CN100342347C - 为消息在服务之间的交换动态地确定安全选项的方法 - Google Patents
为消息在服务之间的交换动态地确定安全选项的方法 Download PDFInfo
- Publication number
- CN100342347C CN100342347C CNB038251655A CN03825165A CN100342347C CN 100342347 C CN100342347 C CN 100342347C CN B038251655 A CNB038251655 A CN B038251655A CN 03825165 A CN03825165 A CN 03825165A CN 100342347 C CN100342347 C CN 100342347C
- Authority
- CN
- China
- Prior art keywords
- sicd
- annotation
- documentation
- message
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 claims abstract description 68
- 238000004422 calculation algorithm Methods 0.000 claims description 101
- 238000013475 authorization Methods 0.000 claims description 14
- 230000005540 biological transmission Effects 0.000 claims description 13
- 238000012795 verification Methods 0.000 claims description 10
- PCHJSUWPFVWCPO-UHFFFAOYSA-N gold Chemical compound [Au] PCHJSUWPFVWCPO-UHFFFAOYSA-N 0.000 description 20
- 229910052737 gold Inorganic materials 0.000 description 20
- 239000010931 gold Substances 0.000 description 20
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 12
- 230000008569 process Effects 0.000 description 11
- 230000000694 effects Effects 0.000 description 10
- 239000004615 ingredient Substances 0.000 description 10
- 238000004891 communication Methods 0.000 description 9
- 230000005641 tunneling Effects 0.000 description 9
- 230000008878 coupling Effects 0.000 description 7
- 238000010168 coupling process Methods 0.000 description 7
- 238000005859 coupling reaction Methods 0.000 description 7
- OWNRRUFOJXFKCU-UHFFFAOYSA-N Bromadiolone Chemical compound C=1C=C(C=2C=CC(Br)=CC=2)C=CC=1C(O)CC(C=1C(OC2=CC=CC=C2C=1O)=O)C1=CC=CC=C1 OWNRRUFOJXFKCU-UHFFFAOYSA-N 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000008676 import Effects 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- BQCADISMDOOEFD-UHFFFAOYSA-N Silver Chemical compound [Ag] BQCADISMDOOEFD-UHFFFAOYSA-N 0.000 description 4
- 238000006243 chemical reaction Methods 0.000 description 4
- 238000007726 management method Methods 0.000 description 4
- 229910052709 silver Inorganic materials 0.000 description 4
- 239000004332 silver Substances 0.000 description 4
- 239000003795 chemical substances by application Substances 0.000 description 3
- 238000004590 computer program Methods 0.000 description 3
- 229910000510 noble metal Inorganic materials 0.000 description 3
- 241001071864 Lethrinus laticaudis Species 0.000 description 2
- DIWRORZWFLOCLC-UHFFFAOYSA-N Lorazepam Chemical compound C12=CC(Cl)=CC=C2NC(=O)C(O)N=C1C1=CC=CC=C1Cl DIWRORZWFLOCLC-UHFFFAOYSA-N 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 239000000344 soap Substances 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- VBMOHECZZWVLFJ-GXTUVTBFSA-N (2s)-2-[[(2s)-6-amino-2-[[(2s)-6-amino-2-[[(2s,3r)-2-[[(2s,3r)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-2-[[(2s)-2,6-diaminohexanoyl]amino]-5-(diaminomethylideneamino)pentanoyl]amino]propanoyl]amino]hexanoyl]amino]propanoyl]amino]hexan Chemical compound NC(N)=NCCC[C@@H](C(O)=O)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CCCCN)NC(=O)[C@H]([C@@H](C)O)NC(=O)[C@H]([C@H](O)C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@@H](N)CCCCN VBMOHECZZWVLFJ-GXTUVTBFSA-N 0.000 description 1
- 235000004443 Ricinus communis Nutrition 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013497 data interchange Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 108010068904 lysyl-arginyl-alanyl-lysyl-alanyl-lysyl-threonyl-threonyl-lysyl-lysyl-arginine Proteins 0.000 description 1
- 230000013011 mating Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000004083 survival effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
- 230000003442 weekly effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Quality & Reliability (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
本发明涉及协商和实现两个或更多个万维网服务之间的安全措施的基于计算机的设备和方法。更具体地说,本发明涉及指定输入和输出接口、与输入一致的安全合同的计算和生成以及按照协商的安全措施的安全实现的设备和方法。在权利要求书、说明书和附图中描述了本发明的具体方面。
Description
版权通告
本专利文件的公开部分包含受版权保护的内容。版权拥有者不反对任何人一模一样地复制像出现在专利和商标局专利文件或记录中那样的专利文件或专利公开,但是在其它方面仍然保留所有版权。
参考计算机程序列表附录
计算机程序列表附录附在本说明书之后。计算机程序列表附录包括如下程序节选:
SecuritySenderReceiverInfo.XSD (协商输入的模式)
SecurityContractKeyInfo.XDS (用于安全的密钥的模式)
SecurityContract.XDS (通过协商达成的安全合同的模式)
CommunitySecurityTemplatesInfo.XML (模板信息举例)
SecuritySenderInfo.XML (发送者信息举例)
SecurityReceiverInfo.XML (接收者信息举例)
ComputeSecurityContract.XML (计算安全合同举例)
技术领域
本发明涉及协商和实现两个或更多个万维网服务之间的安全措施的基于计算机的设备和方法。更具体地说,本发明涉及指定输入和输出接口、与输入一致的安全合同的计算和生成以及按照协商的安全措施的安全实现的设备和方法。在权利要求书、说明书和附图中描述了本发明的具体方面。
背景技术
商家到商家(B2B)和应用到应用(A2A)电子商务正在取代用于电子数据交换(EDI)的旧协议。随着商家力争借助于B2B和A2A系统来提高它们的效率,出现了大量不兼容平台和竞争标准。在兼容标准之间,仍然需要填补相互之间的空隙。例如,企业定义了简单万维网服务是什么。与简单万维网服务有关的标准包括UDDI、WSDL、XSDL和SOAP。但是,这些标准没有完全满足实际B2B和A2A电子商务的安全性、可靠性、可管理性和编排(choregraphy)要求。尤其是安全性将许多选择和配置问题摆在人们面前。人们期望协同万维网服务和它们的安全性需要像非万维网商务那样演变。还没有任何随着万维网服务不断演变而动态地解决和更新安全选择和配置的综合或统一设备或方法。
许多企业首创扩展了可应用于B2B和A2A电子商务的标准。在编排方面的成果包括OASIS公司所作的ebXML/BPSS、IBM公司所作的WSFL和Microsoft公司所作的XLANG。在会话方面的成果包括OASIS公司所作的ebXML/TRP和Microsoft公司的WS-routing。占优势的安全成果是IBM和Microsoft公司所作的WS-security,还有称为SAML的OASIS公司所作的辅助安全成果。有关可靠性,存在Microsoft公司提出的建议、OASIS公司所作的ebXML/TRP和IBM公司所作的HTTPR。W3C正在解决所有这些领域中的标准化问题。主要工业巨头形成了称为WSI的竞争者联盟。但是,他们还没有解决动态安全协议问题。
于是,出现了开发为贸易伙伴动态解决安全选择和配置问题的方法和设备的机会。
发明内容
本发明涉及协商和实现两个或更多个万维网服务之间的安全措施的基于计算机的设备和方法。更具体地说,本发明涉及指定输入和输出接口、与输入一致的安全合同的计算和生成以及按照协商的安全措施的安全实现的设备和方法。在权利要求书、说明书和附图中描述了本发明的具体方面。
附图说明
图1例示了共同体(community)和共同体的网络,它们是安全措施的计算机辅助动态协商可用的一个环境;
图2描绘了安全措施(arrangement)的协商和实现;
图3例示了算法类型之间的协调偏爱(preference);
图4例示了当发送者对于安全措施的计算是本地的时,获取接收者信息的可替代实施例;和
图5例示了可以用于实现本发明的这些方面的程序逻辑单元和资源的一个网络。
具体实施方式
下面参照附图作出详细描述。描述优选实施例是为了举例说明本发明,而不是限制权利要求书所限定的本发明的范围。本领域的普通技术人员应该认识到,可以对如下的描述作出各种各样的等效改变。
图1例示了共同体和共同体的网络,它们是安全措施的计算机辅助动态协商可用的一个环境。在这些共同体中,一个共同体维护本地登记表,本地登记表包括诸如共同体组成部分的用户、公司、服务和连接器之类的信息。共同体可以是市场、企业或子企业。共同体可以属于一个或多个共同体网络。通常,共同体和网络存在一些共同的商业利益。互通性(interoperation)存在于一个或多个网络中的成员共同体之间。网络包括黄金市场网络1、贵金属市场网络2、专用网络3和全球贸易万维网4。在这个示例中,黄金市场网络1和贵金属市场网络2包含在全球贸易万维网4中。贵金属市场网络2包括黄金和白银市场14和13。黄金市场消费者可以在白银市场13中买卖白银,而白银市场消费者可以在黄金市场14中买卖黄金。一个共同体——PQR企业17属于黄金市场网络1、专用网络3和全球贸易万维网4,另一个共同体-ABC大供应商18属于专用网络3。在这个示例中,XYZ黄金市场14是买卖黄金的市场或共同体。多个企业属性这个共同体。像PQR企业17那样自己形成一个共同体的企业属于黄金市场网络1。这些共同体是黄金市场网络1和全球贸易万维网4的组成部分。小供应商15是黄金市场共同体的组成部分。其它企业16是作为黄金市场共同体网络1的组成部分的共同体。XYZ黄金市场14和其它黄金市场实体15-17之间的连接表示黄金市场要求参与黄金买卖的企业(共同体或其它)之间的所有业务都要经过XYZ黄金市场14,以便例如收集结帐和商业情报信息。PQR企业17是作为黄金市场的组成部分,与供应商18一起也作为局部专用网络的组成部分的共同体。小供应商15可以是本身不想形成共同体,而是将它的、诸如用户、机构、服务和转换之类的元数据登记在黄金市场的登记表中的个别小供应商。另一方面,ABC大供应商18形成它自己的专用网络,例如,由于它想要保存因开发它们相当昂贵而不允许一般公众访问的元数据、机构内系统和转换。由于PRQ 17是ABC 18的客户,所以它加入专用网络3中。金融服务提供商DEF金融市场12想要向全球贸易万维网4中的任何人提供金融服务,这样就形成它自己的共同体和与全球贸易万维网顶级市场11平起平坐。共同体的网络使共同体的全球登记表可供大家使用。全球登记表允许查找共同体和确定到那个共同体,或到可以路由准备到共同体的电子商务文档的外部连接器的一条或多条路线。从一个共同体路由到另一个共同体的文档可以在两个共同体的外部连接器之间直接路由,或者通过一个或多个中间共同体间接路由。在共同体登记表中也可以定义和维护涉及共同体的交易的商业和安全规则。一般说来,图1例示了产生对电子商务平台之间的互通性的推动力的实体和共同体的混合忠实性。
连接器是与其它应用程序通信的应用程序的一般术语。连接器可以对等(P2P)地或直接地通过起集线器、网关、外部端口、中心连接器等作用的其它连接器通信。P2P通信的连接器能够与使用相同传输/封装协议的其它连接器通信。当试图与不使用相同传输/封装协议的其它连接器通信时,P2P通信的连接器可以有选择地谋取进行翻译服务的其它中心连接器的帮助。直接通信的连接器根据路由规则,通过中心连接器通信。在有向图中可以映射连接器之间的路由规则,对于一种或多种传输/封装协议,支持一种或多种轴心辐条式拓扑结构(hub and spoke topology)。轴心辐条式拓扑结构分一层或多层使通信沿着辐条指向轴心。这有助于诸如结帐、商业情报收集、跟踪、审计、计费等的集中服务。像图2所建议的那样,多个轴心辐条式机构可以共用同一连接器,以支持不同传输/封装协议和技术。例如,可以要求较强的轴心辐条式机构将Sonic用作传输技术,而不是使用HTTP或HTTPS。可选地,通信路由可以取决于源和目的地是否是同一共同体的组成部分。在子共同体(它可能包括整个共同体)内,可能不需要集中功能,并且当与其它子共同体中的目的地通信时,在以不同方式(otherwise)被控制(to be directed)来与母连接器通信的连接器之间允许P2P通信。
连接器可能被标记成简单连接器(有时简称为连接器)、集线器(有时称为网关或路由器)或中心连接器。可替代地,可以在功能上描述它们。简单连接器被控制来通过中心连接器通信,除了允许它们在相同子共同体中的连接器之间进行P2P通信之外。所谓的集线器供明显指向它们或与它们链接的连接器使用。集线器可以提供不止一种功能,于是,可能不止一次地出现在从源到目的地的路线中。集线器转发电子商务文档或消息。集线器还可以在支持公用封装协议的传输协议之间进行翻译。例如,集线器可以翻译封装协议,并且还可以在发送而不是接收时实现不同的传输协议。中心连接器是集线器的特殊情况,它可以供没有明显指向它们或与它们链接的连接器使用。中心连接器可用于例如在根据路由规则从源开始穿过连接器没有通向支持目的地使用的传输/封装协议的任何集线器时,完成翻译功能。
模式和进程流提供了根据本发明的一些方面的安全措施的概况。在这种背景下,安全措施的协商是通过将发送和接收服务的安全简档用于确定相互同意的安全措施的基于计算机进程来实现的。最好,在无需用户介入的情况下,定期协商或潜在地更新这个安全措施。每当交换消息时或基于一些其它周期或偶发事件,譬如,每月、每周、每日发生影响消息在特定发送者和接收者之间交换的事件(例如,软件部件出现故障或安全偏爱发生改变),和当以前协商的措施失效时或基于一些其它周期或偶发事件,可以在用户的请求下或无需用户介入的情况下,协商、更新或有效性检验这种措施。源代码附录中的模式SecuritySender-ReceiverInfo.XSD描述了对安全措施的协商的一些输入。也在源代码附录中的模式SecurityContract.XSD描述了在所谓安全互通性合同文档(“SCID”)中,协商安全措施的一个实施例。进程流图1可以用于描述安全描述的协商和实现。
源代码附录中的模式SecuritySenderReceiverInfo.XSD可以用于证实对安全措施的协商数个输入文件。在这个实施例中,机器可读输入文件是XML文档。在其它实施例中,其它数据结构可以用于存储相同信息,例如,模仿XML代码的树结构。通过将文件装入诸如XML Spy TM之类的集成开发环境(IDE)中可以最好地理解模式SecuritySenderReceiverInfo.XSD,XML Spy TM提供模式的几种可替代视图,包括文档生成视图。发送者和接收者安全互通性合同文档信息块通过这种模式来定义。在Spy模式设计视图中观察到,SecuritySenderReceiverInfo.XSD包括用于定义发送者和接收者安全信息的几个部件。CommunitySecurityPolicyPreference部件声明共同体偏爱以签名首标、加密证件和证件偏爱。它可以用于为整个共同体指定默认值,也可以适用于为协作伙伴(CP)指定默认值。SAMsgSecurityPolicy部件允许指定签名和加密偏爱以及验证选项。在服务之间交换的消息可能存在多个部分。签名和加密策略可以应用于整个消息或各个部分。这种手段可以容易地推广到将签名和加密策略应用于各个部分内的单元。PublicKeys部件标识这个CP的密钥记录。ConnectorCapability部件向实现一部分安全措施的资源提供路由信息,譬如,连接器名。它包括诸如加密能力、签名能力、加密公开密钥方和签名公开密钥方之类的连接器能力参数。取决于涉及到签名还是加密,公开密钥方可以是发送者的CP、接收者的CP或连接器的拥有者。如果没有定义公开密钥方,则消息发送者的密钥可以用于签名,而消息接收者的密钥可以用于加密。SecurityContainer部件可以用于携带可用于安全的附加对象。SendingCPSecurityPolicyProfile部件包括发送CP可用证件信息。CPSendServicesSecurityPolicy和CPRecvSecurityPolicy部件分别包括发送和接收服务的数组安全策略。这里可以定义服务偏爱和超越(override)。
也在源代码附录中的模式SecurityContract.XSD可以用作准备机器可读安全互通性合同文档的模型。在这个实施例中,机器可读文档是XML文档。在其它实施例中,其它数据结构可以用于存储相同信息,例如,模仿XML代码的树结构。这种模式定义了策略和安全策略的通道。安全通道定义资源和到执行安全算法,譬如,签名、加密和验证算法的资源的路线。它也可以包括不拒绝和授权资源。
进程流图2可以用于描述安全措施的协商和实现。在一个实施例中,将发送和接收服务的偏爱保存在登记表201中。这个登记表可被发送和接收服务访问,以便每个服务可以计算安全措施,或者,它可用于发送和接收服务之一或两者可访问的安全措施计算服务。发送和接收服务可以保存它们自己的登记表。或者,可以为发送和接收服务开发一种协议,用于交换它们作为协商安全措施的一部分的安全偏爱。登记表201还可以保存与拥有服务的协商伙伴或协作伙伴所属的共同体或两者的默认偏爱有关的信息。一般说来,服务特有偏爱可能超越默认偏爱,或者,可以赋予某些默认偏爱优于服务特有偏爱。协作伙伴的默认偏爱可以与共同体的默认偏爱区别对待。安全措施计算服务202从登记表201或另一个源中取出安全措施偏爱的输入陈述并对其进行加工。在一个实施例中,这种计算服务是安全合同制订者。输出(203)一组安全措施。这些措施可能得到发送和接收服务确认,可能被发送和接收服务否决,也可能受到发送和接收服务信任。发送服务或响应发送服务205的另一个服务使用安全措施203来处理文档204,将其发送给接收服务209。在一些情况下,安全措施将要求从可信断言服务206获取断言。例如,发送和接收服务可能同意使用SAML服务来生成验证断言。安全措施203将要求生成SAML断言和发送服务205将从SAML服务器206中获取SAML断言。在另一个实施例中,可信服务206可以提供电子公证。可以委托银行或安全机构以与公证类似的功能生成验证断言。在一些情况下,安全措施将要求从公开密钥源208中获取用在非对称签名或加密中的公开密钥。例如,发送和接收服务可能同意使用XKMS服务来交换公开密钥。安全措施203将XKMS服务地址指定成公开密钥的源。发送服务205和接收服务209两者都访问同意的密钥源209。按照安全措施203,发送服务205通过网络207将文档204传送到接收方209。通过网络207的路由和传输可以是安全措施的组成部分,最好,可以由安全传输基础设施来管理。安全措施203可以由计算服务202提供给接收方209,要不然,可以由接收方来访问,与携带文档204的消息无关。可替代地,根据预先安排的协议,安全措施203可以与文档204一起包括进来。例如,它可以是消息首标的组成部分,或者,它可以是消息的独立部分。预先安排的协议可能要求利用各方的各自密钥签名和/或加密消息首标或消息部分。借助于上面关心的这种进程流和模式,可以说明来自源代码附录的例子。
