections 4.3.1 and 4.3.2).
These are errors which indicate that the entire message is corrupt and
can not reliably be associated with any particular transaction or, if
it can be associated with a transaction, the interior information in
the message can not be reliably accessed. Set up an error indication
message with an Error Component indicating the error.
If the value of the OtpTransId attribute is not recognised as
belonging to an IOTP transaction when other Blocks in the IOTP Message
indicate that it should be recognised, then report the error using an
Error Component with a Severity of HardError, an ErrorCode set to
AttValNotRecog (attribute value not recognised), and an Error Location
element (see section 6.19.3) that points to the OtpTransId attribute.
On failure to receive an expected response message, the time out
strategy indicated in the documentation for the transport method being
used should be followed. This may include some number of automatic
retransmissions of the request. If a user is present, they may be
offered options of continuing to retransmit the request or of
cancelling the transaction.
4.4.2.2 Process all the blocks
If there are no message level errors, process each of the blocks
within the message which has not been processed (step 2).
Once all the blocks have been processed, check to see if there are any
blocks to be sent (step 11). There may be no blocks to send if the
last response message received was the last message of the
transaction.
If blocks are to be sent then generate a request message (step 12) and
send it to the server. It may be desirable to log the complete request
message at the client. Failure of the server to receive a response may
lead to a time-out and a retransmission of the request.
4.4.2.3 Check the Block is OK
If there are no message level errors process each of the blocks within
the message (step 2).
Check the block is OK (see section 4.3.3). For each block level error
found, an appropriate Error Component should be created to be included
in an Error Component sent back to the Server.
If one or more of the Error Components contain a Severity attribute
with a value of TransientError or HardError, no further processing of
the block should occur and it is likely that this will result in
termination of the transaction.
4.4.2.4 Determine the Type of the Block
Trading Blocks that survive the above steps and thus have no errors,
or at worst have added a warning error component to the error
indication message, can receive further processing. The nature of the
processing depends (step 4) on whether the block is a Status Response,
Action Response, an Error Block or contains an Encapsulated Message.
4.4.2.5 Status Response Blocks
Status Response Blocks (step 4) are either:
o Inquiry Response Trading Blocks (see section 7.15), or
o Ping Response Blocks (see section 7.17)
In general, such blocks should be considered a status update. The best
action to take at the requester may depend on whether this is in
response to a user originated or automatic status request, whether a
status display that could be updated is being presented to the user,
and whether the status response block shows a change in status from a
previous response block for the same type of status. Thus client
detection of duplication in successive status response blocks may be
useful.
4.4.2.6 Action Response Blocks
Check to determine if the Block has been received previously (step
6a). If it has then it should be ignored.
These indicate an action taken at the server in response to an action
request block or a business error. If the response indicates success
the block should be processed (step 6b) and, if required by the
transaction (step 6c) , another Action Request Block generated and
stored (step 6d).
The Response Block should always be stored with the transaction id and
until the transaction is terminated. If the Response Block indicates a
transient business error, appropriate manually chosen or automatic
steps to fix the problem or cancel the transaction should be provided.
4.4.2.7 Encapsulating Blocks
Blocks which encapsulate a payment protocol (step 7) pass along the
enclosed information to the payment system involved.
IOTP does not know the meaning of the enclosed information. It is up
to the payment system involved to handle error detection and
idempotency. Payment systems adapted for the Internet include
idempotency handling because duplicates are always possible. Should a
payment system have no idempotency handling, a layer between IOTP and
the payment system must be added to take care of this.
No IOTP level idempotency actions are required for encapsulating
blocks. The payment system must return an indication of whether an
error occurred. In addition, for a continuing exchange, it must return
material to be encapsulated in the next IOTP request/exchange (step
6d). If the response was a final response for that payment exchange
and there was an error, the payment system may optionally return
material to be encapsulated in the error indication.
4.4.2.8 Error Block
An error block in a response (step 8a) indicates some problem was
detected by the server. If all of the error components are warnings,
they may be optionally logged and/or presented to the user.
Transient errors may be used to provide a manual or automatic
resending (step 8b) of a block previously stored or alternatively may
result in transaction cancellation. Hard errors will always terminate
the transaction, unless they are in optional blocks, with appropriate
indication to he user.
4.4.2.9 Generate Error Block
If an error indication message was created above, try to send it to
the server unless all of the error components are of the warning
severity in which case attempted transmission to the server is
optional.
[Note] To avoid error message loops, such an error indication from
a requester must be sent to the Error Net Location specified
in the Trading Role Element (see section 6.5.2) for the
Organisation that is the server. Any errors encountered in
sending such an error indication should be, at most, logged
and must not result in any further attempts to transmit any
error indication.
[Note End]
4.4.2.10 Add Block to Output Message
Any Blocks which have been created as a result of processing the block
received are added to the output message.
5. Security Considerations
This section considers the security associated with IOTP. It covers:
o an overview of how IOTP uses digital signatures
o how to check a signature is correctly calculated
o how Payment Handlers and Delivery Handlers check they can
carry out payments or deliveries on behalf of a Merchant.
o how IOTP handles data integrity and privacy
5.1 Digital Signatures and IOTP
In general, signatures when used with IOTP:
o are always treated as a IOTP Components (see section 6)
o hash one or more IOTP Components or Trading Blocks, possibly
including other Signature Components, in any IOTP message
within the same IOTP Transaction
o identify:
- which Organisation signed (generated) the signature, and
- which Organisation(s) should verify the signature in order to
check that the Action the Organisation should take can occur.
The way in which Signatures Components hash one or more elements is
illustrated in the figure below.
OTP MESSAGE SIGNATURE COMPONENT
OTP MESSAGE OtpSignature Id = P1.3
|-Trans Ref Block hash TransRefBlk |-SignedData
| | ID=P1.1-------- ---------------------|->|-Hash of P1.1---
| |-Trans Id Comp hash TransIdComp | | |
| | ID = M1.2------- ---------------------|->|-Hash of M1.2---|
| |-Msg Id Comp. hash element | | |
| | ID = P1 -------------------|->|-Hash of M1.5---|
| | hash element | | |
|-Signature Block | -----------------|->|-Hash of M1.7---|
| | ID=P1.2 | | hash element | | |
| |-Sig Comp. ID=P1.3 | | ---------------|->|-Hash of C1.4---|
| |-Sig Comp. ID=M1.5--- - | | | |
| |-Cert Comp. ID=P1.4 | | CertRef Iden- -DigSig |
| |-Cert Comp. ID=M1.6<- ---|-|---------------------CertRef=M1.6 |
| | | | tifies Certs Content: |
|-Trading Block. ID=P1.5 | | to use JtvwpMdmSfMbhK<-
| |-Comp. ID=M1.7------- --- | r1Ln3vovbMQttbBI
| | | J8pxLjoSRfe1o6k
| |-Comp. ID=P1.6 | OGG7nTFzTi+/0<--
| | | |
| |-Comp. ID=C1.4------- ----- Digital signature of-
| |-Comp. ID=C1.5 SignedData element
using certificate
identified by CertRef
Elements signed can be in any OTP Message
within the same OTP Transaction
Figure 12 Signature Hashing
[Note] The classic example of one signature signing another in
IOTP, is when an Offer is first signed by a Merchant
creating an "Offer Response" signature, which is then later
signed by a Payment Handler together with a record of the
payment creating a "Payment Receipt" signature. In this way,
the payment in an IOTP Transaction is bound to the
Merchant's offer.
