1、DRAFT FOR DEVELOPMENT DD IEC/TS 62325-502:2005 Framework for energy market communications Part 502: Profile of ebXML ICS 33.200 DD IEC/TS 62325-502:2005 This British Standard was published under the authority of the Standards Policy and Strategy Committee on 12 April 2005 BSI 12 April 2005 ISBN 0 58
2、0 45760 5 National foreword This Draft for Development reproduces verbatim IEC/TS 62325-505:2005. This draft, as part of the IEC 62325 series of standards, supersedes PD IEC/TR 62195:2002, which is withdrawn. This publication is not to be regarded as a British Standard. It is being issued in the Dra
3、ft for Development series of publications and should be applied on this provisional basis, so that information and experience of its practical application may be obtained. Comments arising from the use of this Draft for Development are requested so that UK experience can be reported to the internati
4、onal organization responsible for the Technical Specification. A review of this publication will be initiated not later than 3 years after its publication by the international organization so that a decision can be taken on its status at the end of its 3-year life. Notification of the start of the r
5、eview period will be made in an announcement in the appropriate issue of Update Standards. According to the replies received by the end of the review period, the responsible BSI Committee will decide whether to support the conversion into an international standard, to extend the life of the Technica
6、l Specification for another 3 years or to withdraw it. Comments should be sent in writing to the Secretary of BSI Technical Committee PEL/57, Power systems management and associated information exchange, at British Standards House, 389 Chiswick High Road, London W4 4AL, giving the document reference
7、 and clause number and proposing, where possible, an appropriate revision of the text. A list of organizations represented on this committee can be obtained on request to its secretary. Cross-references The British Standards which implement international publications referred to in this document may
8、 be found in the BSI Catalogue under the section entitled “International Standards Correspondence Index”, or by using the “Search” facility of the BSI Electronic Catalogue or of British Standards Online. Summary of pages This document comprises a front cover, an inside front cover, the IEC/TS title
9、page, pages 2 to 27 and a back cover. The BSI copyright notice displayed in this document indicates when the document was last issued. Amendments issued since publication Amd. No. Date Comments TECHNICAL SPECIFICATION IECTS 62325-502First edition 2005-02Framework for energy market communications Par
10、t 502: Profile of ebXML Reference number IEC/TS 62325-502:2005(E) DDIEC/TS62325502:2005CONTENTS INTRODUCTION3 1 Scope .4 2 Normative references 4 3 Terms, definitions and abbreviations4 3.1 Terms and definitions .4 3.2 Abbreviations .4 4 Guideline of how to use the architecture.6 4.1 Profile of the
11、architecture6 4.2 Security profile of the BPSS7 4.3 Profile of the CPP/A.10 4.4 Messaging service profile 13 5 Implementation level.13 Annex A (normative) Message service profile .14 Annex B (informative) Implementation levels 26 Figure 1 References and content of ebXML documents6 Table 1 BPSS Profi
12、les for reliability, non-repudiation, and security.8 Table 2 Message reliability8 Table 3 Non-repudiation and legally binding 9 Table 4 Authorisation, Authentication and confidentiality.10 Table 5 CPP/CPA options and choices .11 Table 6 S/MIME v3 security parameters .12 Table 7 OpenPGP/MIME security
13、 parameters .13 Table B.1 Overview of implementation levels26 Page2 DDIEC/TS62325502:2005INTRODUCTION With the transition of monopoly energy supply structures to deregulated energy markets, the function of the markets depends heavily on seamless e-business communication between market participants.