文件SecuritySenderInfo.XML、SecurityReceiverInfo.XML和ComputeSecurityContract.XML提供了发送者偏爱和接收者偏爱和所得计算的安全措施的例子。在服从如上所述的XML模式的XML代码中陈述了发送者和接收者偏爱。在服从源代码附录中的SecurityContract.XSD的互通性安全合同文档中陈述了计算的安全措施。
在这个例子中,发送者偏爱信息包括共同体偏爱和服务偏爱。共同体偏爱阐述安全算法和偏爱,以签名首标、加密证件和在可用证件中作出选择。共同体偏爱也可以将安全算法排序,要不然,在安全算法之间指出偏爱。取代共同体的偏爱,或者除了共同体的偏爱之外,可以为协作伙伴提供类似的一组偏爱。在这个例子中,共同体在名为XMLSignatureAlgorithmTemplate的单元中存在六组签名算法选项,并在名为XMLEncryptionAlgorithm Template的单元中存在三组加密算法选项。这些组的选项都是模板。可以为特定算法提供不止一个选项模板。模板的使用简化了选项的配置并提高了发送和接收服务选择一致选项集的可能性。本例中的共同体不偏爱签名首标或加密证件,并接受基本证件。一般说来,共同体或协作伙伴可能偏爱服务可以选择的任何安全措施选项,或者,共同体或协作伙伴可能只偏爱一些选项。发送者偏爱文件中的共同体偏爱应该对应于在其它地方,譬如,在共同体偏爱的登记表项目中陈述的共同体偏爱。文件CommunitySecurityTemplatesPreference.XML是用于记录一些或所有共同体安全偏爱的文件的例子。
服务(在本例中,为发送服务)在SAMsgSecurityPolicy中记录它管理消息部分、整体签名与加密消息和进行验证的偏爱。消息可能具有几个部分。与消息部分相对应,服务可以标识消息部分和表达签名或不签名或加密或不加密消息部分的偏爱。在这个实施例中,可以选择对一类算法,譬如,一般算法或XML中专用算法的偏爱。在其它实施例中,服务可能不指定一类算法,或可能指定专用算法。
本例还覆盖了安全的其它措施。具有X509格式的接收者(购买者)公开密钥用于签名和验证。为发送服务标识两种资源-所谓的连接器,以用于签名和加密。发送者可用证件被标识成基本证件和X509证件。在SecurityPolicyTemplatePreference下从1到3排序发送服务的安全措施偏爱。在本例中,三种加密偏爱都用于XML专用加密。本例的这些和其它细节可以在源代码附录文件SecuritySenderInfo.XML中找到。
接收方偏爱可以在源代码附录文件SecurityReceiverInfo.XML中找到。一般说来,接收方偏爱简档的元素与发送方的那些非常相似,甚至从模式开始使用相同的元素类型。显著差异可以在验证和授权中找到,因为可应用于验证和授权的逻辑单元依赖于你正在出示你证件还是正在确定是否接受出示的东西。例如,发送方的SendingCPSecurityProfile列出了可用证件。这些元素不是接收方偏爱的组成部分。这种发放(issue)由标识AcceptedCredentials的接收方CPRecvServicesSecurityPolicy解决。
在本例中,陈述了安全措施逻辑单元协调的两种偏爱。一种偏爱在算法模板之间。元素SecurityPolicyTemplatePreference在发送和接收服务偏爱的每一个中出现两次,阐明了算法之间的共同体和服务特定偏爱。图3例示了协调算法类型之间的偏爱。堆栈301和302代表发送和接收偏爱。假设A是最安全的和G是最不安全的。在两个偏爱堆栈301和302中,偏爱B和D匹配。选择B或D的判定规则可能要考虑偏爱的一个堆栈或两个堆栈。例如,可能从匹配当中选择倾向于签名的接收服务偏爱(D)或倾向于加密的发送服务偏爱(B)。对这两种偏爱加以考虑,可以选择最安全的(B)或最不安全的(D)。在另一个实施例中,各自服务可能加权它们的偏爱或对它们的偏爱打分,组合权重或分数可以用于考虑这两种偏爱。第二种偏爱是是否签名或加密一部分消息。签名或加密什么由SAMsgSecurityPolicy的SAMsPart元素阐述。本例中的消息部分是Order和Image。在本例中,发送者和接收者偏爱对签名和加密Order匹配和只对加密Image匹配。除了Order之外,如果接收者想要签名的Image,偏爱将不匹配。然后,需要判定规则来解决失配问题。可用判定规则可以包括:接收者取胜,发送者取胜,最高要求取胜,或最低要求取胜。一种偏爱协调确定是否应用安全措施。当应用安全措施时,在选项模型之间选择其它类型。
本例的一组计算安全措施出现在ComputeSecurityContact.XML中,下面部分地再现它:
ComputeSecurityContract.XML,which is partially reproduced below:
<SecurityContractlCD...>
<SecurityPolicies>
<SignaturePolicies>
<XMLDsigPolicy Policyld="P-XMLSignatureRSA-MD5-C14N">
<SignaturePolicyAlgorithm>...</SignaturePolicyAlgorithm>
<SignatureAlg...>MD5withRSA</SignatureAlg...>
<HashFunction>MD5</HashFunction>
<Canonical...>...14n-20001026</Canonical...>
<Transform>...#RoutingSignatureT...</Transform>
</XMLDsigPolicy>
</SignaturePolicies>
<EncryptionPolicies>
<XMLEncryptionPolicy Policyld="P-XMLEncrypt3DES-RSA-2048">
<EncryptionPolicyAlgorithm>http://www.w3.org/2001/04/xmlenc#</EncryptionPolicyAlgorit
hm>
<EncryptionMethod>http://www.w3.org/2001/04/xmlenc#3des-
cbc</EncryptionMethod>
<KeySize>2048</KeySize>
<KeyEncryptionMethod>http://www.w3.org/2001/04/xmlenc#rsa-
1_5</KeyEncryptionMethod>
</XMLEncryptionPolicy>
</EncryptionPolicies>
<EncryptionKeylnfo KeyOwner="x-
ccns:commerceone.com:CollaborationParty::sellParty">
<PublicKeylD>DefaultTestCert</PublicKeylD>
<X509Data> <X509Certificate>LS0tLS1...==</X509Certificate>
</X509Data>
</EncryptionKeylnfo>
</SecurityPolicies>
<SecurityChannel channelld="CHANNEL1"sourceConnector="x-
ccns:cup.commerceone.com:connector::centerSell"targetConnector="x-
ccns:cup.commerceone.com:connector::centerSell">
<Confidential Algorithmld="P-XMLEncrypt3DES-RSA-2048">
<PublicKeyName KeyOwner="x-
ccns:commerceone.com:CollaborationParty::sellParty">DefaultTestCert</PublicKeyName>
<MessagePart PartName="Order"isOptional="false"/>
<MessagePart PartName="Image"isOptional="false"/>
</Confidential>
</SecurityChannel>
<SecurityChannel channelld="CHANNEL2"sourceConnector="x-
ccns:cup.commerceone.com:connector::buy"targetConnector="x-
ccns:cup.commerceone.com:connector::sell">
<Integrity Algorithmld="P-XMLSignatureRSA-MD5-C14N">
<PublicKeyName KeyOwner="OwnerA">BuyerPublicKey</PublicKeyName>
<MessagePart PartName="Order"isOptional="false"/>
</Integrity>
</SecurityChannel>
</SecurityContractlCD>
这组安全措施拥有安全策略和安全通道两个主要部分。在本例中,存在一个可应用于整个消息的安全策略和实现安全策略的各个部分的多个安全通道。安全策略部分展示签名策略和加密策略与加密密钥信息。它也可以展示与验证、授权和不拒绝发送或接收有关的信息。在本实施例中,同一签名和加密策略应用于文档的所有部分。在其它实施例中,多种算法可应用于不同部分。为签名、加密和验证选择的算法通过包含选项集的模板抽象化,从而简化算法的选择。所选算法与逻辑单元和资源相联系,因此,不同服务或进程可以用于签名/核实和加密/解密消息的不同部分。可以在安全策略部分的加密密钥单元中发送公开密钥或证书。安全通道部分描述应用安全策略所涉及的服务或连接器。对于特定策略,通道部分标识要求有助于应用安全策略(例如,发送服务请求加密)的源连接器和应用安全策略或起应用安全策略的逻辑单元和资源的中介作用的目标连接器。对于特定安全策略,譬如,签名、加密、验证、授权或不拒绝,在安全通道部分中提供执行安全策略所需的特定信息。
用于确定安全措施的数据可以分类成消息和活动相关数据、CP-服务相关数据、安全算法相关数据、路由相关数据、加密密钥相关数据和配置数据。与这些类别的使用有关的一些附加细节描述如下。消息和活动相关数据涉及数字签名、加密、不拒绝和授权。对于不拒绝,接收者可能对发送者要求不拒绝措施,相当于可信方核实到接收者的发送者消息。类似地,发送者可能对接收者要求不拒绝措施,相当于可信方核实接收者接收到发送者消息。除了上面的描述之外,应该提及的是,如果希望细粒度,签名和加密可以按单元应用于特定数据项。另外,可以为发送和接收服务对指定超越。例如,预先存在的或已证明的关系可以与整个新关系区别对待。可以实现对安全策略的超越,以便在特殊情况下谨慎地降低(或保证提高)安全要求。
CP-服务相关数据包括验证和授权数据。授权是准许或拒绝访问网络资源的过程。访问大多数计算机安全系统的授权是两步过程。第一步是验证,验证保证了当事人(用户、进程、应用或服务)是它声明的那个。第二步是授权,授权使当事人可以根据他们的身份访问各种资源。授权也被称为访问控制。访问控制用于授权访问万维网站资源。它管理有关用户、用户群和指定给用户的角色的信息。SAML提供了基于XML的手段来共享SOAP消息中有关安全事件(验证和授权)和属性(例如,客户信贷分类)的信息。然后,可以将这个SAML数据发送给第三方,并且,这还启用了‘distributed trust(分布式信任)’,从而用户签一次名,但可以重新使用他们的验证或授权细节。借助于SAML或类似的可信方技术,发放授权机构在请求者提供证据的情况下,针对对资源万维网服务的访问类型,判定是否准许主题服务(subjectservice)或发送者给出的请求。授权判定允许或拒绝对特定资源的主题访问。SAML对于万维网服务安全来说是有用选项,但它要求最初信任度和技术资源。在SAML不适用或不是优选的情况下,可以使用诸如ID/密码和与ID相联系的特权表之类的其它手段。本发明不受使用的授权技术限制,而是更抽象地推广到从当前适用的或以后发明的技术当中选择的那个。借助于SAML授权或ID/密码技术,可以加密授权数据和将它编制成消息。
安全算法相关数据包括算法和有关签名、加密和不拒绝的配置选项。正如模式所示的那样,签名算法选项(XML或non-XML)可以包括XMLDsig的使用、规范化算法的选择、签名方法和摘要算法。加密/解密选项(XML或non-XML)可以包括密钥长度、密钥和方法。默认值可以被服务继承,超越服务偏爱或被服务偏爱超越。另外,如上所述,可以为CP对指定特定超越。也如上所述的选项模板简化了安全措施的协商。不同选项将应用于XML和non-XML算法,例如,签名算法。XML签名算法,例如,XMLDsig,可以提供方法、规范化、变换和摘要的选项,而non-XML算法,例如,PCKS#7,可能只有签名和摘要方法的选项。共同体标准安全模板的使用是优选的,以保证在各个服务的偏爱表之间至少存在一个匹配。共同体可能要求在共同体内工作的所有CP或所有服务支持特定共同体标准安全选项集,以保证可以在共同体内交换消息。
路由相关数据包括如何访问实现验证/核实、签名/核实和加密/解密的逻辑单元和资源。可以使用任何类型的访问信息,例如,通用资源名(URN)或通用资源定位符(URL)。正如在上面引用的现有应用之一中讨论的那样,消息可能分多个跳段穿过用于转化或其它增值服务的连接器。于是,可以将多个路由步骤与任何动作相联系。在任何转化和其它增值服务之后通常需要重新考虑安全。
上面一般性地讨论了加密密钥相关数据。
配置数据包括默认(例如,共同体或协作伙伴)偏爱和证件偏爱。
图4例示了当发送者对于安全措施的计算是本地的时,获取接收者信息的可替代实施例。在该图中,标出了本地登记表431和远程登记表432。在本例中,发送者是本地的,而接收者是远程的。在本地登记表431中发送者数据是当前的和完整的。收集(421)发送者信息和使它可用于计算(411)安全措施的逻辑单元和资源。接收者数据可能是当前的和完整的,例如,如果接收者处在与发送者相同的共同体中和存在全共同体的登记表,或者,如果最近已经获得和本地高速缓冲了接收者信息。取决于可以找出(431或432)接收者信息的地方,调用进程422或423,以收集接收者信息和使它可用于计算安全措施的逻辑单元。得出一组安全措施401。
图5例示了可以用于实现本发明的这些方面的程序逻辑单元和资源的一个网络。这个网络的逻辑部件包括:发送方收集部件551、接收方收集部件552、数据对象管理器541、路由管理器542、证件协商器531、模板协商器532、连接器管理器533、验证管理器521、策略管理器522、公开密钥管理器523、算法管理器524、策略制订器511、通道创建器512和安全措施文档创建器501。
在协作伙伴的共同体中运行生成安全措施的程序逻辑单元的一个实施例可以描述如下:收集接收者安全信息,包括验证发送者CP的属性断言。收集发送者安全信息。观察路由块以找出实现安全措施的所有连接器信息。为每个连接器获取能力参数。走过路由链以找出哪个连接器对用于验证、签名和加密。获取接收者的服务-活动-消息对象。这可能包括获取来自接收者的SAMsgSecurityPolicy对象。这将含有多个部分和可以含有针对整个消息的签名和加密策略。它也可能包括获取来自发送者的SAMsgSecurity Policy对象,由此将超越选项与SAMsgSecurityPolicy对象匹配(下面将计算超越判定表)。从SAMsgSecurityPolicy对象中找出这个消息所需的所有算法,创建RequiredAlgorithmList。为SenderInfo和ReceiverInfo两者获取共同体偏爱对象。这可能包括获取发送者的CommunitySecurityTemplatesPreference对象,发送者的CommunitySecurityTemplatesPreference对象包括安全算法模板和共同体安全策略偏爱。如果不是同一共同体,这还可能包括接收者的CommunitySecurityTemplatesPreference对象。如果它们处在同一共同体中,也许设置对象指针就足够了。为发送者和接收者两者获取CP-Service对象和为相应共同体获取CP对象。这可能包括创建发送者和接收者的CPSecu-rityPolicyPreference。根据RequiredAlgorithmList中的发送者和接收者偏爱和判定规则,从偏爱表中选择,和创建RequiredTemplateObjectList。如果服务的各个偏爱表在任何算法上都不匹配,共同体默认值可以生成匹配。为接收者服务获取ServiceAuthentication对象。这将含有指定的一种或多种验证方法,包括接受的证件和验证模式。将来自ServiceAuthentication对象的证件与来自发送者的CPSecurityPolicyPreference的可用证件匹配。如果存在不止一个的匹配,那么,获取与来自接收者的CPSecurityPolicyPre-ference,或来自与接收者相对应的CommunitySecurityTemplatesPreference的CredentialPreference匹配的那一个。从接收者的CPSecurityPolicy-Preference或从接收者的CommunitySecurityTemplatesPreference对象中获取SignMessageHeader和EncryptCredential的值。如果在每个位置中都未指定值,则将它设置成诸如假值或真值之类的默认值。将接收者选择的可用发送者证件、在接收者的ServiceAuthentication对象中指定的验证模式、SignMessageHeader布尔属性和EncryptCredential用于验证算法。根据连接器的PublicKeyCapability获取适当密钥。这可能包括如果要求加密,则获取发送者的加密密钥,而如果要求签名,则获取接收者的签名密钥ID。如果要求X509验证,则获取接收者的验证密钥ID。创建安全措施的策略部分。找出通道部分的连接器并创建安全措施的通道部分。
判定表可以用于实现与是否签名或加密一部分消息有关的那种偏爱协调。此外,可以使判定偏向于接受不签名的偏爱或接受接收者偏爱,或正好相反。可以用于实现可能判定规则的一些判定表如下:
| 发送者偏爱 | ||||
| 签名必选 | 签名可选 | 无签名 | ||
| 接收者偏爱 | 签名必选 | 签名 | 签名 | 错误 |
| 签名可选 | 签名 | 不签名 | 不签名 | |
| 无签名 | 错误 | 不签名 | 不签名 | |
| 发送者 | |||
| 加密必选 | 加密可选 | 无加密 | |
| 接收者 | 加密必选 | 加密 | 加密 | 错误 |
| 加密可选 | 加密 | 不加密 | 不加密 | |
| 无加密 | 错误 | 不加密 | 不加密 |
| 发送者 | ||||
| 签名必选 | 签名可选 | 无签名 | ||
| 接收者 | 签名必选 | 签名 | 签名 | 签名 |
| 签名可选 | 签名 | 不签名 | 不签名 | |
| 无签名 | 不签名 | 不签名 | 不签名 | |
| 发送者 | ||||
| 加密必选 | 加密可选 | 无加密 | ||
| 接收者 | 加密必选 | 加密 | 加密 | 加密 |
| 加密可选 | 加密 | 不加密 | 不加密 | |
| 无加密 | 不加密 | 不加密 | 不加密 | |
本发明容易推广到支持在沿着发送器和接收器之间的路径的中间连接器上的签名和加密。能够在不是消息发送者或最终接收者的沿着路由路径的连接器上签名和加密文档是有用的。这可用于网关、路由器和中心连接器。对于网关,如果签名/加密消息数据从一种封装协议转换成另一种封装协议,可能需要由网关进行签名和加密。对于路由器和中心连接器,希望将指向企业的单个进入/退出点用于外部共同体。路由器或中心连接器可以起中心安全集线器的作用,或代表整个企业组织安全操作。这可以简化PKI管理和其它管理负担。这种功能可以通过在共同体的企业部分中建立连接器的安全能力来配置。连接器可以根据封装/传输协议配置成具有签名能力或加密能力,或可以与其它连接器上的协作伙伴的签名和加密能力链接。在网关和路由器的情况中,你可以将连接器配置成使用CP所有者或网关/路由器连接器的密钥。
本领域的普通技术人员可以从前面的描述中明显看出,根据本发明的这些方面和部件可以构造出各种各样的系统和方法。一个实施例是为一个或多个消息在发送和接收服务之间的交换确定安全选项的方法。这种方法使用对于第一和第二服务可能采取机器安全简档形式的发送者和接收者安全偏爱。安全简档可以标识各个服务可接受的安全选项/元素和选项子集。选项可能包括签名或加密消息的一个或多个部分的要求、与一个或多个签名算法相对应的签名选项子集、与一个或多个加密算法相对应的加密选项子集、签名和加密密钥的标识和验证算法的标识。动态方法包括访问安全简档和选择各自服务可接受的特定选项集。可选地,这个选项集可以用于在各个服务之间传送消息。本发明的几个选项和方面可以加到这个实施例中。安全简档可以保存在第一和第二服务的安全逻辑单元可访问的一个或多个登记表中。在共同体或协作伙伴安全简档中可以指定默认选项子集和/或偏爱,并且,可以将它们复制到服务安全简档。签名或加密的要求可以应用于一部分消息或整个消息。签名和加密算法可以应用于整个消息,从而降低复杂性。签名和加密密钥可以是对称的,也可以是非对称的。验证可以由诸如SAML服务器之类的可信代理在在各个服务之间传送消息之前进行。可信代理所作的验证可以通过验证断言证明。可替代地,验证可以包括由接收服务提交证件加以检查。这些证件可以是消息的一部分,或者,除了消息之外,发送这些证件。除了验证之外,通过安全措施可以解决授权。安全简档可以包括至少一个授权算法的标识以建立发送服务的特权。这种授权可以由可信代理在传送消息之前或通过将证件提交给接收消息的服务实现。本发明的进一步方面考虑了用于签名和/加密的选项子集当中各个服务的偏爱。可以考虑服务之一或两者的偏爱。可以应用上面讨论的判定规则的任何一项,包括接收者取胜、发送者取胜、最安全取胜、最不安全取胜或两个服务偏爱的加权因素。安全措施的确定可以包括确定各方为了实现签名、加密、验证、授权或不拒绝的任意组合而使用的资源。资源、算法和选项集可以被包装到安全通道。安全通道可以实现安全的一个方面。
虽然通过参照上面详述的优选实施例和例子公开了本发明,但应该明白,这些例子的用途是说明性的,而不是限制性的。在所述的实施例中暗示了计算机辅助处理。于是,本发明可以用计算机辅助处理的方法、包括实现这些方法的逻辑单元的系统、利用逻辑单元实现这些方法的媒体、利用逻辑单元实现这些方法的数据流或计算机可访问处理服务具体化。可以设想,本领域的普通技术人员可以容易地作出修改和组合,这些修改和组合在本发明的精神和所附权利要求书的范围内。
计算机程序列表附录:
SecuritySenderReceiverInfo.XSD
<?xml version="1.0"encoding="UTF-8"?>
-<!--
edited with XML Spy v4.4U(http://www.xmlspy.com)by Symon Chang(Commerce One)
-->