[Note End]
The detailed definitions of how signatures are created is contained in
the paper "Digital Signature for XML - Proposal", see [XMLSIG]. That
document should be read in conjunction with this section.
The remainder of this section contains:
o an example of how IOTP uses signatures
o how the SignerOrgRef and VerifierOrgRef attributes within a
Signature Component are used to identify the organisations
associated with the signature
o how signatures may use either Symmetric or Asymmetric
Cryptography
o Mandatory and Optional use of Signatures by IOTP, and
o how IOTP uses signatures to prove actions complete
successfully
5.1.1 IOTP Signature Example
An example of how signatures are used is illustrated in the figure
below which shows how the various components and elements in a
Baseline Purchase relate to one another. Refer to this example in the
later description of how signatures are used to check a payment or
delivery can occur (see section 5.3).
[Note] A Baseline Purchase transaction has been used for
illustration purposes. The usage of the elements and
attributes is the same for all types of IOTP Transactions.
[Note End]
TPO SELECTION BLOCK TPO BLOCK SIGNATURE BLOCK
(Offer Response)
Brand Selection Organisation<--- Signer Signature
Component Component | OrgRef Component
| | ----------(Offer
|BrandList -Trading Role Response)
| Ref Element |
v (Merchant) |
Brand List |
>Component |
| |-Protocol ------> Organisation<-------------- |-Dig Sig
| | Amount Elem | Component Verifier | | Element
| | | | | OrgRef -|-(Payment
| | Pa|Protocol |Action -Trading Role | Handler)
| | | Ref |OrgRef Element |
| | v | (Payment Handler) |
| -PayProtocol-- |
| Elem ->Organisation<------------- |-Dig Sig
| | Component Verifier | | Element
| | | OrgRef -|-(Delivery
| | -Trading Role | Handler)
| | Element |
| | (Delivery Handler) -SignedData
| | Element ^
| OFFER RESPONSE BLOCK |
| | Contains hashes of:-----
|BrandListRef |ActionOrgRef -Trans Ref Block (not
| | shown)
--Payment ---Delivery -Transaction Id Component
Component Component (not shown)
-Org Components (Merchant,
Payment Handler,
Delivery Handler
-Brand List Component
-Order Component
-Payment Component
-Delivery Component
-Brand Selection Component
(if Brand Dependent)
Figure 13 Example use of Signatures for Baseline Purchase
5.1.2 SignerOrgRef and VerifierOrgRef Attributes
The SignerOrgRef attribute on the Signature Component contains an
Element Reference (see section 3.5) that points to the Organisation
Component of the Organisation which generated the Signature. In this
example its the Merchant.
Note that the type of the Signature Component must match the Trading
Role of the Organisation which signed it. If it does not, then it is
an error. Valid combinations are given in the table below.
Signature Valid
Component Trading
Type Role
OfferResponse Merchant
PaymentResponse PaymentHandler
The VerifierOrgRef attribute on the DigSig elements, contains Element
References to the Organisation Components of the Organisations that
should use the signature to verify that:
o they have a pre-existing relationship with the Organisation
that generated the signature,
o the data which is secured by the signature has not been
changed,
o the data has been signed correctly, and
o the action they are required to undertake on behalf of the
Merchant is therefore authorised.
5.1.3 Symmetric and Asymmetric Cryptography
The Signer of an Action and a Verifier of an Action may have agreed to
use cryptography which is understood only by the two organisations
involved. This requires that a separate Digital Signature Element for
use by the verifier is contained within the Signature Component. This
approach is more likely if symmetric cryptography is being used
between the Trading Roles.
Equally the same cryptography may be understood by several or all of
the Trading Roles. In this case one Digital Signature Element may
refer to multiple Verifiers of an Action. This is more likely if
public key/asymmetric cryptography is being used.
Note that one transaction may involve use of both symmetric and
asymmetric cryptography.
5.1.4 Mandatory and Optional Signatures
IOTP does not mandate the use of signatures. For example, if a micro
payment is being made for 0.1 cents, then the cost of the cryptography
required to generate the signature may be greater than the income
generated from the payment. Therefore it is up to the Merchant to
decide whether IOTP Messages will include signatures, and for the
Consumer to decide whether carrying out a transaction without
signatures is an acceptable risk. If Merchants discover that
transactions without signatures are not being accepted, then they will
start using signatures or accept a lower volume and value of business.
Additional optional signatures, over and above the ones required by
the Trading Roles may be included, for example, to identify a Customer
Care Provider or so that a Merchant can sign an Offer using a
certificate issued by a Certificate Authority which offers Merchant
"Credentials" or some other warranty on the goods or services being
offered.
5.1.5 Using signatures to Prove Actions Complete Successfully
Proving an action completed successfully, is achieved by signing data
on Response messages. Specifically:
o on the Offer Response, when a Merchant is making an Offer to
the Consumer which can then be sent to either:
- a Payment Handler to prove that payment is authorised, or
- a Delivery Handler to prove that Delivery is authorised
o on the Payment Response, when a Payment Handler is generating
a Payment Receipt which can be sent to either:
- a Delivery Handler, in a Delivery Request Block to prove that
delivery is authorised, or
- another Payment Handler, in a second Payment Request, to prove
that the second payment in a Value Exchange IOTP Transaction is
authorised.
This proof of an action may, in future versions of IOTP, also be used
to prove after the event that the IOTP transaction occurred. For
example to a Customer Care Provider.
5.2 Checking a Signature is Correctly Calculated
Checking a signature is correctly calculated is part of checking for
Message Level Errors (see section 4.3.2). It is included here so that
all signature and security related considerations are kept together.
Before a Trading Role can check a signature it must identify which of
the potentially multiple digital signature elements should be checked.