14、Compared with global e-business, e-business in the energy market is only a small niche. Today EDIFACT or X12 messages, or propriety HTML and XML solutions based on Internet technologies are being used. The electronic business Extensible Markup Language (ebXML) specification and architecture stems fr
15、om UN/CEFACT and OASIS and these are now partly standards within the ISO 15000 series being complemented in future to cover all aspects of ebXML. ebXML is a complete set of specifications and standards to enable secure electronic business using proven, open standards such as TCP/IP, HTTP, SOAP, XML,
16、 and SOAP signature and encryptation. ebXML is also evolutionary in nature, built on 25 years of EDI experience, designed to work with existing EDI solutions, or be used to develop an emerging class of internet based electronic business applications based on XML. This means that with ebXML existing
17、EDI messages (EDIFACT, X.12) as well as XML messages can be exchanged. Profiles of ebXML allow the re-use of proven core components and communication platforms across markets, thus saving cost and implementation time. . Page3 DDIEC/TS62325502:2005FRAMEWORK FOR ENERGY MARKET COMMUNICATIONS Part 502:
18、Profile of ebXML 1 Scope This part of IEC 62325 specifies an energy market specific messaging profile based on the ISO 15000 series. The profile is intended to provide the basis for system configuration. 2 Normative references The following referenced documents are indispensable for the application
19、of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/TS 15000-1:2004, Electronic business eXtensible Markup Language (ebXML) Part 1: Collaboration-protocol profile and agr
20、eement specification (ebCPP) ISO/TS 15000-2:2004, Electronic business eXtensible Markup Language (ebXML) Part 2: Message service specification (ebMS) UN/CEFACT, ebXML Business Process Specification Schema, v1.10 or higher UN/CEFACT, ebXML Technical Architecture Specification, v1.04 or higher In this
21、 part of IEC 62325, RFCs (Request for comments) from the Internet Engineering Task Force (IETF) and recommendations from other Organisations such as the Word Wide Web Consortium (W3C) and the Organization for the Advancement of Structured Information Standards (OASIS) are mentioned which are not inc
22、luded here because these documents are referenced in the references above. 3 Terms, definitions and abbreviations 3.1 Terms and definitions None. 3.2 Abbreviations A2A Application-to-Application AES Advanced Encryption Standard B2B Business-to-Business BDS Business Document Specification (instance)
23、BDSS Business Document Specification Schema BIE Business Information Entity BOV Business Operational View BPMS Business Process Management System BPSS Business Process Specification Schema (or instance) BSI Business Service Interface Page4 DDIEC/TS62325502:2005CC Core Component (based on BIE) CIM Co
24、mmon Information Model CPA Collaboration Protocol Agreement CPP Collaboration Protocol Profile DSO Distribution System Operator (of power system DUNS Data Universal Numbering System (North America) EAN European Article Number (Europe) ebMS ebXML Messaging Service ebXML electronic business XML EDI El
25、ectronic Data Exchange EIA Enterprise Application Integration EMS Energy Management Systems ERP Enterprise Resource Planning FOV Functional Service View FTP File Transfer Protocol HTTP Hypertext Transport Protocol ICT Information and Communication Technology ISO Independent System Operator IT Inform
26、ation Technology MIME Secure/Multipurpose Internet Mail Extensions MIS Market Identification Schema MOM Message-oriented middleware MSH Message Service Handler PKI Public Key Infrastructure QoS Quality of Service RPC Remote Procedure Call RR Registry / Repository SAML Security Assertion Mark-up Lang
27、uage SCADA Supervision, Control, and Data Acquisition SMTP Simple Mail Transfer Protocol SO System Operator (of power system) SOAP Simple Object Access Protocol TLS Transport Layer Security TSO Transmission System Operator (of power system) UML Unified Modelling Language UMM UN/CEFACT Modelling Meth
28、odology VPN Virtual Private Network WS Web Services WSDL Web Services Definition Language XML eXtensible Markup Language XKMS XML Key Management Specification Page5 DDIEC/TS62325502:20054 Guideline of how to use the architecture 4.1 Profile of the architecture Within the ebXML specification framewor
29、k, two business partners agree on how to perform e-business using machine-readable Trading Partner Agreements based on XML syntax and named Collaboration Profile Agreements (CPA). In the general case of global e-business, the CPA is negotiated as the intersection of the Collaboration Protocol Profil
30、es (CPP) of these two partners, who may have discovered each other using the registry partner-discovering feature. Energy markets normally exist in a specific geographical area or geopolitical region with known business partners, agreed market rules and communication infrastructure. In this environm
31、ent, a simplification may be possible where alternatively pre-negotiated CPAs of each business process are stored pre-defined in the registry/repository and can be downloaded for use. Within each market, a profile or a limited set of profiles of the ebXML architecture should be used to harmonise and
32、 simplify e-business. Since the ebXML specification framework does not define any market specific profiles, the profile for energy markets has to be specified. In the following business process driven BPSS “security profiles”, CPP/CPA “technical profiles” and “messaging profiles” are specified. For
33、better understanding of the profiles defined below 4.2 to 4.4, Figure 1 shows the configuration files used with its content structure. CPP / CPA BPSS references references references Business document Multi party collaboration Binary collaboration Business transaction activity Business transaction R
34、ole Service binding Delivery channel Transport Packaging (MIME) includes includes Document exchange (reliability , security ) XML documentation and configuration files Business document schema Document exchange (reliability , security ) overrides IEC 149/05Figure 1 References and content of ebXML do
35、cuments Page6 DDIEC/TS62325502:20054.2 Security profile of the BPSS The ebXML BPSS instance provides the possibility for a collaboration to specify message reliability and message security, including non-repudiation with legally binding at the business level. The BPSS is used for more than one colla
36、boration between market participants. Note that the CPA for a specific collaboration may therefore override the reliability, non-repudiation and security attribute values of a BPSS. Table 1 shows the recommended profiles. Reliability is included in all profiles. Profile #1 only provides reliability.