-<xs:schema
targetNamespace="publicid:com.commerceone:schemas/contract/helperi
nfo/v1_0/SecuritySenderReceiverInfo.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:sicd="publicid:com.commerceone:schemas/soapextension/contrac
t/security/v1_0/SecurityContract.xsd"
xmlns:sicdr="publicid:com.commerceone:schemas/contract/helperinfo/v
1_0/SecuritySenderReceiverInfo.xsd"
xmlns:ds="http://www.w3.org/2000/09/xmidsig#"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns="publicid:com.commerceone:schemas/contract/helperinfo/v1_0/
SecuritySenderReceiverInfo.xsd"elementFormDefault="qualified"
attributeFormDefault="unqualified">
<xs:import
namespace="publicid:com.commerceone:schemas/soapextension/co
ntract/security/v1_0/SecurityContract.xsd"
schemaLocation="http://schemas.commerceone.com/schemas/soape
xtension/contract/security/v1_0/SecurityContract.xsd"/>
<xs:import namespace="urn:oasis:names:tc:SAML:1.0:assertion"
schemaLocation="http://www.oasis-
open.org/committees/security/docs/cs-sstc-schema-assertion-
01.xsd"/>
-<!--
Sender Security ICD Infomation Block
-->
-<xs:element name="SecuritySenderInfo"
type="SecuritySenderInfoType">
-<xs:annotation>
<xs:documentation>The root for all ICD security policyinfo from
the sender.</xs:documentation>
</xs:annotation>
</xs:element>
-<!--
Receiver Security ICD Infomation Block
-->
-<xs:element name="SecurityReceiverInfo"
type="SecurityReceiverInfoType">
-<xs:annotation>
<xs:documentation>The root for all ICD security policy info from
the Recevier.</xs:documentation>
</xs:annotation>
</xs:element>
-<!--
Main Elements
-->
-<xs:element name="CommunitySecurityTemplatesPreference">
-<xs:annotation>
<xs:documentation>Security Policy for this community,
Including Security Algorithm Templates,Community
Ssecurity Policy Preferences and Community Security Policy
Preference.</xs:documentation>
</xs:annotation>
-<xs:compiexType>
-<xs:sequence minOccurs="0">
<xs:element ref="sicdr:SecurityAlgorithmTemplates"
minOccurs="0"/>
-<xs:element name="CommunitySecurityPolicyPreference"
type="sicdr:ConfiguredPreferencePolicyType"
minOccurs="0">
-<xs:annotation>
<xs:documentation>The preference will be sign
header,encrypt credential,and credential
preference,etc.It will be the default value for
the whole community.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element ref="sicdr:SecurityPolicyTemplatePreference"
minOccurs="0"maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
-<xs:element name="SendingCPSecurityPolicyProfile">
-<xs:annotation>
<xs:documentation>The Security Profile for the sending
Collaboration Party.It has CP's Avallable Credentials
info.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:sequence minOccurs="0">
<xs:element name="AvallableCredentials"
type="sicdr:CredentialTypes"maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
-<xs:element name="SAMsgSecurityPolicy"
type="sicdr:SAMsgPartsType">
-<xs:annotation>
<xs:documentation>Each Server/Active/Message have multiple
parts and it can have signature and encryption policies for
the whole message.The authentication is defined at the
service level.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="PublicKeys"type="sicd:PublicKeyType">
-<xs:annotation>
<xs:documentation>Public key records for this CP.The KeyID
will be the unique key for the public key records.The
location will match all connectors within this
request.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="ConnectorCapability">
-<xs:annotation>
<xs:documentation>Connector Capability
Parameters</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:sequence>
-<xs:element name="EncryptionCapability"
type="xs:boolean">
-<xs:annotation>
<xs:documentation>Yes or No flag.The document
encryption/decryption can be performed at this
connector or not.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="SignatureCapability"
type="xs:boolean">
-<xs:annotation>
<xs:documentation>Yes or No flag.The signing the
message or verify the signature can be
performed at this connector or
not.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="EncryptionPublicKeyParty"
type="sicd:CollaberationPartyID"minOccurs="0">
-<xs:annotation>
<xs:documentation>The Public Key party that is
used for encryption.This can be either sender's
CP or the owner of the connector.If it is not
deflned,then the key of message receiver at
this connector location will be used for
encryption.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="SigningPubllcKeyParty"
type="sicd:CollaberationPartyID"minOccurs="0">
-<xs:annotation>
<xs:documentation>The Public Key party that is
used for signing.This can be any CP or the
owner of connector.If it is not defined,then
the Key of message sender at this location will
be used for signature.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
<xs:attribute name="ConnectorName"type="xs:string"
use="optional"/>
</xs:complexType>
</xs:element>
-<!--
Main Complex Types
-->
-<xs:complexType name="SendingServicesSecurityPolicyType">
-<xs:annotation>
<xs:documentation>Servcies security policy for each CP.This
can be the policy for either sending or receiving
service.</xs:documentation>
</xs:annotation>
-<xs:sequence minOccurs="0">
<xs:element ref="sicdr:SecurityPolicyTemplatePreference"
minOccurs="0"maxOccurs="unbounded"/>
-<xs:element ref="ServiceAuthentication"minOccurs="0">
-<xs:annotation>
<xs:documentation>Authentication method for a given
service,including Accepted Credentials and
Authentication Mode.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
-<xs:complexType name="ReceivingServicesSecurityPolicyType">
-<xs:annotation>
<xs:documentation>Receiving Services security policy for each
CP</xs:documentation>
</xs:annotation>
-<xs:complexContent>
-<xs:extension base="sicdr:SendingServicesSecurityPolicyType">
-<xs:sequence minOccurs="0">
-<xs:element ref="sicd:Authorization"minOccurs="0">
-<xs:annotation>
<xs:documentation>SAML Attribute Assertion
for the end connector to use.This will be a
data type from SMAL
Standard.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<!--
SimpleTypes
-->
-<xs:simpleType name="AuthenticateCapabilityTypes">
-<xs:annotation>
<xs:documentation>The Authenticate Capability for the
connector.</xs:documentation>
</xs:annotation>
-<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="LOCAL"/>
<xs:enumeration value="REMOTE"/>
<xs:enumeration value="BOTH"/>
<xs:enumeration value="NONE"/>
</xs:restriction>
</xs:simpleType>
-<xs:simpleType name="OverrideTypes">
-<xs:annotation>
<xs:documentation>Type of the override rules.This is used for
matching.</xs:documentation>
</xs:annotation>
-<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="Required"/>
<xs:enumeration value="Optional"/>
<xs:enumeration value="NotRequired"/>
</xs:restriction>
</xs:simpleType>
-<xs:simpleType name="NegotiationRuleTypes">
-<xs:annotation>
<xs:documentation>Type of the Negotiation Rules:when there
are multiple matches during the algorithm negotiation,the
rule will determine which algorithm will be picked.It can be
receiver wins,sender wins,highest requirement wins or
lowest requirement wins.</xs:documentation>
</xs:annotation>
-<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="ReceiverWins"/>
<xs:enumeration value="SenderWins"/>
<xs:enumeration value="MoreSecurityWins"/>
<xs:enumeration value="LessSecurityWins"/>
</xs:restriction>
</xs:simpleType>
-<xs:simpleType name="CategoryTypes">
-<xs:annotation>
<xs:documentation>Type of the algorithm
category</xs:documentation>
</xs:annotation>
-<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="XMLSignature"/>
<xs:enumeration value="Signature"/>
<xs:enumeration value="XMLEncryption"/>
<xs:enumeration value="Encryption"/>
<xs:enumeration value="NonRepudiation"/>
<xs:enumeration value="NonRepudiationReceipt"/>
</xs:restriction>
</xs:simpleType>
-<xs:simpleType name="CredentialTypes">
-<xs:annotation>
<xs:documentation>Type of the credential
algorithm</xs:documentation>
</xs:annotation>
-<xs:restrlction base="xs:NMTOKEN">
<xs:enumeration value="BASIC"/>
<xs:enumeration value="X509"/>
<xs:enumeration value="BASE64_BINARY"/>
<xs:enumeration value="ANONYMOUS"/>
<xs:enumeration value="NONE"/>
</xs:restriction>
</xs:simpleType>
-<!--
Elements and Complex types
-->
-<xs:element name="ServiceAuthentication">
-<xs:annotation>
<xs:documentation>Authentication method for a given service,
including Accepted Credentiais and Authentication
Mode.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:sequence>
-<xs:element name="AcceptedCredentials"
type="sicdr:CredentialTypes"maxOccurs="5">
-<xs:annotation>
<xs:documentation>Multiple credentiails can be
accpeted for a given
servlce.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element ref="sicd:AuthenticateMode"/>
</xs:sequence>
</xs:complexType>
</xs:element>
-<xs:complexType name="XMLSignatureAlgorithmTemplateType">
-<xs:annotation>
<xs:documentation>Define XMLDsig type of policy and
algorithms</xs:documentation>
</xs:annotation>
-<xs:complexContent>
-<xs:extension
base="sicdr:Abstract_SecurityAlgorithmTemplateType">
-<xs:sequence>
<xs:element ref="sicd:XMLDsigPolicy"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<xs:element name="XMLSignatureAlgorithmTemplate"
type="sicdr:XMLSignatureAlgorithmTemplateType">
-<xs:annotation>
<xs:documentation>This is for XML only
signature.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="TemplateDescription"type="xs:string">
-<xs:annotation>
<xs:documentation>This element is not used.It is a placeholder
to circumvent a Castor bug.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:complexType name="XMLEncryptionAlgorithmTemplateType">
-<xs:annotation>
<xs:documentation>Define XMLEnc type of policy and
algorithms</xs:documentation>
</xs:annotation>
-<xs:complexContent>
-<xs:extension
base="sicdr:Abstract_SecurityAlgorithmTemplateType">
-<xs:sequence>
<xs:element ref="sicd:XMLEncryptionPolicy"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<xs:element name="XMLEncryptionAlgorithmTemplate"
type="sicdr:XMLEncryptionAlgorithmTemplateType">
-<xs:annotation>
<xs:documentation>This is for XML only