The steps involved are as follows:
o check that a Signature Block is present and it contains one or
more Signature Components
o identify the Organisation Component which contains an OrgId
attribute for the Organisation which is carrying out the
signature check. If no or more than one Organisation Component
is found then it is an error
o use the ID attribute of the Organisation Component to identify
the Digital Signatures Elements which the Trading Role should
verify. Note there may be no signatures for a Trading Role to
verify.
o verify the Signature Components that contain the Digital
Signature Elements as follows:
- check that the Digital Signature Element correctly signs the
Signed Data Element
- check that the Hash Elements in the Signed Data Element are
correctly calculated where Components or Blocks that are hashed
have been received by the organisation checking the signature
5.3 Checking a Payment or Delivery can occur
This section describes the processes required for a Payment Handler or
Delivery Handler to check that a payment or delivery can occur. This
may include checking signatures if this is specified by the Merchant.
In outline the steps are:
o check that the Payment Request or Delivery Request has been
sent to the correct organisation
o check that correct IOTP components are present in the request,
and
o check that the payment or delivery is authorised
For clarity and brevity the following terms or phrases are used in
this section:
o a "Request Block" is used to refer to either a Payment Request
Block (see section 7.6) or a Delivery Request Block (see
section 7.9) unless specified to the contrary
o a "Response Block" is used to refer to either a Payment
Response Block (see section 7.8) or a Delivery Response Block
(see section 7.10)
o an "Action" is used to refer to an action which occurs on
receipt of a Request Block. Actions can be either a Payment or
a Delivery
o an "Action Organisation", is used to refer to the Payment
Handler or Delivery Handler that carries out an Action
o a "Signer of an Action", is used to refer to the Organisations
that sign data about an Action to authorise the Action, either
in whole or in part
o a "Verifier of an Action", is used to refer to the
Organisations that verify data to determine if they are
authorised to carry out the Action
o an ActionOrgRef attribute contains Element References which
can be used to identify the "Action Organisation" that should
carry out an Action
5.3.1 Check the Action Request was sent to the Correct Organisation
Checking the Action Request was sent to the correct Organisation
varies depending on whether the Action is a Payment or a Delivery.
5.3.1.1 Payment
In outline a Payment Handler checks if it can accept or make a payment
by identifying the Payment Component in the Payment Request Block it
has received, then using the ID of the Payment Component to track
through the Brand List and Brand Selection Components to identify the
Organisation selected by the Consumer and then checking that this
organisation is itself.
The way data is accessed to do this is illustrated in the figure
below.
Start
|
v
Brand List<--------------------------+-----------Payment
Component BrandListRef | Component
| |
|-Brand<-------------------------- |
| Element BrandRef | |
| | Brand Selection
| |Protocol Component
| | AmountRefs | |
| v Protocol | |
|-Protocol Amount<---------------- |
| Element---------- AmountRef |
| | | |
| |Currency |Pay |
| | AmountRefs |Protocol |
| v |Ref |
|-Currency Amount | |
| Element<---------|----------------
| |
-PayProtocol<-----
Element---------------------->Organisation
Action Component
OrgRef |
-Trading Role
Element
(Payment Handler)
Figure 14 Checking a Payment Handler can carry out a Payment
The following describes the steps involved and the checks which need
to be made:
1)
Identify the Payment Component (see section 6.8) in the
Payment Request Block that was received.
2)
Identify the Brand List and Brand Selection Components for the
Payment Component. This involves:
a)
identifying the Brand List Component (see section 6.6)
where the value of its ID attribute matches the
BrandListRef attribute of the Payment Component. If no or
more than one Brand List Component is found there is an
error.
b)
identifying the Brand Selection Component (see section 6.7)
where the value of its BrandListRef attribute matches the
BrandListRef of the Payment Component. If no or more than
one matching Brand Selection Component is found there is an
error.
3)
Identify the Brand, Protocol Amount, Pay Protocol and Currency
Amount elements within the Brand List that have been selected
by the Consumer as follows:
a)
the Brand Element (see section 6.6.1) selected is the
element where the value of its Id attribute matches the
value of the BrandRef attribute in the Brand Selection. If
no or more than one matching Brand Element is found then
there is an error.
b)
the Protocol Amount Element (see section 6.6.2) selected is
the element where the value of its Id attribute matches the
value of the ProtocolAmountRef attribute in the Brand
Selection Component. If no or more than one matching
Protocol Amount Element is found there is an error
c)
the Pay Protocol Element (see section 6.6.4) selected is
the element where the value of its Id attribute matches the
value of the PayProtocolRef attribute in the identified
Protocol Amount Element. If no or more than one matching
Pay Protocol Element is found there is an error
d)
the Currency Amount Element (see section 6.6.3) selected is
the element where the value of its Id attribute matches the
value of the CurrencyAmountRef attribute in the Brand
Selection Component. If no or more than one matching
Currency Amount element is found there is an error
4)
Check the consistency of the references in the Brand List and
Brand Selection Components:
a)
check that an Element Reference exists in the
ProtocolAmountRefs attribute of the identified Brand
Element that matches the Id attribute of the identified
Protocol Amount Element. If no or more than one matching
Element Reference can be found there is an error
b)
check that the CurrencyAmountRefs attribute of the
identified Protocol Amount element contains an element
reference that matches the Id attribute of the identified
Currency Amount element. If no or more than one matching
Element Reference is found there is an error.
c)
check the consistency of the elements in the Brand List.
Specifically, the selected Brand, Protocol Amount, Pay
Protocol and Currency Amount Elements are all child
elements of the identified Brand List Component. If they
are not there is an error.
5)
Check that the Payment Handler that received the Payment
Request Block is the Payment Handler selected by the Consumer.
This involves:
a)
identifying the Organisation Component for the Payment
Handler. This is the Organisation Component where its ID
attribute matches the ActionOrgRef attribute in the
identified Pay Protocol Element. If no or more than one
matching Organisation Component is found there is an error
b)
checking the Organisation Component has a Trading Role
Element with a Role attribute of PaymentHandler. If not
there is an error
c)
finally, if the identified Organisation Component is not
the same as the organisation that received the Payment
Request Block, then there is an error.
5.3.1.2 Delivery
The way data is accessed by a Delivery Handler in order to check that
it may carry out a delivery is illustrated in the figure below.
Start
|
v
Delivery
Component
|
|ActionOrgRef
|
v
Organisation
Component
|
-Trading Role
Element
(Delivery Handler)
Figure 15 Checking a Delivery Handler can carry out a Delivery
The steps involved are as follows:
1.