37、 Profile #2 adds non-persistent (transient) confidentiality and non- persistent (transient) authentication (on transport or network level, for example TLS, IPsec). Profile #3 adds persistent confidentiality, persistent authentication, and tamper-proof messages (signed messages with keyed digest). Th
38、e latter is sometimes also called non-repudiation of origin. Profile #4 is for full persistent security including persistent non-repudiation and invoked authorisation. The profiles #3 and #4 should be preferred because only these profiles guarantee end-to-end persistent security and non-repudiation
39、within a market with established relationships. The table also includes the mapping of the BPSS profiles to the MSH profiles 0, 3, 16, and 21. The MSH profiles 16 and 21 can be optional, used with a trusted time stamp if this service is available and needed. For the sake of compatibility within a pr
40、oject or market, choices have to be made about: the location of the persistent security services. Persistent end-to-end security should be implemented on application level by default. The optional use of MSH security services, if supported, is a project or market decision; a single BPSS profile for
41、each process. Different processes can have different BPSS profiles, depending of the need for security. In the following subclauses, the BBSS attribute options which have to be chosen according to the recommended profiles in Table 1 are shown. The signature should apply to the whole message, includi
42、ng the envelope where the Signature element is contained. The partial signing of XML documents should not be used for sake of simplicity, because there is no known requirement. Page7 DDIEC/TS62325502:2005Table 1 BPSS profiles for reliability, non-repudiation, and security Feature Options Profile #1
43、Profile #2 Profile #3 Profile #4 MSH profile Supported Security Services 0 3 16 21 Persistence Persistent Security and Non-repudiation NA NO YES YES Reliability Guaranteed Delivery (acknowledgement, retry) 1)X X X X Intelligible Check (message validation with a schema) X X X X Non-repudiation Non-Re
44、pudiation (saved audit trail of documents) X 2)Non-Repudiation of Receipt (signed receipt) 1)X 2)Legally Binding (legal document) X Security Authorization Required (validation of identity, e.g. SAML) X Tamper Proof (signed message and keyed digest) X X Confidential (encryption) X 1)X X Authenticated
45、 (proof of identity) X 1)X X 1) Service of the MSH. 2) Alternatively. Message reliability Messages are received, validated and accepted. This concept is based on acknowledgements on the messaging level and validation of received messages with schemas. Table 2 shows the reliability options and choice
46、s. Within the reliability profile, all options should be true and all parameters should be filled in. Profile 1, 2, 3, 4: reliability with all attributes mandatory and true and parameters filled in. Table 2 Message reliability Element Attribute m/o Options and choices or remark BusinessTransaction/
47、m isGuaranteedDeliveryRequired m “true” RequestingBusinessActivity m 0, e.g. “P2H” isIntelligibleCheckRequired m “true” timeToAcknowledgeReceipt m 0, e.g. “P2H” timeToAcknowledgeAcceptance m 0, e.g. “P4H” RespondingBusinessActivity isIntelligibleCheckRequired m “true” timeToAcknowledgeReceipt m 0, e
48、.g. “P2H” BusinessTransactionActivity timeToPerform m 0, e.g. “P1D” The column m/o means mandatory/optional. Page8 DDIEC/TS62325502:2005Non-repudiation and legally binding security Messages are signed in order to provide message and sending party authentication, non-repudiation and to make them lega
49、lly binding. Furthermore, authorisations can be configured. Table 3 shows non-repudiation and legally binding options and choices. Within the non-repudiation profile, the following should be used: Profile 1, 2, 3: Non-repudiation with all attributes “false”, or Profile 4: Non-repudiation with the “isNonRepudiationRequired” or the “isNonRepudiationOfReceiptRequired” attribute “true”. The attribute “isLegallyBinding” is “true” by default. If tr