encryption.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:complexType name="Abstract_SecurityAlgorithmTemplateType"
abstract="true">
-<xs:annotation>
<xs:documentation>The template will be used by the SIC
Builder during run-time algorithm
matching.</xs:documentation>
</xs:annotation>
-<xs:sequence minOccurs="0">
-<xs:element name="Category"type="sicdr:CategoryTypes"
minOccurs="0">
-<xs:annotation>
<xs:documentation>The category of security algorithm
template.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
<xs:attribute name="Name"type="xs:string"use="optional"/>
<xs:attribute name="ID"type="xs:string"use="optional"/>
</xs:complexType>
-<xs:complexType name="SecurityAlgorithmPreferenceType"
abstract="false">
-<xs:annotation>
<xs:documentation>The preference of each security algorithm
policy.</xs:documentation>
</xs:annotation>
-<xs:complexContent>
-<xs:extension
base="sicdr:Abstract_SecurityAlgorithmTemplateType">
-<xs:sequence>
<xs:element name="Preference"type="xs:short"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<xs:element name="SecurityAlgorithmTemplates">
-<xs:annotation>
<xs:documentation>Each Community will have a set of
recommended Security Algorithm for CP to select
from.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:sequence>
<xs:element ref="sicdr:XMLSignatureAlgorithmTemplate"
maxOccurs="unbounded"/>
<xs:element ref="sicdr:XMLEncryptionAlgorithmTemplate"
maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
-<xs:complexType name="ConfiguredPreferencePolicyType">
-<xs:annotation>
<xs:documentation>Define some configurable policy preference.
This can be either at whole communlty level or at the CP
level.</xs:documentation>
</xs:annotation>
-<xs:sequence>
-<xs:element name="SignMessageHeader"type="xs:boolean"
minOccurs="0">
-<xs:annotation>
<xs:documentation>If set then the Header and ICD
Block will be signed.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="EncryptCredential"type="xs:boolean"
minOccurs="0">
-<xs:annotation>
<xs:documentation>If set then the credential header
will be encrypted.This only apply to the non-SAML
type of of credential,where Authentication mode is
TARGET.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="CredentialPreference"
type="sicdr:CredentialTypes"minOccurs="0">
-<xs:annotation>
<xs:documentation>Select one from BASIC and X509.It
will be used,when there are multiple credential
matched condition.SICB will pick the one matches
to this field first.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="NegotiationRule"
type="NegotiationRuleTypes"minOccurs="0">
-<xs:annotation>
<xs:documentation>When there are multiple matches
during the algorithm negotiation,the rule will
determine which algorithm will be picked.It can be
receiver wins,sender wins,highest requirement
wins or lowest requirement
wins.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
-<xs:element name="SecurityPolicyTemplatePreference"
type="sicdr:SecurityAlgorithmPreferenceType">
-<xs:annotation>
<xs:documentation>The preference will be signature,XML
signature,encryption,XML encryption,etc.It can have any
number of preferences in each category.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:complexType name="SAMsgPartElementType">
-<xs:annotation>
<xs:documentation>The element within the part from
Server/Activity/Message.</xs:documentation>
</xs:annotation>
-<xs:simpleContent>
-<xs:extension base="xs:string">
<xs:attribute name="Signature"type="xs:boolean"
use="optional"/>
<xs:attribute name="SignatureType"type="xs:anyURI"
use="optional"/>
<xs:attribute name="Encryption"type="xs:boolean"
use="optional"/>
<xs:attribute name="EncryptionType"type="xs:anyURI"
use="optional"/>
<xs:attribute name="BlockId"type="xs:short"
use="optional"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
-<xs:complexType name="SAMsgPartType">
-<xs:annotation>
<xs:documentation>The part within a
message.</xs:documentation>
</xs:annotation>
-<xs:sequence minOccurs="0">
-<xs:element name="SAMsgPartElement"minOccurs="0"
maxOccurs="unbounded">
-<xs:annotation>
<xs:documentation>This is for each
CP/Service/Activity/Message.The element is
defined by using XPath.If an element within the
part is defined,then the attributes of the element
will be used to determinewhether the element will
be signed or encrypted.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:simpleContent>
<xs:extension base="sicdr:SAMsgPartElementType"
/>
</xs:simpleContent>
</xs:complexType>
</xs:element>
-<xs:element name="PartSignatureAlgCategory"
type="sicdr:SAMsgPartSignatureAlgorithmType"
minOccurs="0">
-<xs:annotation>
<xs:documentation>If the signature algorithm is
defined,then the whole part will be
signed.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="PartEncryptionAlgCategory"
type="sicdr:SAMsgPartEncryptionAlgorithmType"
minOccurs="0">
-<xs:annotation>
<xs:documentation>If the encryption algorithm is
defined,then the whole part will be
encrypted.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
<xs:attribute name="PartName"type="xs:string"use="required"/>
<xs:attribute name="SignatureType"type="xs:anyURI"
use="optional"/>
<xs:attribute name="EncryptionType"type="xs:anyURI"
use="optional"/>
<xs:attribute name="BlockId"type="xs:short"use="optional"/>
<xs:attribute name="isOptional"type="xs:boolean"use="optional"
default="false"/>
</xs:complexType>
-<xs:complexType name="SAMsgPartsType">
-<xs:annotation>
<xs:documentation>The root for parts in a message for each
CP/Service/Activity.</xs:documentation>
</xs:annotation>
-<xs:sequence>
-<xs:element name="SAMsgPart"type="sicdr:SAMsgPartType"
minOccurs="0"maxOccurs="unbounded">
-<xs:annotation>
<xs:documentation>This is for each
CP/Service/Activity.Each message part has
multiple elements and it can have signature or
encryption policies for the message
part.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="SAMsgSignatureAlgCategory"
type="sicdr:SAMsgSignatureAlgorithmType"minOccurs="0">
-<xs:annotation>
<xs:documentation>If the signature policy is defined,
then the whole message will be
signed.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="SAMsgEncryptionAlgCategory"
type="sicdr:SAMsgEncryptionAlgorithmType"minOccurs="0">
-<xs:annotation>
<xs:documentation>If the encryption policy is defined,
then the whole message will be
encrypted.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
<xs:attribute name="MessageName"type="xs:string"use="optional"
/>
</xs:complexType>
-<xs:complexType name="Abstract_CPMessageSecurityAlgorithmType"
abstract="true">
-<xs:annotation>
<xs:documentation>This type will have Encryption or Signature
Algorithms.</xs:documentation>
</xs:annotation>
<xs:attribute name="Override"type="sicdr:OverrideTypes"
use="optional"/>
</xs:complexType>
-<xs:complexType name="SAMsgPartEncryptionAlgorithmType">
-<xs:annotation>
<xs:documentation>Define the encryption policy for each part
within a message per
CP/Service/Activity</xs:documentation>
</xs:annotation>
-<xs:complexContent>
-<xs:extension
base="sicdr:Abstract_CPMessageSecurityAlgorithmType">
-<xs:sequence>
-<xs:choice>
<xs:element name="XMLEncryptionAlgCategory"
type="sicdr:CategoryTypes"
fixed="XMLEncryption"minOccurs="0"/>
<xs:element name="EncryptionAlgCategory"
type="sicdr:CategoryTypes"fixed="Encryption"
minOccurs="0"/>
</xs:choice>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<xs:complexType name="SAMsgEncryptionAlgorithmType">
-<xs:annotation>
<xs:documentation>Define the category of the encryption policy
for the whole message per CP/Service/Activity.In this case,
both XML and Non-XML must be defined.</xs:documentation>
</xs:annotation>
-<xs:complexContent>
-<xs:extension
base="sicdr:Abstract_CPMessageSecurityAlgorithmType">
-<xs:sequence>
<xs:element name="XMLEncryptionAlgCategory"
type="sicdr:CategoryTypes"fixed="XMLEncryption"
/>
<xs:element name="EncryptionAlgCategory"
type="sicdr:CategoryTypes"fixed="Encryption"
minOccurs="0"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<xs:complexType name="SAMsgPartSignatureAlgorithmType">
-<xs:annotation>
<xs:documentation>Define the signature policy for each part
within a message per
CP/Service/Activity</xs:documentation>
</xs:annotation>
-<xs:complexContent>
-<xs:extension
base="sicdr:Abstract_CPMessageSecurityAlgorithmType">
-<xs:sequence>
-<xs:choice>
<xs:element name="SignatureAlgCategory"
type="sicdr:CategoryTypes"fixed="Signature"
minOccurs="0"/>
<xs:element name="XMLSignatureAlgCategory"
type="sicdr:CategoryTypes"
fixed="XMLSignature"minOccurs="0"/>
</xs:choice>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<xs:complexType name="SAMsgSignatureAlgorithmType">
-<xs:annotation>
<xs:documentation>Define the category of the signature policy
for the whole message per CP/Service/Activity.In this case,
only the XML Signature algorithm will be
defined.</xs:documentation>
</xs:annotation>
-<xs:complexContent>
-<xs:extension
base="sicdr:Abstract_CpMessageSecurityAlgorithmType">
-<xs:sequence>
<xs:element name="XMLSignatureAlgCategory"
type="sicdr:CategoryTypes"fixed="XMLSignature"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<xs:element name="CPSendServicesSecurityPolicy">
-<xs:annotation>
<xs:documentation>For the CP/Sending Service will have a set
of security policy.The policy is deflned per Sending CP's
preferences.This will be used for
override.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:complexContent>
-<xs:extension
base="sicdr:SendingServicesSecurityPolicyType">
-<xs:attribute name="AuthenticateParty"
type="sicd:CollaberationPartyID"use="optional">
-<xs:annotation>
<xs:documentation>Host service delegate
party ID or the Sender's party
ID</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="DelegateFlag"type="xs:boolean"
use="optional"default="false"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</xs:element>
-<xs:complexType name="SecuritySenderInfoType">
-<xs:complexContent>
-<xs:extension base="SecurityInfoType">
-<xs:sequence minOccurs="0">
<xs:element ref="sicdr:SendingCPSecurityPolicyProfile"
minOccurs="0"/>
-<xs:element ref="CPSendServicesSecurityPolicy"
minOccurs="0">
-<xs:annotation>
<xs:documentation>For the Cp/Sending
Service will have a set of security policy.