Identify the Delivery Component in the Delivery Request Block.
If there is no or more than one matching Delivery Component
there is an error
2.
Use the ActionOrgRef attribute of the Delivery Component to
identify the Organisation Component of the Delivery Handler.
If there is no or more than one matching Organisation
Component there is an error
3.
If the Organisation Component for the Delivery Handler does
not have a Trading Role Element with a Role attribute of
DeliveryHandler there is an error
4.
Finally, if the organisation that received the Delivery
Request Block does not identify the Organisation Component for
the Delivery Handler as itself, then there is an error.
5.3.2 Check the Correct Components are present in the Request Block
Check that the correct components are present in the Payment Request
Block (see section 7.6) or in the Delivery Request Block (see section
7.9).
If components are missing, there is an error.
5.3.3 Check an Action is Authorised
The previous steps identified the Action Organisation and that all the
necessary components are present. This step checks that the Action
Organisation is authorised to carry out the Action.
In outline the Action Organisation identifies the Merchant, checks
that it has a pre-existing agreement which allows it carry out the
Action and that any constraints implied by that agreement are being
followed, then, if signatures are required, it checks that they sign
the correct data.
The steps involved are as follows:
1.
Identify the Merchant. This is the Organisation Component with
a Trading Role Element which has a Role attribute with a value
of Merchant. If no or more than one Trading Role Element is
found, there is an error
2.
Check the Action Organisation's agreements with the Merchant
allows the Action to be carried out. To do this the Action
Organisation must check that:
a) the Merchant is known and a pre-existing agreement exists
for the Action Organisation to be their agent for the
payment or delivery
b) they are allowed to take part in the type of IOTP
transaction that is occurring. For example a Payment
Handler may have agreed to accept payments as part of a
Baseline Purchase, but not make payments as part of a
Baseline Refund
c) any constraints in their agreement with the Merchant are
being followed, for example, whether or not an Offer
Response signature is required
3.
Check the signatures are correct. If signatures are required
then they need to be checked. This involves:
a) Identifying the correct signatures to check. This involves
the Action Organisation identifying the Signature
Components where the VerifierOrgRef attribute of the
Digital Signature element points to the Action
Organisation's Organisation Component. Depending on the
IOTP Transaction being carried out (see section 8) either
one or two signatures may be identified
b) checking that the Signature Components are correct. This
involves checking that the necessary Trading Components
have been hashed (see section 5.3.3.1).
[Note] Validation that the signature is correct and that the Hash
elements within the signature are correctly calculated is
described in section 4 IOTP Error Handling. This is because
errors in the signature or calculation of hashes is
considered a Message Level Error and is carried out before
the Request Block is processed.
[Note End]
5.3.3.1 Check the Signatures Sign Correct Data
All Signature Components contained within IOTP Messages must always
hash:
o the Transaction Id Component (see section 3.3.1) of the IOTP
message that contains the Signature Component. This binds the
globally unique OtpTransId to other components which make up
the IOTP Transaction
o the Transaction Reference Block (see section 3.3) of the first
IOTP Message that contained the signature. This binds the
OtpTransId with information about the IOTP Message contained
inside the Message Id Component (see section 3.3.2).
Checking that each signature signs the correct data, involves checking
that hashes of the necessary components are present in the SignedData
element of the Signature Component.
The hashes that need to be present depend on the Trading Role of the
Organisation which generated (signed) the signature:
o if the signer of the signature is a Merchant then:
- hashes must be present for all the components in the Request
Block apart from the Brand Selection Component which is optional
o if the signer of the signature is a Payment Handler then
hashes should be present for:
- the Signature Component signed by the Merchant, and optionally
- one or more Signature Components signed by the Payment
Handler(s) identified by the appropriate ActionSignerRefs
attribute.
5.4 Data Integrity and Privacy
The overall integrity of data in IOTP Messages is ensured by the
signing of hashes of Components and Trading Blocks contained in a
Signature Component (see section 6.18) in a Signature Block (see
section 7.18).
Privacy of information is provided by sending IOTP Messages between
the various Trading Roles using a secure channel such as [SSL]. Use of
a secure channel within IOTP is optional.
6. Trading Components
This section describes the Trading Components used within IOTP.
Trading Components are the child XML elements which occur immediately
below a Trading Block as illustrated in the diagram below.
OTP MESSAGE <----------- OTP Message - an XML Document
| which is transported between the
| Trading Roles
|-Trans Ref Block <----- Trans Ref Block - contains
| | information which describes the
| | OTP Transaction and the OTP
Message.
--------> | |-Trans Id Comp. <--- Transaction Id Component -
| | | uniquely identifies the OTP
| | | Transaction. The Trans Id
| | | Components are the same across
| | | all OTP messages that comprise a
| | | single OTP transaction.
| | |-Msg Id Comp. <----- Message Id Component -
| | identifies and describes an OTP
| | Message within an OTP
| | Transaction
| |-Signature Block <----- Signature Block (optional) -
| | | contains one or more Signature
| | | Components and their associated
| | | Certificates
| ---> | |-Signature Comp. <-- Signature Component - contains
| | | | digital signatures. Signatures
| | | | may sign hashes of the Trans Ref
| | | | Block and any Trading Component
| | | | in any OTP Message in the same
| | | | OTP Transaction.
| | | |-Certificate Comp. <- Certificate Component. Used to
| | | check the signature.
Trading |-Trading Block <-------- Trading Block - an XML Element
Components | |-Component within an OTP Message that
| | | |-Component contains a predefined set of
| ---> | |-Component Trading Components
| | |-Component
| | |-Component <--------- Trading Components - XML
| | Elements within a Trading Block
| |-Trading Block that contain a predefined set of
--------> | |-Component XML elements and attributes
| |-Component containing information required
| |-Component to support a Trading Exchange
| |-Component
| |-Component
|
|
Figure 16 Trading Components
The Trading Components described in this section are listed below in
approximately the sequence they are likely to be used:
o Protocol Options Component
o Authentication Data Component
o Authentication Response Component
o Order Component
o Organisation Component
o Brand List Component
o Brand Selection Component
o Payment Component
o Payment Scheme Component
o Payment Receipt Component
o Delivery Component
o Delivery Note Component
o Signature Component
o Certificate Component
o Error Component
Note that the following components are listed in other sections of
this specification:
o Transaction Id Component (see section 3.3.1)
o Message Id Component (see section 3.3.2)
6.1 Protocol Options Component
Protocol options are options which apply to the IOTP Transaction as a
whole. Essentially it provides a short description of the entire
transaction and the net location which the Consumer role should branch
to if the IOTP Transaction is successful.
The definition of a Protocol Options Component is as follows.
<!ELEMENT ProtocolOptions EMPTY>
<!ATTLIST ProtocolOptions
ID ID #REQUIRED
xml:lang NMTOKEN #REQUIRED
ShortDesc CDATA #REQUIRED
SenderNetLocn CDATA #REQUIRED
SecureSenderNetLocn CDATA #REQUIRED
SuccessNetLocn CDATA #REQUIRED >
Attributes:
ID An identifier which uniquely identifies the
Protocol Options Component within the IOTP
Transaction.
xml:lang Defines the language used by attributes or child
elements within this component, unless overridden
by an xml:lang attribute on a child element. See
section 3.9 Identifying Languages.
ShortDesc This contains a short description of the IOTP
Transaction in the language defined by xml:lang.
Its purpose is to provide an explanation of what
type of IOTP Transaction is being conducted by the
parties involved.
It is used to facilitate selecting an individual
transaction from a list of similar transactions ,
for example from a database of IOTP transactions
which has been stored by a Consumer, Merchant,
etc.
SenderNetLocn This contains the non secured net location of the
sender of the TPO Block in which the Protocol
Options Component is contained.
It is the net location to which the recipient of
the TPO block should send a TPO Selection Block if
required.
The content of this attribute is dependent on the
Transport Mechanism see the Transport Mechanism
Supplement.
SecureSenderNetLo This contains the secured net location of the
cn sender of the TPO Block in which the Protocol
Options Component is contained.
The content of this attribute is dependent on the
Transport Mechanism see the Transport Mechanism
Supplement.
SuccessNetLocn This contains the net location that the should be
displayed after the IOTP Transaction has
successfully completed.
The content of this attribute is dependent on the
Transport Mechanism see the Transport Mechanism
Supplement.
6.2 Authentication Data Component
This Trading Component contains data about how an Authentication
within the IOTP Transaction will occur. Its definition is as follows.
<!ELEMENT AuthData (PackagedContent)>
<!ATTLIST AuthData
ID ID #REQUIRED
AuthenticationId CDATA #REQUIRED
AuthMethod NMTOKEN #REQUIRED
TradingRoleListNMTOKENS #IMPLIED
ContentSoftwareId CDATA #IMPLIED >
Attributes:
ID An identifier which uniquely identifies the
Authentication Data Component within the IOTP
Transaction.
AuthenticationId An identifier specified by the Authenticator
which, if returned by the Organisation that
receives the Authentication Request, will enable
the Authenticator to identify which Authentication
is being referred to.
AuthMethod This identifies the content of the Authentication
Data Component. Valid values are:
o sha1 This indicates that the recipient of the
Authentication Data Component should generate a
hash. See 6.3 Authentication Response Component.
o signature This indicates the recipient of the
Authentication Data Component should generate a
digital signature to include in the
Authentication Response
o pay:ppp A payment protocol specific
authentication method. The "ppp" identifies a
payment protocol associated with a payment
exchange which is part of the IOTP Transaction.
In this case the content and format of the
AuthData element is defined in the appropriate
Payment Scheme supplement. For example if a
payment method "xzpay" provided an
authentication method, then this attribute would
have the value "pay:xzpay"
o x-ddd:nnn a user defined authentication scheme
type see section (3.7.3 User Defined Codes).
TradingRoleList If present, contains a list of the Trading Roles
(see the TradingRole attribute of the Trading Role
Element - section 6.5.2) for which the
Authenticator is requesting the Authenticatee
provides Organisation Components in the
Authentication Response.
For example a Merchant could request that a
Consumer provides Organisation Components for the
Consumer and DelivTo Trading Roles.
ContentSoftwareId This contains information which identifies the
software which generated the content of the
element. Its purpose is to help resolve
interoperability problems that might occur as a
result of incompatibilities between messages
produced by different software. It is a single
text string in the language defined by xml:lang.
It must contain, as a minimum:
o the name of the software manufacturer
o the name of the software
o the version of the software, and
o the build of the software
It is recommended that this attribute is included
if the software which generated the content cannot
be identified from the SoftwareId attribute on the
Message Id Component (see section 3.3.2)
Content:
PackagedContent This contains the challenge data as Packaged
Content (see section 3.8) that is to be responded
to using the method indicated by AuthMethod.
6.3 Authentication Response Component
This Authentication Response Component contains the results of an
authentication. Its definition is as follows.
<!ELEMENT AuthResp (PackagedContent) >
<!ATTLIST AuthResp
ID ID #REQUIRED
ContentSoftwareId CDATA #IMPLIED >
Attributes:
ID An identifier which uniquely identifies the
Authentication Response Component within the IOTP
Transaction.
ContentSoftwareId This contains information which identifies the
software which generated the content of the
element. Its purpose is to help resolve
interoperability problems that might occur as a
result of incompatibilities between messages
produced by different software. It is a single
text string in the language defined by xml:lang.
It must contain, as a minimum:
o the name of the software manufacturer
o the name of the software
o the version of the software, and
o the build of the software
It is recommended that this attribute is included
if the software which generated the content cannot
be identified from the SoftwareId attribute on the
Message Id Component (see section 3.3.2)
Content:
PackagedContent This contains the response to the content of the
Authentication Data Component see section 6.2 as
Packaged Content (see section 3.8).
For a payment specific scheme, it may contain
scheme-specific data. Refer to the scheme-specific
supplemental documentation.
6.4 Order Component
An Order Component contains information about an order. Its definition
is as follows.
<!ELEMENT Order (PackagedContent?) >
<!ATTLIST Order
ID ID #REQUIRED
xml:lang NMTOKEN #REQUIRED
OrderIdentifierCDATA #REQUIRED
ShortDesc CDATA #REQUIRED
OkFrom CDATA #REQUIRED
OkTo CDATA #REQUIRED
ApplicableLaw CDATA #REQUIRED
ContentSoftwareId CDATA #IMPLIED >
Attributes:
ID An identifier which uniquely identifies the Order
Component within the IOTP Transaction.
xml:lang Defines the language used by attributes or child
elements within this component, unless overridden
by an xml:lang attribute on a child element. See
section 3.9 Identifying Languages.
OrderIdentifier This is a code, reference number or other
identifier which the creator of the Order may use
to identify the order. It must be unique within an
IOTP Transaction. If it is used in this way, then
it may remove the need to specify any content for
the Order element as the reference can be used to
look up the necessary information in a database.
ShortDesc A short description of the order in the language
defined by xml:lang. It is used to facilitate
selecting an individual order from a list of
orders, for example from a database of orders
which has been stored by a Consumer, Merchant,
etc.