The policy is defined perSending CP's
preferences.This will be used for
override.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<xs:element name="CPRecvServicesSecurityPolicy"
type="sicdr:ReceivingServicesSecurityPolicyType">
-<xs:annotation>
<xs:documentation>For each CP,every Receiving Service will
have a set of security policy.The pollcy is defined per
Receiving CP's requirements.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:complexType name="SecurityReceiverInfoType">
-<xs:complexContent>
-<xs:extension base="sicdr:SecurityInfoType">
-<xs:sequence minOccurs="0">
-<xs:element ref="sicdr:CPRecvServicesSecurityPolicy"
minOccurs="0">
-<xs:annotation>
<xs:documentation>For each CP,every
Receiving Service will have a set of
security policy.The policy is defined per
Receiving CP's
requirements.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<xs:complexType name="SecurityInfoType">
-<xs:sequence minOccurs="0">
-<xs:element
ref="sicdr:CommunitySecurityTemplatesPreference"
minOccurs="0">
-<xs:annotation>
<xs:documentation>Security Policy for this community,
including Security Algorithm Templates,default
security Policy Templates and Community Security
Policy Preference.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element ref="sicdr:SAMsgSecurityPolicy"minOccurs="0">
-<xs:annotation>
<xs:documentation>Each Server/Active/Message have
multiple parts and it can have signature and
encryption policies for the whole message.The
authentication is defined at the service
level.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element ref="sicdr:PublicKeys"minOccurs="0"
maxOccurs="unbounded">
-<xs:annotation>
<xs:documentation>Public key records for this CP.The
KeyID will be the unlque key for the public key
records.The location will match all connectors
within this request.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element ref="sicdr:ConnectorCapability"minOccurs="0"
maxOccurs="unbounded">
-<xs:annotation>
<xs:documentation>Connector Capabllity
Parameters</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element ref="sicd:SecurityContainer"minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="passcode"type="xs:base64Binary"
use="optional"/>
</xs:complexType>
</xs:schema>
SecurityContractKeyInfo.XSD
<?xml version="1.0"encoding="UTF-8"?>
-<!--
edited with XML Spy v4.4U(http://www.xmlspy.com)by Symon Chang(Commerce One)
-->
-<xs:schema
targetNamespace="publicid:com.commerceone:schemas/soapextension/c
ontract/security/v1_0/SecurityContract.xsd"
xmlns:sicd="publicid:com.commerceone:schemas/soapextension/contrac
t/security/v1_0/SecurityContract.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
elementFormDefault="qualified"attrlbuteFormDefault="unqualified"
version="1.0">
-<xs:simpleType name="CollaberationPartyID">
-<xs:annotation>
<xs:documentation>This is the Collaboration Partner's
ID</xs:documentation>
</xs:annotation>
<xs:restriction base="xs:string"/>
</xs:simpleType>
-<xs:simpleType name="KeyUsageTypes">
-<xs:annotation>
<xs:documentation>Key is used for signature,encryption,
and/or authentication.</xs:documentation>
</xs:annotation>
-<xs:restriction base="xs:NMTOKENS">
<xs:enumeration value="AUTHENTICATION"/>
<xs:enumeration value="ENCRYPTION"/>
<xs:enumeration value="SIGNATURE"/>
<xs:enumeration value="SSL"/>
</xs:restriction>
</xs:simpleType>
-<xs:simpleType name="KeyAlgorithmTypes">
-<xs:annotation>
<xs:documentation>Key is RSA or DSA type of
key.</xs:documentation>
</xs:annotation>
-<xs:restriction base="xs:NMTOKENS">
<xs:enumeration value="RSA"/>
<xs:enumeration value="DSA"/>
</xs:restriction>
</xs:simpleType>
-<xs:simpleType name="AuthenticateModeTypes">
-<xs:annotation>
<xs:documentation>The location of where the authentication
takes place.NONE means neither source nor target
connector will perform the authentication.This may be the
case of letting foreign connector to perform the
authentication.</xs:documentation>
</xs:annotation>
-<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="SOURCE"/>
<xs:enumeration value="TARGET"/>
<xs:enumeration value="NONE"/>
</xs:restriction>
</xs:simpleType>
-<xs:element name="PublicKey"type="sicd:PublicKeyType">
-<xs:annotation>
<xs:documentation>The Public Key record.Each public key will
have partyID,KeyInfo,description and
usages.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="EncryptionKeyInfo">
-<xs:annotation>
<xs:documentation>The KeyInfo that has both PublicKeyID and
X509Data for encryption.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:complexContent>
-<xs:extension base="sicd:KeyInfoType">
<xs:attribute name="KeyOwner"
type="sicd:CollaberationPartyID"use="optional"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</xs:element>
-<xs:complexType name="PublicKeyType">
-<xs:annotation>
<xs:documentation>The Public Key record,including PartyID,
KeyInfo,Usages and Description.</xs:documentation>
</xs:annotation>
-<xs:sequence>
<xs:element ref="sicd:PartyID"/>
-<xs:element ref="sicd:EncryptionKeyInfo">
-<xs:annotation>
<xs:documentation>The KeyInfo block that has KeyID
and X509 Data.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element ref="sicd:KeyTypeUsage"maxOccurs="4">
-<xs:annotation>
<xs:documentation>Key is used for signature,
encryption,and/or
authentication.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="KeyAlgorithm"
type="sicd:KeyAlgorithmTypes"minOccurs="0">
-<xs:annotation>
<xs:documentation>The Key is RSA or DSA
key</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element ref="sicd:Description"minOccurs="0"/>
-<xs:element name="Location"type="xs:string"minOccurs="0">
-<xs:annotation>
<xs:documentation>The connector ID that key the
Private Key.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
-<xs:element name="PartyID"type="sicd:CollaberationPartyID">
-<xs:annotation>
<xs:documentation>Trading partner ID or Collaboration Partner
ID in UUID format.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="Description"type="xs:string">
-<xs:annotation>
<xs:documentation>The description of the
key</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="KeyTypeUsage"type="sicd:KeyUsageTypes">
-<xs:annotation>
<xs:documentation>Key is used for signature,encryption,
and/or authentication.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="KeyInfo">
-<xs:annotation>
<xs:documentation>The KeyInfo object is from the XMLDsig
ds:KeyInfo object.However,within SICD we only use Public
Key ID field.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:sequence>
<xs:element ref="sicd:PublicKeyID"/>
</xs:sequence>
</xs:complexType>
</xs:element>
-<xs:element name="PublicKeyID"type="xs:string">
-<xs:annotation>
<xs:documentation>The Public Key ID is a unique key ID(UUID
or from XMKS server).</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="PublicKeyName"type="sicd:PublicKeyNameType">
-<xs:annotation>
<xs:documentation>The Name of the Public Key.It is same as
the PublicKeyID but has owner name as the optional
attribute.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:complexType name="PublicKeyNameType">
-<xs:simpleContent>
-<xs:extension base="xs:string">
<xs:attribute name="KeyOwner"
type="sicd:CollaberationPartyID"use="optional"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
-<xs:complexType name="KeyInfoType">
-<xs:annotation>
<xs:documentation>This is for Encryption.The KeyInfo object is
from the XMLDsig ds:KeyInfo object.However,within SICD
we only use Public Key ID and X509 Certificate two
fields.</xs:documentation>
</xs:annotation>
-<xs:sequence>
<xs:element ref="sicd:PublicKeyID"/>
-<xs:element name="X509Data"minOccurs="0">
-<xs:complexType>
-<xs:sequence>
<xs:element name="X509Certificate"
type="xs:base64Binary"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
-<!--
Pollcy Types
-->
-<xs:complexType name="Abstract_PolicyType"abstract="true">
-<xs:annotation>
<xs:documentation>This is the abstract policy for all security
policy related algorithm.The ID is the Template Name for
the Algorithm.</xs:documentation>
</xs:annotation>
<xs:attribute name="PolicyId"type="xs:string"use="optional"/>
</xs:complexType>
-<xs:complexType name="Abstract_CredentialPolicyType"
abstract="true">
-<xs:annotation>
<xs:documentation>This is the abstract policy for authentication
credential policy algorithm.</xs:documentation>
</xs:annotation>
-<xs:complexContent>
-<xs:extension base="sicd:Abstract_PolicyType">
-<xs:sequence>
<xs:element name="CredentialPolicyAlgorithm"
type="xs:string"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<xs:element name="AuthenticateImplementation"type="xs:string">
-<xs:annotation>
<xs:documentation>Optional for different implementation,such
as SAML,SecureID,or Kerberos.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="AuthenticateMode"
type="sicd:AuthenticateModeTypes">
-<xs:annotation>
<xs:documentation>The location of where the authentication
takes place.It can be either SOURCE connector or TARGET
connector.SOURCE means the sender's local connectors will
perform SAML Single Sign-On type of authentication.