OkFrom The date and time in [UTC] format after which the
offer made by the Merchant lapses.
OkTo The date and time in [UTC] format before which a
Value Acquirer may accept the offer made by the
Merchant is not valid.
ApplicableLaw A phrase in the language defined by xml:lang which
describes the state or country of jurisdiction
which will apply in resolving problems or
disputes.
ContentSoftwareId This contains information which identifies the
software which generated the content of the
element. Its purpose is to help resolve
interoperability problems that might occur as a
result of incompatibilities between messages
produced by different software. It is a single
text string in the language defined by xml:lang.
It must contain, as a minimum:
o the name of the software manufacturer
o the name of the software
o the version of the software, and
o the build of the software
It is recommended that this attribute is included
if the software which generated the content cannot
be identified from the SoftwareId attribute on the
Message Id Component (see section 3.3.2)
Content:
PackagedContent An optional description of the order information
as Packaged Content (see section 3.8).
6.4.1 Order Description Content
The Packaged Content element will normally be required, however it may
be omitted where sufficient information about the purchase can be
provided in the ShortDesc attribute
Although the amount and currency are likely to appear in the Packaged
Content of the Order Description it is the amount and currency
contained in the payment related trading components (Brand List, Brand
Selection and Payment) that is authoritative. This means it is
important that the amount actually being paid (as contained in the
payment related trading components) is prominently displayed to the
Consumer.
For interoperability, implementations must support Plain Text as a
minimum so that it can be easily displayed.
6.4.2 OkFrom and OkTo Timestamps
Note that:
o the OkFrom date may be later than the OkFrom date on the
Payment Component (see section 6.8) associated with this
order, and
o similarly, the OkTo date may be earlier that the OkTo date on
the Payment Component (see section 6.8).
[Note] Disclaimer. The following information provided in this note
does not represent formal advice of the Open Trading
Protocol Consortium, any of its members or the authors of
this specification. Readers of this specification must form
their own views and seek their own legal counsel on the
usefulness and applicability of this information.
The merchant in the context of Internet commerce with
anonymous consumers initially frames the terms of the offer
on the web page, and in order to obtain the good or service,
the consumer must accept them.
If there is to be a time-limited offer, it recommended that
merchants communicate this to the consumer and state in the
order description in a manner which is clear to the consumer
that:
- the offer is time limited
- the OkFrom and OkTo timestamps specify the validity of
the offer
- the clock, e.g. the merchant's clock, that will be used
to determine the validity of the offer
[Note End]
6.5 Organisation Component
The Organisation Component provides information about an individual or
an organisation. This can be used for a variety of purposes. For
example:
o to describe the merchant who is selling the goods,
o to identify who made a purchase,
o to identify who will take delivery of goods,
o to provide a customer care contact,
o to describe who will be the Payment Handler.
Note that the Organisation Components which must be present in an OTP
Message are dependent on the particular transaction being carried out.
Refer to section 8. Open Trading Protocol Transactions, for more
details.
Its definition is as follows.
<!ELEMENT Org (TradingRole+, ContactInfo?, PersonName?,
PostalAddress?)>
<!ATTLIST Org
ID ID #REQUIRED
xml:lang NMTOKEN #REQUIRED
OrgId CDATA #REQUIRED
OtpMsgIdPrefix NMTOKEN #REQUIRED
LegalName CDATA #IMPLIED
ShortDesc CDATA #IMPLIED
LogoNetLocn CDATA #IMPLIED >
Attributes:
ID An identifier which uniquely identifies the
Organisation Component within the IOTP
Transaction.
xml:lang Defines the language used by attributes or child
elements within this component, unless overridden
by an xml:lang attribute on a child element. See
section 3.9 Identifying Languages.
OrgId A code which identifies the organisation described
by the Organisation Component. See 6.5.1.1
Organisation IDs, below.
OtpMsgIdPrefix Contains the prefix which must be used for all
IOTP Messages sent by the Organisation in this
IOTP Transaction. The values to be used are
defined in 3.4.1 IOTP Message ID Attribute
Definition.
LegalName For organisations which are companies this is
their legal name in the language defined by
xml:lang. It is required for Organisations who
have a Trading Role other than Consumer or
DeliverTo.
ShortDesc A short description of the organisation in the
language defined by xml:lang. It is typically the
name by which the organisation is commonly known.
For example, if the legal name was "Blue Meadows
Financial Services Inc.". Then its short name
would likely be "Blue Meadows".
It is used to facilitate selecting an individual
organisation from a list of organisations, for
example from a database of organisations involved
in IOTP Transactions which has been stored by a
consumer.
LogoNetLocn The net location which can be used to download the
logo for the organisation.
See section 9 Retrieving Logos.
The content of this attribute must conform to
[RFC1738].
Content:
TradingRole See 6.5.2 Trading Role Element below.
ContactInfo See 6.5.3 Contact Information Element below.
PersonName See 6.5.4 Person Name below.
PostalAddress See 6.5.5 Postal Address below.
6.5.1.1 Organisation IDs
Organisation IDs are used by one IOTP Trading Role to identify
another. In order to avoid confusion, this means that these IDs must
be globally unique.
In principle this is achieved in the following way:
o the Organisation Id for all trading roles, apart from the
Consumer Trading Role, uses a domain name as their globally
unique identifier,
o the Organisation Id for a Consumer Trading Role is allocated
by one of the other Trading Roles in an IOTP Transaction and
is made unique by concatenating it with that other roles'
Organisation Id,
o once a Consumer is allocated an Organisation Id within an IOTP
Transaction the same Organisation Id is used by all the other
trading roles in that IOTP transaction to identify that
Consumer.
Specifically, the content of the Organisation ID is defined as
follows:
OrgId ::= NonConsumerOrgId | ConsumerOrgId
NonConsumerOrgId ::= DomainName
ConsumerOrgId ::= ConsumerOrgIdPrefix (namechar)+ "/"
NonConsumerOrgId
ConsumerOrgIdPrefix ::= "Consumer:"
ConsumerOrgId If the Organisation ID for a Consumer consists
of:
o a standard prefix is to identify that the
Organisation Id is for a consumer, followed by
o one or more characters which conform to the
definition of an XML "namechar". See [XML]
specifications, followed by
o the NonConsumerOrgId for the Organisation which
allocated the ConsumerOrgId. It is normally the
Merchant role.
Use of upper and lower case is significant.
NonConsumerOrgId If the Role is not Consumer then this contains the
Canonical Name for the non-consumer organisation
being described by the Organisation Component. See
[DNS].
Note that a NonConsumerOrgId may not start with
the ConsumerOrgIdPrefix.
Use of upper and lower case is not significant.
Examples of Organisation Ids follow:
o newjerseybooks.com - a merchant organisation id
o westernbank.co.uk - a payment handler organisation id
o consumer:1000247ABH/newjerseybooks.com - a consumer
organisation id allocated by a merchant
6.5.2 Trading Role Element
This identifies the Trading Role of an individual or organisation in
the IOTP Transaction. Note, an organisation may have more than one
Trading Role and several roles may be present in one organisation
element. Its definition is as follows:
<!ELEMENT TradingRole EMPTY >
<!ATTLIST TradingRole
TradingRole NMTOKEN #REQUIRED
ErrorNetLocn CDATA #IMPLIED >
Attributes:
TradingRole The trading role of the organisation. Valid values
are:
o Consumer. The person or organisation that is
acting in the role of a consumer in the IOTP
Transaction.
o Merchant. The person or organisation that is
acting in the role of merchant in the IOTP
Transaction.
o PaymentHandler. The financial institution or
other organisation which is a Payment Handler
for the IOTP Transaction
o DeliveryHandler. The person or organisation
that is the delivering the goods or services for
the IOTP Transaction
o DelivTo. The person or organisation that is
receiving the delivery of goods or services in
the IOTP Transaction
o CustCare. The organisation and/or individual
who will provide customer care for an IOTP
Transaction.
o x-ddd:nnn a user defined role (see section
3.7.3 User Defined Codes).
ErrorNetLocn The net location to which IOTP messages containing
Error Components with a Severity of either
HardError or TransientError are sent. See section
6.19.1 Error Processing Guidelines for more
details.
This attribute must be set when TradingRole is set
to Merchant, PaymentHandler or DeliveryHandler.
The content of this attribute is dependent on the
Transport Mechanism see the Transport Mechanism
Supplement.
CancelNetLocn This contains the net location that should be
displayed by the Consumer after the Consumer has
received an Error Block containing an Error
Component with the Severity attribute set to
either:
o HardError,
o Warning but the Consumer decides to not
continue with the transaction
o TransientError and the transaction has
subsequently timed out.
See section 6.19.1 Error Processing Guidelines for
more details.
This attribute must be set when TradingRole is set
to Merchant, PaymentHandler or DeliveryHandler.
The content of this attribute is dependent on the
Transport Mechanism see the Transport Mechanism
Supplement.
6.5.3 Contact Information Element
This contains information which can be used to contact an organisation
or an individual. All attributes are optional however at least one
item of contact information should be present. Its definition is as
follows.
<!ELEMENT ContactInfo EMPTY >
<!ATTLIST ContactInfo
xml:lang NMTOKEN #IMPLIED
Tel CDATA #IMPLIED
Fax CDATA #IMPLIED
Email CDATA #IMPLIED
NetLocn CDATA #IMPLIED >
Attributes:
xml:lang Defines the language used by attributes within
this element. See section 3.9 Identifying
Languages.
Tel A telephone number by which the organisation may
be contacted. Note that this is a text field and
no validation is carried out on it.
Fax A fax number by which the organisation may be
contacted. Note that this is a text field and no
validation is carried out on it.
Email An email address by which the organisation may be
contacted. Note that this field should conform to
the conventions for address specifications
contained in [RFC822].
NetLocn A location on the Internet by which information
about the organisation may be obtained that can be
displayed using a web browser.
The content of this attribute must conform to
[RFC1738].
6.5.4 Person Name Element
This contains the name of an individual person. All fields are
optional however as a minimum either the GivenName or the FamilyName
should be present. Its definition is as follows.
<!ELEMENT PersonName EMPTY >
<!ATTLIST PersonName
xml:lang NMTOKEN #IMPLIED
Title CDATA #IMPLIED
GivenName CDATA #IMPLIED
Initials CDATA #IMPLIED
FamilyName CDATA #IMPLIED >
Attributes:
xml:lang Defines the language used by attributes within
this element. See section 3.9 Identifying
Languages.
Title A distinctive name; personal appellation,
hereditary or not, denoting or implying office
(e.g. judge, mayor) or nobility (e.g. duke,
duchess, earl), or used in addressing or referring
to a person (e.g. Mr, Mrs, Miss)
GivenName The primary or main name by which a person is
known amongst and identified by their family,
friends and acquaintances. Otherwise known as
first name or Christian Name.
Initials The first letter of the secondary names (other
than the Given Name) by which a person is known
amongst or identified by their family, friends and
acquaintances.
FamilyName The name by which family of related individuals
are known. It is typically the part of an
individual's name which is passed on by parents to
their children.
6.5.5 Postal Address Element
This contains an address which can be used, for example, for the
physical delivery of goods, services or letters. Its definition is as
follows.
<!ELEMENT PostalAddress EMPTY >
<!ATTLIST PostalAddress
xml:lang NMTOKEN #IMPLIED
AddressLine1 CDATA #IMPLIED
AddressLine2 CDATA #IMPLIED
CityOrTown CDATA #IMPLIED
StateOrRegion CDATA #IMPLIED
PostalCode CDATA #IMPLIED
Country CDATA #IMPLIED
LegalLocation (True|False) 'False' >
Attributes:
xml:lang Defines the language used by attributes within
this element. See section 3.9 Identifying
Languages.
AddressLine1 The first line of a postal address. e.g. "The
Meadows"
AddressLine2 The second line of a postal address. e.g. "Sandy
Lane"
CityOrTown The city of town of the address. e.g. "Carpham"
StateOrRegion The state or region within a country where the
city or town is placed. e.g. "Surrey"
Country The country for the address. e.g. "UK"
LegalLocation This identifies whether the address is the
Registered Address for the Organisation. At least
one address for the Organisation must have a value
set to True unless the Trading Role is either
Consumer or DeliverTo.
6.6 Brand List Component
Brand List Components are contained within the Trading Protocol
Options Block (see section 7.1) of the IOTP Transaction. They contains
lists of:
o payment Brands (see also section 3.6 Brands and Brand
Selection),
o amounts to be paid in the currencies that are accepted or
offered by the Merchant,
o the payment protocols which can be used to make payments with
a Brand, and
o the net locations of the Payment Handlers which accept payment
for a payment protocol
The definition of a Brand List Component is as follows.