TARGET means the connector on the receiving end will
perform the authentication.NONE means neither source nor
target connector will perform the authentication.This may
be the case of letting forelgn connector to perform the
authentication.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:complexType name="AuthenticationCredentialPolicyType">
-<xs:annotation>
<xs:documentation>This authentication and credential policy
will work for Basic and X509.</xs:documentation>
</xs:annotation>
-<xs:complexContent>
-<xs:extension base="sicd:Abstract_CredentialPolicyType">
-<xs:sequence minOccurs="0">
<xs:element ref="sicd:AuthenticateMode"/>
<xs:element ref="sicd:AuthenticateImplementation"
minOccurs="0"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<xs:complexType name="AnonymousCredentialPolicyType">
-<xs:annotation>
<xs:documentation>This is an anonymous credentlal policy type
that has no credential.</xs:documentation>
</xs:annotation>
-<xs:complexContent>
-<xs:restriction base="sicd:Abstract_CredentialPolicyType">
-<xs:sequence>
<xs:element name="CredentialPolicyAlgorithm"
type="xs:string"fixed="Anonymous"/>
</xs:sequence>
</xs:restrlction>
</xs:complexContent>
</xs:complexType>
-<xs:complexType name="BasicCredentialPolicyType">
-<xs:annotation>
<xs:documentation>This is a basic credential policy type that
uses ID and password as credential.</xs:documentation>
</xs:annotation>
-<xs:complexContent>
<xs:extension base="sicd:AuthenticationCredentialPolicyType"
/>
</xs:complexContent>
</xs:complexType>
-<xs:complexType name="X509CredentialPolicyType">
-<xs:annotation>
<xs:documentation>This is a X509 credential policy
type.</xs:documentation>
</xs:annotation>
-<xs:complexContent>
<xs:extension base="sicd:AuthenticationCredentialPolicyType"
/>
</xs:complexContent>
</xs:complexType>
-<xs:complexType name="BASE64_BINARYCredentialPolicyType">
-<xs:annotation>
<xs:documentation>This is a BASE64_BINARY_CREDENTIAL
policy type.</xs:documentation>
</xs:annotation>
-<xs:complexContent>
-<xs:extension base="sicd:AuthenticationCredentialPolicyType">
-<xs:sequence>
<xs:element name="valueType"type="xs:QName"/>
<xs:element name="encodingType"type="xs:QName"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<xs:complexType name="Abstract_EncryptionPolicyType"
abstract="true">
-<xs:annotation>
<xs:documentation>This is the abstract policy for Encryption
policy algorithm.</xs:documentation>
</xs:annotation>
-<xs:complexContent>
-<xs:extension base="sicd:Abstract_PolicyType">
-<xs:sequence>
<xs:element name="EncryptionPolicyAlgorithm"
type="xs:string"/>
<xs:element name="EncryptionMethod"type="xs:string"
/>
<xs:element ref="sicd:KeySize"/>
<xs:element ref="sicd:SymmetryKeySize"minOccurs="0"
/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<xs:complexType name="EncryptionPolicyType">
-<xs:annotation>
<xs:documentation>This encryption policy will work for both
XMLEnc and PKCS#7.</xs:documentation>
</xs:annotation>
-<xs:complexContent>
-<xs:extension base="sicd:Abstrect_EncryptionPolicyType">
-<xs:sequence>
<xs:element name="KeyEncryptionMethod"
type="xs:string"minOccurs="0"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<xs:element name="KeySize">
-<xs:annotation>
<xs:documentation>This is the asymmetry encryption or
symmetry key size,depends which algorithm is used.For an
asymmetry case,this will be the asymmetry key size,and
the symmetry key size is defined on the SymmetryKeySize
field.</xs:documentation>
</xs:annotation>
-<xs:simpleType>
-<xs:restriction base="xs:short">
<xs:minInclusive value="56"/>
<xs:maxExclusive value="4096"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
-<xs:element name="SymmetrykeySize">
-<xs:annotation>
<xs:documentation>This is the symmetry encryption key size,if
the asymmetry algorithm is used.</xs:documentation>
</xs:annotation>
-<xs:simpleType>
-<xs:restriction base="xs:short">
<xs:minInclusive value="56"/>
<xs:maxExclusive value="4096"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
-<xs:complexType name="XMLEncryptionPolicyType">
-<xs:annotation>
<xs:documentation>This will work for any encryption policy
type.</xs:documentation>
</xs:annotation>
-<xs:complexContent>
-<xs:extension base="sicd:Abstract_EncryptionPolicyType">
-<xs:sequence>
<xs:element name="KeyEncryptionMethod"
type="xs:string"
default="http://www.w3.org/2001/04/xmlenc#rsa
-1_5"/>
<xs:element name="DecryptionTransform"
type="xs:string"minOccurs="0"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<xs:complexType name="Abstract_SignaturePolicyType"abstract="true">
-<xs:annotation>
<xs:documentation>This is the abstract policy for Digital
Signature policy algorithm.</xs:documentation>
</xs:annotation>
-<xs:complexContent>
-<xs:extension base="sicd:Abstract_PolicyType">
-<xs:sequence>
<xs:element name="SignaturePolicyAlgorithm"
type="xs:string"/>
<xs:element name="SignatureAlgorithm"
type="xs:string"/>
<xs:element name="HashFunction"type="xs:string"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<xs:complexType name="SlgnaturePolicyType">
-<xs:annotation>
<xs:documentation>This will work for any digital signature
policy type.</xs:documentation>
</xs:annotation>
-<xs:complexContent>
<xs:extension base="sicd:Abstract_SignaturePolicyType"/>
</xs:complexContent>
</xs:complexType>
-<xs:complexType name="XMLDsigPolicyType">
-<xs:annotation>
<xs:documentation>This is for XMLDslg
policy.</xs:documentation>
</xs:annotation>
-<xs:complexContent>
-<xs:extension base="sicd:SignaturePollcyType">
-<xs:sequence>
<xs:element name="CanonicalizationMethod"
type="xs:string"minOccurs="0"/>
<xs:element name="Transform"type="xs:string"
minOccurs="0"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<!--
Message Part
-->
-<xs:complexType name="PartElementType">
-<xs:annotation>
<xs:documentation>Xpath is used to define the element within
the part of the message.</xs:documentation>
</xs:annotation>
-<xs:simpleContent>
-<xs:extension base="xs:string">
<xs:attribute name="Type"type="xs:anyURI"use="optional"
/>
<xs:attribute name="BlockId"type="xs:short"
use="optional"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
-<xs:complexType name="MessagePartsType">
-<xs:annotation>
<xs:documentation>The part within a message.URI is used to
define the part.</xs:documentation>
</xs:annotation>
-<xs:sequence>
-<xs:element name="PartElement"type="sicd:PartElementType"
minOccurs="0"maxOccurs="unbounded">
-<xs:annotation>
<xs:documentation>The element within the part.It is
only appiy to XML type of message
part.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
<xs:attribute name="PartName"type="xs:string"use="required"/>
<xs:attribute name="Type"type="xs:anyURI"use="optional"/>
<xs:attribute name="AlgorithmId"type="xs:string"use="optional"/>
<xs:attribute name="BlockId"type="xs:short"use="optional"/>
<xs:attribute name="isOptional"type="xs:boolean"use="optional"
default="false"/>
</xs:complexType>
-<xs:element name="MessagePart"type="sicd:MessagePartsType">
-<xs:annotation>
<xs:documentation>The part wlthin the message.The
AlgorithmId is for this part.If the AlgorithmId is not
defined,then parent's AlgorithmId will be
used.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:schema>
SecurityContract.XSD
<?xml version="1.0"encoding="UTF-8"?>
-<!--
edited with XML Spy v4.4U(http://www.xmlspy.com)by Chong Hsu(Commerce One)
-->
-<!--
Security Interop Contract Document
Created by:Symon Chang
Copyright 2002 Commerce One,Inc.
-->
-<xs:schema
targetNamespace="publicid:com.commerceone:schemas/soapextension/c
ontract/security/v1_0/SecurityContract.xsd"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:sicd="publicid:com.commerceone:schemas/soapextension/contrac
t/security/v1_0/SecurityContract.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
elementFormDefault="qualified"attributeFormDefault="unqualified"
version="1.0">
-<!--
imports
-->
-<!--
<xs:import
namespace="publicid:com.commerceone:schemas/soapextension/contract/v1_0/Intero
perabilityContract.xsd"
schemaLocation="http://schemas.commerceone.com/schemas/soapextension/contract/
v1_0/InteroperabilityContract.xsd"/>
-->
<xs:import namespace="urn:oasis:names:tc:SAML:1.0:assertion"
schemaLocation="http://www.oasis-
open.org/committees/security/docs/cs-sstc-schema-assertion-
01.xsd"/>
-<!--
includes
-->
<xs:include schemaLocation="SecurityContractKeyInfo.xsd"/>
-<!--
Schema for Security Policies
-->
-<!--
top element
-->
-<xs:element name="SecurityContractICD"
type="sicd:SecurityContractType">
-<xs:annotation>
<xs:documentation>The Security Interop Contract agreement.It
defines Policies and channels for security
policides.</xs:documentation>
</xs:annotation>
</xs:element>
-<!--
Schema for Security Policies
-->
-<!--
Define Crdetential Policies
-->
-<xs:element name="BasicCredentialPolicy"
type="sicd:BasicCredentialPolicyType">
-<xs:annotation>
<xs:documentation>The credential and authentication algorithm
policy for ID and Password.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="X509CredentialPolicy"
type="sicd:X509CredentialPolicyType">
-<xs:annotation>
<xs:documentation>The credential and authentication algorithm
policy for X.509 Certificate.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="AnonymousCredentialPolicy"
type="sicd:AnonymousCredentialPolicyType">
-<xs:annotation>
<xs:documentation>The credential and authentication algorithm
policy for no credential.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="BASE64_BINARYCredentialPolicy"
type="sicd:BASE64_BINARYCredentialPollcyType">
-<xs:annotation>
<xs:documentation>The credential and authentication algorithm
policy for BASE64_BINARY_CREDENTIAL</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="AuthenticationPollcies">
-<xs:annotation>
<xs:documentation>The abstraction for credential and
authentication algorithm policy.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:sequence>
<xs:element ref="sicd:BasicCredentialPolicy"minOccurs="0"
maxOccurs="unbounded"/>
<xs:element ref="sicd:X509CredentialPolicy"minOccurs="0"
maxOccurs="unbounded"/>
<xs:element ref="sicd:BASE64_BINARYCredentialPolicy"
minOccurs="0"maxOccurs="unbounded"/>
<xs:element ref="sicd:AnonymousCredentlalPolicy"
minOccurs="0"maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
-<!--
Define Encryption Policies
-->
-<xs:element name="EncryptionPolicy"
type="sicd:EncryptionPolicyType">
-<xs:annotation>
<xs:documentation>The encryption algorithm and policy,such
as PCSK#7,or S/MIME.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="XMLEncryptionPolicy"
type="sicd:XMLEncryptionPolicyType">
-<xs:annotation>
<xs:documentation>The encryption algorithm and policy for
XMLEnc.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="EncryptionPolicies">
-<xs:annotation>
<xs:documentation>The group of encryption algorithms and
policies for XMLEnc,PCSK#7,or S/MIME.The PolicyID will
be the TemplateID in the Registry.This ID will be used in
the Channel Section as AlgorithmID to identify which
encryption policy algorithm will be used.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:sequence>
<xs:element ref="sicd:XMLEncryptionPolicy"minOccurs="0"
maxOccurs="unbounded"/>
<xs:element ref="sicd:EncryptionPolicy"minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
-<!--
Digital Signature Policy
-->
-<xs:element name="XMLDsigPolicy"type="sicd:XMLDsigPolicyType">
-<xs:annotation>
<xs:documentation>The signature algorithm and policy for
XMLDsig.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="SignaturePolicy"type="sicd:SignaturePolicyType">
-<xs:annotation>
<xs:documentation>The signature algorithm and policy for
XMLDsig,PCSK#7 or S/MIME.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="SignaturePolicies">
-<xs:annotation>
<xs:documentation>The group of digital signature algorithms
and policies for XMLDsig,PCKS#7,or S/MIME.The Policy ID
will be the TemplateID in the Registry.This Policy ID will be
used in the Channel Section as AlgorithmID to identify
which sinature policy algorithm will be
used.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:sequence>
<xs:element ref="sicd:XMLDsigPolicy"minOccurs="0"
maxOccurs="unbounded"/>
<xs:element ref="sicd:SignaturePolicy"minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
-<!--
Non-repudiation
-->
-<xs:element name="NonRepudiationPolicy"
type="sicd:SignaturePolicyType"
substitutionGroup="sicd:NonRepudiationPolicies">
-<xs:annotation>
<xs:documentation>The non-repudiation algorithm and policy
that use digital signature.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="NonRepudiationPolicies"
type="sicd:Abstract+_PolicyType"abstract="true">
-<xs:annotation>
<xs:documentation>The policy and algorithm for non-
repudiation of origin.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="NonRepudiationReceiptPolicy"
type="sicd:SignaturePolicyType"
substitutionGroup="sicd:NonRepudiationReceiptPolicies">
-<xs:annotation>
<xs:documentation>The non-repudiation algorithm and policy
that use digitai signature.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="NonRepudiationReceiptPolicies"
type="sicd:Abstract_PollcyType"abstract="true">
-<xs:annotation>
<xs:documentation>The policy and algorithm for non-
repudiation of receipt.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element name="SecurityPolicies">
-<xs:annotation>
<xs:documentation>The security Policies section.It defines all
policy reiated security policies.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:sequence>
<xs:element ref="sicd:AuthenticationPolicies"minOccurs="0"
/>
<xs:element ref="sicd:SignaturePolicies"minOccurs="0"/>
<xs:element ref="sicd:EncryptionPolicies"minOccurs="0"/>
<xs:element ref="sicd:NonRepudiationPolicies"
minOccurs="0"maxOccurs="unbounded"/>
<xs:element ref="sicd:NonRepudiationReceiptPollcies"
minOccurs="0"maxOccurs="unbounded"/>
<xs:element ref="sicd:EncryptionKeyInfo"minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
-<!--
Schema for Channel
-->
-<xs:complexType name="KeyAlgorithmType">
-<xs:annotation>
<xs:documentation>The root for Integrity and Confidential
blocks.All these two types of block within the Security
channel have to have PublicKeyID and Algorithm Id,so does
the signing and encryption policy within the Credential
block.</xs:documentation>
</xs:annotation>
-<xs:sequence>
<xs:element ref="sicd:PublicKeyName"/>
</xs:sequence>
<xs:attribute name="AlgorithmId"type="xs:string"use="optional"/>
</xs:complexType>
-<xs:complexType name="KeyMessagePartsType">
-<xs:annotation>
<xs:documentation>The root for parts in a message.It also
define the KeyInfo and the algorithm policy for all
parts.</xs:documentation>
</xs:annotation>
-<xs:complexContent>
-<xs:extension base="sicd:KeyAlgorithmType">
-<xs:sequence minOccurs="0">
<xs:element ref="sicd:MessagePart"minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="SequenceID"type="xs:short"
use="optional"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
-<xs:element name="Credential">
-<xs:annotation>
<xs:documentation>The credential and authentication policy.
Note that the CredentailEncryptionAlgorithm is here.This is
due to authentication will be preformed before the
decryption at inbound.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:sequence minOccurs="0">
-<xs:choice minOccurs="0">
-<xs:element name="PartyID"
type="sicd:CollaberationPartyID"minOccurs="0">
-<xs:annotation>
<xs:documentation>The party ID that is used
for Basic credential.</xs:documentation>
</xs:annotation>
</xs:element>
-<xs:element ref="sicd:PublicKeyName"minOccurs="0">
-<xs:annotation>
<xs:documentation>The key that is used for
X.509credential.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:choice>
-<xs:element name="CredentialEncryptionAlgorithm"
type="sicd:KeyAlgorithmType"minOccurs="0">
-<xs:annotation>
<xs:documentation>The Encryption Algorithm that
is used toencrypt the credential.This will only
be used when the Authentication mode is
TARGET.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
<xs:attribute name="AlgorithmId"type="xs:string"
use="required"/>
<xs:attribute name="SequenceID"type="xs:short"
use="optional"/>
<xs:attribute name="DeiegationFlag"type="xs:boolean"
use="optional"default="false"/>
</xs:complexType>
</xs:element>
-<xs:element name="Confidential">
-<xs:annotation>
<xs:documentation>The encryption security policy.The
AlgorithmId will be the tmeplateID from the Registry.If the
AlgorithmId is defined and no message parts,then the
whole message will be encrypted.In this case,if there are
Non-XML parts,then the NonXMLAlgorithmID will be
defined,too.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:complexContent>
-<xs:extension base="sicd:KeyMessagePartsType">
<xs:attribute name="NonXMLAlgorithmId"
type="xs:string"use="optional"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</xs:element>
-<xs:element name="Integrity">
-<xs:annotation>
<xs:documentation>The digital signature security policy.The
AlgorithmId will be the tmeplateID from the Registry.If the
AlgorithmID is defined,and no message parts then the
whole message will be signed.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:complexContent>
-<xs:extension base="sicd:KeyMessagePartsType">
-<xs:sequence minOccurs="0">
-<xs:element name="HeaderSignatureAlgorithm"
type="sicd:KeyAlgorithmType"minOccurs="0">
-<xs:annotation>
<xs:documentation>The Signature
Algorithm that is used to sign the
header credntial.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
<xs:attribute name="NonXMLAlgorithmId"
type="xs:string"use="optional"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</xs:element>
-<xs:element name="NonRepudiation">
-<xs:annotation>
<xs:documentation>The non-repudiation of orgin
policy.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:sequence>
<xs:element name="NROSignPart"
type="sicd:KeyMessagePartsType"/>
</xs:sequence>
</xs:complexType>
</xs:element>
-<xs:element name="NonRepudiationReceipt">
-<xs:annotation>
<xs:documentation>The non-repudiation of receipt
policy.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:sequence>
<xs:element name="NRRSignPart"
type="sicd:KeyMessagePartsType"/>
</xs:sequence>
</xs:complexType>
</xs:element>
-<xs:element name="Authorization">
-<xs:annotation>
<xs:documentation>The SAML attribute assertion for the
sending CP that will be pass to the receiving service.This
will be shown in the end-to-end security
channel.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:sequence minOccurs="0">
<xs:element ref="saml:Assertion"minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="RequireSubscription"type="xs:boolean"
use="required"/>
</xs:complexType>
-<!--
saml:AttributeStatementType">
-->
</xs:element>
-<xs:element name="SecurityContainer">
-<xs:annotation>
<xs:documentation>This will be the container for those piggy
back security related objects.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:sequence minOccurs="0">
-<xs:element name="MMLCredential"minOccurs="0">
-<xs:complexType>
-<xs:sequence minOccurs="0">
<xs:element name="MarketParticlpantID"
type="xs:string"minOccurs="0"/>
<xs:element name="TPName"type="xs:string"
minOccurs="0"/>
<xs:element name="TPShortName"
type="xs:string"minOccurs="0"/>
<xs:element name="TPRoleName"
type="xs:string"minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="PiggybackObject"type="xs:anyType"
minOccurs="0"maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
-<xs:element name="SecurityChannel">
-<xs:annotation>
<xs:documentation>The Security Channel defines the from
connector and to connector,and what to do within the
channel,such as authentication,encryption and digital
signature.</xs:documentation>
</xs:annotation>
-<xs:complexType>
-<xs:sequence>
<xs:element ref="sicd:Credential"minOccurs="0"/>
<xs:element ref="sicd:Confidential"minOccurs="0"/>
<xs:element ref="sicd:Integrity"minOccurs="0"/>
-<xs:element ref="sicd:Authorization"minOccurs="0">
-<xs:annotation>
<xs:documentation>The SAML attribute assertion
for the sending CP that will be pass to the
receiving service.This will be shown in the
end-to-end security
channel.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element ref="sicd:NonRepudiation"minOccurs="0"/>
<xs:element ref="sicd:NonRepudiationReceipt"
minOccurs="0"/>
-<xs:element ref="sicd:SecurityContainer"minOccurs="0">
-<xs:annotation>
<xs:documentation>This will be the container for
those piggy back security related
objects.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
<xs:attribute name="channelId"type="xs:string"use="optional"
/>
<xs:attribute name="sourceConnector"type="xs:string"
use="required"/>
<xs:attribute name="targetConnector"type="xs:string"
use="required"/>
</xs:complexType>
</xs:element>
-<xs:complexType name="SecurityContractType">
-<xs:sequence>
<xs:element ref="sicd:SecurityPolicies"/>
<xs:element ref="sicd:SecurityChannel"
maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:schema>
CommunitySecurityTemplatesInfo.XML
<?xml version="1.0"encoding="UTF-8"?>
-<!--
edited with XML Spy v4.4U(http://www.xmlspy.com)by Symon Chang(Commerce One)
-->
-<sicdr:CommunitySecurityTemplatesPreference
xmlns:sicdr="publicid:com.commerceone:schemas/contract/helperinfo/v
1_0/SecuritySenderReceiverInfo.xsd"
xmlns:sicd="publicid:com.commerceone:schemas/soapextension/contrac
t/security/v1_0/SecurityContract.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsl:schemaLocation="publicid:com.commerceone:schemas/contract/helpe
rinfo/v1_0/SecuritySenderReceiverInfo.xsd
http://schemas.commerceone.com/schemas/contract/helperinfo/v1_0
/SecuritySenderReceiverInfo.xsd">
-<sicdr:SecurityAlgorithmTempiates>
-<sicdr:XMLSignatureAlgorithmTemplate Name="DSA-SHA1-C14N"
ID="bb587fa0-b980-11d6-b8e9-c40beac518e7">
<sicdr:Category>XMLSignature</sicdr:Category>
-<sicd:XMLDsigPolicy PolicyId="P-XMLSignatureDSA-SHA1-C14N">
<sicd:SignaturePolicyAlgorithm>http://www.w3.org/2000
/09/xmldsig#</sicd:SignaturePolicyAlgorithm>
<sicd:SignatureAlgorithm>SHA1withDSA</sicd:SignatureAlg
orithm>
<sicd:HashFunction>SHA1</sicd:HashFunction>
<sicd:CanonicalizationMethod>http://www.w3.org/TR/20
00/CR-xml-c14n-
20001026</sicd:CanonicalizationMethod>
<sicd:Transform>http://msdn.microsoft.com/ws/2002/
01/Security#RoutingSignatureTransform</sicd:Transfor
m>
</sicd:XMLDsigPolicy>
</sicdr:XMLSignatureAlgorithmTemplate>
-<sicdr:XMLSignatureAlgorithmTemplate Name="DSA-SHA1-EXC14N"
ID="bb587fa0-b980-11d6-b8e6-c40beac518e7">
<sicdr:Category>XMLSignature</sicdr:Category>
-<sicd:XMLDsigPolicy PolicyId="P-XMLSignatureDSA-SHA1-
EXC14N">
<sicd:SignaturePolicyAlgorithm>http://www.w3.org/2000
/09/xmldsig#</sicd:SignaturePolicyAlgorithm>
<sicd:SignatureAlgorithm>SHA1withDSA</sicd:SignatureAlg
orithm>
<sicd:HashFunction>SHA1</sicd:HashFunction>
<sicd:CanonicalizationMethod>http://www.w3.org/2001/
10/xml-exc-c14n#</sicd:CanonicalizationMethod>
<sicd:Transform>http://msdn.microsoft.com/ws/2002/
01/Security#RoutingSignatureTransform</sicd:Transfor
m>
</sicd:XMLDsigPolicy>
</sicdr:XMLSignatureAlgorithmTemplate>
-<sicdr:XMLSignatureAlgorithmTemplate Name="RSA-MD5-C14N"
ID="bb587fa0-b980-11d6-b8e8-c40beac518e7">
<sicdr:Category>XMLSignature</sicdr:Category>
-<sicd:XMLDsigPolicy PolicyId="P-XMLSignatureRSA-MD5-C14N">
<sicd:SignaturePolicyAlgorithm>http://www.w3.org/2000
/09/xmldsig#</sicd:SignaturePolicyAlgorithm>
<sicd:SignatureAlgorithm>MD5withRSA</sicd:SignatureAlgo
rithm>
<sicd:HashFunction>MD5</sicd:HashFunction>
<sicd:CanonicalizationMethod>http://www.w3.org/TR/20
00/CR-xml-c14n-
20001026</sicd:CanonicalizationMethod>
<sicd:Transform>http://msdn.microsoft.com/ws/2002/
01/Securlty#RoutingSignatureTransform</sicd:Transfor
m>
</sicd:XMLDsigPolicy>
</sicdr:XMLSignatureAlgorithmTemplate>
-<sicdr:XMLSignatureAlgorithmTemplate Name="RSA-MD5-EXC14N"
ID="bb587fa0-b980-11d6-b8e5-c40beac518e7">
<sicdr:Category>XMLSignature</sicdr:Category>
-<sicd:XMLDsigPolicy PolicyId="P-XMLSignatureRSA-MD5-
EXC14N">
<sicd:SignaturePolicyAlgorithm>http://www.w3.org/2000
/09/xmldsig#</sicd:SignaturePolicyAlgorithm>
<sicd:SignatureAlgorithm>MD5withRSA</sicd:SignatureAlgo
rithm>
<sicd:HashFunction>MD5</sicd:HashFunction>
<sicd:CanonicalizationMethod>http://www.w3.org/2001/
10/xml-exc-c14n#</sicd:CanonlcalizationMethod>
<sicd:Transform>http://msdn.microsoft.com/ws/2002/
01/Security#RoutingSignatureTransform</sicd:Transfor
m>
</sicd:XMLDsigPolicy>
</sicdr:XMLSignatureAlgorithmTemplate>
-<sicdr:XMLSignatureAlgorithmTempiate Name="RSA-SHA1-C14N"
ID="bb587fa0-b980-11d6-b8e7-c40beac518e7">
<sicdr:Category>XMLSignature</sicdr:Category>
-<sicd:XMLDsigPolicy PolicyId="P-XMLSignatureRSA-SHA1-C14N">
<sicd:SignaturePolicyAlgorithm>http://www.w3.org/2000
/09/xmldsig#</sicd:SignaturePolicyAlgorithm>
<sicd:SignatureAlgorithm>SHA1withRSA</sicd:SignatureAlg
orithm>
<sicd:HashFunction>SHA1</sicd:HashFunction>
<sicd:CanonicalizationMethod>http://www.w3.org/TR/20
00/CR-xml-c14n-
20001026</sicd:CanonicalizationMethod>
<sicd:Transform>http://msdn.microsoft.com/ws/2002/
01/Security#RoutingSignatureTransform</sicd:Transfor
m>
</sicd:XMLDsigPolicy>
</sicdr:XMLSignatureAlgorithmTemplate>
-<sicdr:XMLSignatureAlgorithmTemplate Name="RSA-SHA1-EXC14N"
ID="bb587fa0-b980-11d6-b8e4-c40beac518e7">
<sicdr:Category>XMLSignature</sicdr:Category>
-<sicd:XMLDsigPolicy PolicyId="P-XMLSignatureRSA-SHA1-
EXC14N">
<sicd:SignaturePolicyAlgorithm>http://www.w3.org/2000
/09/xmldsig#</sicd:SignaturePolicyAlgorithm>
<sicd:SlgnatureAlgorithm>SHA1withRSA</sicd:SignatureAlg
orithm>
<sicd:HashFunction>SHA1</sicd:HashFunction>
<sicd:CanonicalizationMethod>http://www.w3.org/2001/
10/xml-exc-c14n#</sicd:CanonicalizationMethod>
<sicd:Transform>http://msdn.mlcrosoft.com/ws/2002/
01/Security#RoutingSignatureTransform</sicd:Transfor
m>
</sicd:XMLDsigPolicy>
</sicdr:XMLSignatureAlgorithmTemplate>
-<sicdr:XMLEncryptionAlgorithmTemplate Name="3DES-RSA-2048"
ID="bb587fa0-b980-11d6-b8ea-c40beac518e7">
<sicdr:Category>XMLEncryption</sicdr:Category>
-<sicd:XMLEncryptionPolicy PolicyId="P-XMLEncrypt3DES-RSA-
2048">
<sicd:EncryptionPolicyAlgorithm>http://www.w3.org/200
1/04/xmlenc#</sicd:EncryptionPolicyAlgorithm>
<sicd:EncryptionMethod>http://www.w3.org/2001/04/x
mlenc#3des-cbc</sicd:EncryptionMethod>
<sicd:KeySize>2048</sicd:KeySize>
<sicd:KeyEncryptionMethod>http://www.w3.org/2001/0
4/xmlenc#rsa-1_5</sicd:KeyEncryptionMethod>
</sicd:XMLEncryptionPolicy>
</sicdr:XMLEncryptionAlgorithmTemplate>
-<sicdr:XMLEncryptionAlgorithmTemplate Name="AES-128-RSA-2048"
ID="bb587fa0-b980-11d6-b8eb-c40beac518e7">
<sicdr:Category>XMLEncryption</sicdr:Category>
-<sicd:XMLEncryptionPolicy PolicyId="P-XMLEncryptAES-128-RSA-
2048">
<sicd:EncryptionPolicyAlgorithm>http://www.w3.org/200
1/04/xmlenc#</sicd:EncryptionPolicyAlgorithm>
<sicd:EncryptionMethod>http://www.w3.org/2001/04/x
mlenc#aes128-cbc</sicd:EncryptionMethod>
<sicd:KeySize>2048</sicd:KeySize>
<sicd:SymmetryKeySize>128</sicd:SymmetryKeySize>
<sicd:KeyEncryptionMethod>http://www.w3.org/2001/0
4/xmlenc#rsa-1_5</sicd:KeyEncryptionMethod>