<!ELEMENT BrandList (Brand+, ProtocolAmount+,
CurrencyAmount+, PayProtocol+) >
<!ATTLIST BrandList
ID ID #REQUIRED
xml:lang NMTOKEN #REQUIRED
ShortDesc CDATA #REQUIRED
PayDirection (Debit | Credit ) #REQUIRED >
Attributes:
ID An identifier which uniquely identifies the Brand
List Component within the IOTP Transaction.
xml:lang Defines the language used by attributes or child
elements within this component, unless overridden
by an xml:lang attribute on a child element. See
section 3.9 Identifying Languages.
ShortDesc A text description in the language defined by
xml:Lang giving details of the purpose of the
Brand List. This information must be displayed to
the receiver of the Brand List in order to assist
with making the selection. It is of particular
benefit in allowing a Consumer to distinguish the
purpose of a Brand List when an IOTP Transaction
involves more than one payment.
PayDirection Indicates the direction in which the payment for
which a Brand is being selected is to be made. Its
values may be:
o Debit The sender of the Payment Request Block
(e.g. the Consumer) to which this Brand List
relates will make the payment to the Payment
Handler, or
o Credit The sender of the Payment Request Block
to which this Brand List relates will receive a
payment from the Payment Handler.
Content:
Brand This describes a Brand. The sequence of the Brand
elements (see section 6.6.1) within the Brand List
does not indicate any preference. It is
recommended that software which processes this
Brand List presents Brands in a sequence which the
receiver of the Brand List prefers.
ProtocolAmount This links a particular Brand to:
o the currencies and amounts in CurrencyAmount
elements that can be used with the Brand, and
o the Payment Protocols and Payment Handlers,
which can be used with those currencies and
amounts, and a particular Brand
CurrencyAmount This contains a currency code and an amount.
PayProtocol This contains information about a Payment Protocol
and the Payment Handler which may be used with a
particular Brand.
The relationships between the elements which make up the content of
the Brand List is illustrated in the diagram below.
Brand List
Component
|
|-Brand
| Element
| |
| |Protocol
| | AmountRefs
| v
|-Protocol Amount
| Element----------
| | |
| |Currency |Pay
| | AmountRefs |Protocol
| v |Ref
|-Currency Amount |
| Element |
| |
-PayProtocol<-----
Element
Figure 17 Brand List Element Relationships
Examples of complete Brand Lists are contained in section 10 Brand
List Examples.
6.6.1 Brand Element
A Brand Element describes a brand that can be used for making a
payment. One or more of these elements is carried in each Brand List
Component that has the PayDirection attribute set to Debit. Exactly
one Brand Element may be carried in a Brand List Component that has
the PayDirection attribute set to Credit.
<!ELEMENT Brand (PackagedContent?) >
<!ATTLIST Brand
Id ID #REQUIRED
xml:lang NMTOKEN #IMPLIED
BrandId NMTOKEN #REQUIRED
BrandName CDATA #REQUIRED
BrandLogoNetLocn CDATA #REQUIRED
BrandNarrative CDATA #IMPLIED
ProtocolAmountRefs IDREFS #REQUIRED
ContentSoftwareId CDATA #IMPLIED >
Attributes:
Id Element identifier, potentially referenced in a
Brand Selection Component contained in a later
Payment Request message and uniquely identifies
the Brand element within the IOTP Transaction.
xml:lang Defines the language used by attributes and
content of this element. See section 3.9
Identifying Languages.
BrandId This contains a unique identifier for the brand or
promotional brand. It is used to match against a
list of Payment Instruments which the Consumer
holds to determine whether or not the Consumer can
pay with the Brand.
The syntax for a BrandId is as follows:
BrandId ::= UserDefinedCode |
BrandIdDomain ":" BrandValue
Currently the only valid value for the
BrandIdDomain is IOTP which indicates that the
BrandValue is registered with IOTP.
The valid values for BrandValue for brands defined
within the IOTP Brand domain are obtainable from
the IOTP web site http:www.IOTP.org.
A user defined code follows the conventions
defined in section 3.7.3. Uniqueness of a user
defined BrandId is not guaranteed.
BrandName This contains the name of the brand, for example
MasterCard Credit. This is the description of the
Brand which is displayed to the consumer in the
Consumers language defined by xml:lang. For
example it might be "American Airlines Advantage
Visa". Note that this attribute is not used for
matching against the payment instruments held by
the Consumer.
BrandLogoNetLocn The net location which can be used to download the
logo for the organisation. See section Retrieving
Logos (see section 9).
The content of this attribute must conform to
[RFC1738].
BrandNarrative This optional attribute is designed to be used by
the Merchant to indicate some special conditions
or benefit which would apply if the Consumer
selected that brand. For example "5% discount",
"free shipping and handling", "free breakage
insurance for 1 year", "double air miles apply",
etc.
ProtocolAmountRefs Identifies the protocols and related currencies
and amounts which can be used with this Brand.
Specified as a list of ID's of Protocol Amount
Elements (see section 6.6.2) contained within the
Brand List.
ContentSoftwareId This optional attribute contains information which
identifies the software which generated the
content of the element. Its purpose is to help
resolve interoperability problems that might occur
as a result of incompatibilities between messages
produced by different software. It is a single
text string in the language defined by xml:lang.
It must contain, as a minimum:
o the name of the software manufacturer
o the name of the software
o the version of the software, and
o the build of the software
It is recommended that this attribute is included
if the software which generated the content cannot
be identified from the SoftwareId attribute on the
Message Id Component (see section 3.3.2)
Content:
PackagedContent Optional Packaged Content (see section 3.8)
containing information about the brand which may
be used by the payment protocol. The content of
this information is defined in the supplement for
a payment protocol which describes how the payment
protocol works with IOTP.
Examples Brand Elements are contained in section 10 Brand List
Examples.
6.6.2 Protocol Amount Element
The Protocol Amount element links a Brand to:
o the currencies and amounts in Currency Amount Elements (see
section 6.6.3) that can be used with the Brand, and
o the Payment Protocols and Payment Handlers defined in a Pay
Protocol Element (see section 6.6.4), which can be used with
those currencies and amounts.
Its definition is as follows:
<!ELEMENT ProtocolAmount (PackagedContent?) >
<!ATTLIST ProtocolAmount
Id ID #REQUIRED
PayProtocolRef IDREF #REQUIRED
CurrencyAmountRefs IDREFS #REQUIRED
ContentSoftwareId CDATA #IMPLIED >
Attributes:
Id Element identifier, potentially referenced in a
Brand element; or in a Brand Selection Component
contained in a later Payment Request message which
uniquely identifies the Protocol Amount element
within the IOTP Transaction.
PayProtocolRef Contains an Element Reference (see section 3.5)
that refers to the Pay Protocol Element (see
section 6.6.4) that contains the Payment Protocol
and Payment Handlers that can be used with the
Brand.