</sicd:XMLEncryptionPolicy>
</sicdr:XMLEncryptionAlgorithmTemplate>
-<sicdr:XMLEncryptionAlgorithmTemplate Name="DES-RSA-1024"
ID="bb587fa0-b980-11d6-b8ec-c40beac518e7">
<sicdr:Category>XMLEncryption</sicdr:Category>
-<sicd:XMLEncryptionPolicy PolicyId="P-XMLEncryptDES-RSA-
1024">
<sicd:EncryptionPolicyAlgorithm>http://www.w3.org/200
1/04/xmlenc#</sicd:EncryptionPolicyAlgorithm>
<sicd:EncryptionMethod>http://www.commerceone.com/
security/xmlenc#des</sicd:EncryptionMethod>
<sicd:KeySize>1024</sicd:KeySize>
<sicd:KeyEncryptionMethod>http://www.w3.org/2001/0
4/xmlenc#rsa-1_5</sicd:KeyEncryptionMethod>
</sicd:XMLEncryptionPolicy>
</sicdr:XMLEncryptionAlgorithmTemplate>
</sicdr:SecurityAlgorithmTemplates>
-<sicdr:CommunltySecurityPolicyPreference>
<sicdr:SignMessageHeader>false</sicdr:SignMessageHeader>
<sicdr:EncryptCredential>false</sicdr:EncryptCredential>
<sicdr:CredentialPreference>BASIC</sicdr:CredentialPreference>
</sicdr:CommunitySecurityPolicyPreference>
-<sicdr:SecurityPollcyTemplatePreference Name="RSA-SHA1-EXC14N"
ID="bb587fa0-b980-11d6-b8e4-c40beac518e7">
<sicdr:Category>XMLSignature</sicdr:Category>
<sicdr:Preference>101</sicdr:Preference>
</sicdr:SecurityPolicyTemplatePreference>
-<sicdr:SecurityPolicyTemplatePreference Name="RSA-MD5-EXC14N"
ID="bb587fa0-b980-11d6-b8e5-c40beac518e7">
<sicdr:Category>XMLSignature</sicdr:Category>
<sicdr:Preference>102</sicdr:Preference>
</sicdr:SecurityPolicyTemplatePreference>
-<sicdr:SecurityPolicyTemplatePreference Name="RSA-SHA1-C14N"
ID="bb587fa0-b980-11d6-b8e7-c40beac518e7">
<sicdr:Category>XMLSignature</sicdr:Category>
<sicdr:Preference>104</sicdr:Preference>
</sicdr:SecurityPolicyTemplatePreference>
-<sicdr:SecurityPolicyTemplatePreference Name="RSA-MD5-C14N"
ID="bb587fa0-b980-11d6-b8e8-c40beac518e7">
<sicdr:Category>XMLSignature</sicdr:Category>
<sicdr:Preference>105</sicdr:Preference>
</sicdr:SecurityPolicyTemplatePreference>
-<sicdr:SecurityPolicyTemplatePreference Name="3DES-RSA-2048"
ID="bb587fa0-b980-11d6-b8ea-c40beac518e7">
<sicdr:Category>XMLEncryption</sicdr:Category>
<sicdr:Preference>107</sicdr:Preference>
</sicdr:SecurityPolicyTemplatePreference>
-<sicdr:SecurityPolicyTemplatePreference Name="AES-128-RSA-2048"
ID="bb587fa0-b980-11d6-b8eb-c40beac518e7">
<sicdr:Category>XMLEncryption</sicdr:Category>
<sicdr:Preference>108</sicdr:Preference>
</sicdr:SecurityPolicyTemplatePreference>
-<sicdr:SecurityPolicyTemplatePreference Name="DES-RSA-1024"
ID="bb587fa0-b980-11d6-b8ec-c40beac518e7">
<sicdr:Category>XMLEncryption</sicdr:Category>
<sicdr:Preference>109</sicdr:Preference>
</sicdr:SecurityPolicyTemplatePreference>
</sicdr:CommunitySecurityTemplatesPreference>
SecuritySenderInfo.XML
<?xml version="1.0"encoding="UTF-8"?>
-<!--
edited with XML Spy v4.4U(http://www.xmlspy.com)by Symon Chang(Commerce One)
-->
-<!--
Sample XML file generated by XML Spy v4.4U(http://www.xmlspy.com)
-->
-<SecuritySenderInfo
xmlns="publicid:com.commerceone:schemas/contract/helperinfo/v1_0/
SecuritySenderReceiverInfo.xsd"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:sicd="publicid:com.commerceone:schemas/soapextension/contrac
t/security/v1_0/SecurityContract.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="publicid:com.commerceone:schemas/contract/helpe
rinfo/v1_0/SecuritySenderReceiverInfo.xsd
C:\platform\core\main\wse\schema\contract\helperinfo\v1_0\Securit
ySenderReceiverInfo.xsd">
-<CommunitySecurityTemplatesPreference>
-<SecurityAlgorithmTemplates>
-<XMLSignatureAlgorithmTemplate Name="DSA-SHA1-C14N"
ID="bb587fa0-b980-11d6-b8e9-c40beac518e7">
<Category>XMLSignature</Category>
-<sicd:XMLDsigPolicy PolicyId="P-XMLSignatureDSA-SHA1-
C14N">
<sicd:SignaturePolicyAlgorithm>http://www.w3.org/
2000/09/xmldsig#</sicd:SignaturePolicyAlgorithm>
<sicd:SignatureAlgorithm>SHA1withDSA</sicd:Signatu
reAlgorithm>
<sicd:HashFunction>SHA1</sicd:HashFunction>
<sicd:CanonicalizationMethod>http://www.w3.org/TR
/2000/CR-xml-c14n-
20001026</sicd:CanonicalizationMethod>
<sicd:Transform>http://msdn.microsoft.com/ws/20
02/01/Security#RoutingSignatureTransform</sicd:
Transform>
</sicd:XMLDsigPolicy>
</XMLSignatureAlgorithmTemplate>
-<XMLSignatureAlgorithmTemplate Name="DSA-SHA1-EXC14N"
ID="bb587fa0-b980-11d6-b8e6-c40beac518e7">
<Category>XMLSignature</Category>
-<sicd:XMLDsigPolicy PolicyId="P-XMLSignatureDSA-SHA1-
EXC14N">
<sicd:SignaturePolicyAlgorithm>http://www.w3.org/
2000/09/xmldsig#</sicd:SignaturePolicyAlgorithm>
<sicd:SignatureAlgorithm>SHA1withDSA</sicd:Signatu
reAlgorithm>
<sicd:HashFunction>SHA1</sicd:HashFunction>
<sicd:CanonicalizationMethod>http://www.w3.org/20
01/10/xml-exc-c14n#</sicd:CanonicalizationMethod>
<sicd:Transform>http://msdn.microsoft.com/ws/20
02/01/Security#RoutingSignatureTransform</sicd:
Transform>
</sicd:XMLDsigPolicy>
</XMLSignatureAlgorithmTemplate>
-<XMLSignatureAlgorithmTemplate Name="RSA-MD5-C14N"
ID="bb587fa0-b980-11d6-b8e8-c40beac518e7">
<Category>XMLSignature</Category>
-<sicd:XMLDsigPolicy PolicyId="P-XMLSignatureRSA-MD5-
C14N">
<sicd:SignaturePolicyAlgorithm>http://www.w3.org/
2000/09/xmldsig#</sicd:SignaturePolicyAlgorithm>
<sicd:SignatureAlgorithm>MD5withRSA</sicd:Signatur
eAlgorithm>
<sicd:HashFunction>MD5</sicd:HashFunction>
<sicd:CanonicalizationMethod>http://www.w3.org/TR
/2000/CR-xml-c14n-
20001026</sicd:CanonicalizationMethod>
<sicd:Transform>http://msdn.microsoft.com/ws/20
02/01/Security#RoutingSignatureTransform</sicd:
Transform>
</sicd:XMLDsigPolicy>
</XMLSignatureAlgorithmTemplate>
-<XMLSignatureAlgorithmTemplate Name="RSA-MD5-EXC14N"
ID="bb587fa0-b980-11d6-b8e5-c40beac518e7">
<Category>XMLSignature</Category>
-<sicd:XMLDsigPolicy PolicyId="P-XMLSignatureRSA-MD5-
EXC14N">
<sicd:SignaturePolicyAlgorithm>http://www.w3.org/
2000/09/xmldsig#</sicd:SignaturePolicyAlgorithm>
<sicd:SignatureAlgorithm>MD5withRSA</sicd:Signatur
eAlgorithm>
<sicd:HashFunction>MD5</sicd:HashFunction>
<sicd:CanonicalizationMethod>http://www.w3.org/20
01/10/xml-exc-c14n#</sicd:CanonicalizationMethod>
<sicd:Transform>http://msdn.microsoft.com/ws/20
02/01/Security#RoutingSignatureTransform</sicd:
Transform>
</sicd:XMLDsigPolicy>
</XMLSignatureAlgorithmTemplate>
-<XMLSignatureAlgorithmTemplate Name="RSA-SHA1-C14N"
ID="bb587fa0-b980-11d6-b8e7-c40beac518e7">
<Category>XMLSignature</Category>
-<sicd:XMLDsigPollcy PollcyId="P-XMLSignatureRSA-SHA1-
C14N">
<sicd:SignaturePolicyAlgorithm>http://www.w3.org/
2000/09/xmldsig#</sicd:SignaturePolicyAlgorithm>
<sicd:SignatureAlgorithm>SHA1withRSA</sicd:Signatu
reAlgorithm>
<sicd:HashFunction>SHA1</sicd:HashFunction>
<sicd:CanonicalizationMethod>http://www.w3.org/TR
/2000/CR-xml-c14n-
20001026</sicd:CanonicalizationMethod>
<sicd:Transform>http://msdn.microsoft.com/ws/20
02/01/Securlty#RoutingSignatureTransform</sicd:
Transform>
</sicd:XMLDsigPolicy>
</XMLSignatureAlgorithmTemplate>
-<XMLSignatureAlgorithmTemplate Name="RSA-SHA1-EXC14N"
ID="bb587fa0-b980-11d6-b8e4-c40beac518e7">
<Category>XMLSignature</Category>
-<sicd:XMLDsigPolicy PolicyId="P-XMLSignatureRSA-SHA1-
EXC14N">
<sicd:SignaturePolicyAlgorithm>http://www.w3.org/
2000/09/xmldsig#</sicd:SignaturePolicyAlgorithm>
<sicd:SignatureAlgorithm>SHA1withRSA</sicd:Signatu
reAlgorithm>
<sicd:HashFunction>SHA1</sicd:HashFunction>
<sicd:CanonicalizationMethod>http://www.w3.org/20
01/10/xml-exc-c14n#</sicd:CanonicalizationMethod>
<sicd:Transform>http://msdn.microsoft.com/ws/20
02/01/Security#RoutingSignatureTransform</sicd:
Transform>
</sicd:XMLDsigPolicy>
</XMLSignatureAlgorithmTemplate>
-<XMLEncryptionAlgorithmTemplate Name="3DES-RSA-2048"
ID="bb587fa0-b980-11d6-b8ea-c40beac518e7">
<Category>XMLEncryption</Category>
-<sicd:XMLEncryptionPolicy PolicyId="P-XMLEncrypt3DES-RSA-
2048">
<sicd:EncryptionPolicyAlgorithm>http://www.w3.org/
2001/04/xmlenc#</sicd:EncryptionPolicyAlgorithm>
<sicd:EncryptiohMethod>http://www.w3.org/2001/0
4/xmlenc#3des-cbc</sicd:EncryptionMethod>
<sicd:KeySize>2048</sicd:KeySize>
<sicd:KeyEncryptionMethod>http://www.w3.org/200
1/04/xmlenc#rsa-1_5</sicd:KeyEncryptionMethod>
</sicd:XMLEncryptionPolicy>
</XMLEncryptionAlgorithmTemplate>
-<XMLEncryptionAlgorithmTemplate Name="AES-128-RSA-2048"
ID="bb587fa0-b980-11d6-b8eb-c40beac518e7">
<Category>XMLEncryption</Category>
-<sicd:XMLEncryptionPolicy PolicyId="P-XMLEncryptAES-128-
RSA-2048">
<sicd:EncryptionPolicyAlgorithm>http://www.w3.org/
2001/04/xmlenc#</sicd:EncryptionPolicyAlgorithm>
<sicd:EncryptionMethod>http://www.w3.org/2001/0
4/xmlenc#aes128-cbc</sicd:EncryptionMethod>
<sicd:KeySize>2048</sicd:KeySize>
<sicd:SymmetryKeySize>128</sicd:SymmetryKeySize>
<sicd:KeyEncryptionMethod>http://www.w3.org/200
1/04/xmlenc#rsa-1_5</sicd:KeyEncryptionMethod>
</sicd:XMLEncryptionPolicy>
</XMLEncryptionAlgorithmTemplate>
-<XMLEncryptionAlgorithmTemplate Name="DES-RSA-1024"
ID="bb587fa0-b980-11d6-b8ec-c40beac518e7">
<Category>XMLEncryption</Category>
-<sicd:XMLEncryptionPolicy PolicyId="P-XMLEncryptDES-RSA-
1024">
<sicd:EncryptionPolicyAlgorithm>http://www.w3.org/
2001/04/xmlenc#</sicd:EncryptionPolicyAlgorithm>
<sicd:EncryptionMethod>http://www.commerceone.c
om/security/xmlenc#des</sicd:EncryptionMethod>
<sicd:KeySize>1024</sicd:KeySize>
<sicd:KeyEncryptionMethod>http://www.w3.org/200
1/04/xmlenc#rsa-1_5</sicd:KeyEncryptionMethod>
</sicd:XMLEncryptionPolicy>
</XMLEncryptionAlgorithmTemplate>
</SecurityAlgorithmTemplates>
-<CommunitySecurityPolicyPreference>
<SignMessageHeader>false</SignMessageHeader>
<EncryptCredential>false</EncryptCredential>
<CredentialPreference>BASIC</CredentialPreference>
</CommunitySecurityPolicyPreference>
-<SecurityPolicyTemplatePreference Name="RSA-SHA1-EXC14N"
ID="bb587fa0-b980-11d6-b8e4-c40beac518e7">
<Category>XMLSignature</Category>
<Preference>101</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="RSA-MD5-EXC14N"
ID="bb587fa0-b980-11d6-b8e5-c40beac518e7">
<Category>XMLSignature</Category>
<Preference>102</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="DSA-SHA1-EXC14N"
ID="bb587fa0-b980-11d6-b8e6-c40beac518e7">
<Category>XMLSignature</Category>
<Preference>103</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="RSA-SHA1-C14N"
ID="bb587fa0-b980-11d6-b8e7-c40beac518e7">
<Category>XMLSignature</Category>
<Preference>104</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="RSA-MD5-C14N"
ID="bb587fa0-b980-11d6-b8e8-c40beac518e7">
<Category>XMLSignature</Category>
<Preference>105</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="DSA-SHA1-C14N"
ID="bb587fa0-b980-11d6-b8e9-c40beac518e7">
<Category>XMLSignature</Category>
<Preference>106</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="3DES-RSA-2048"
ID="bb587fa0-b980-11d6-b8ea-c40beac518e7">
<Category>XMLEncryption</Category>
<Preference>107</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="AES-128-RSA-2048"
ID="bb587fa0-b980-11d6-b8eb-c40beac518e7">
<Category>XMLEncryption</Category>
<Preference>108</Preference>
</SecurityPollcyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="DES-RSA-1024"
ID="bb587fa0-b980-11d6-b8ec-c40beac518e7">
<Category>XMLEncryption</Category>
<Preference>109</Preference>
</SecurityPolicyTemplatePreference>
</CommunltySecurityTemplatesPreference>
-<SAMsgSecurityPolicy>
-<SAMsgPart PartName="Order"isOptional="false">
-<PartSignatureAlgCategory>
<XMLSignatureAlgCategory>XMLSignature</XMLSignatureAl
gCategory>
</PartSignatureAlgCategory>
-<PartEncryptionAlgCategory>
<XMLEncryptionAlgCategory>XMLEncryption</XMLEncryptio
nAlgCategory>
</PartEncryptionAlgCategory>
</SAMsgPart>
-<SAMsgPart PartName="Image"isOptional="false">
-<partEncryptionAlgCategory>
<XMLEncryptionAlgCategory>XMLEncryption</XMLEncryptio
nAlgCategory>
</PartEncryptionAlgCategory>
</SAMsgPart>
</SAMsgSecurityPolicy>
-<PublicKeys>
<sicd:PartyID>x-
ccns:commerceone.com:CollaborationParty::buyParty</sicd:Party
ID>
-<sicd:EncryptionKeyInfo KeyOwner="OwnerA">
<sicd:PublicKeyID>BuyerPublicKey</sicd:PublicKeyID>
-<sicd:X509Data>
<sicd:X509Certificate>LS0tLS1CRUdJTiBDRVJUSUZJQ0FU
RS0tLS0tTUlJREZEQ0NBZnlnQXdJQkFnSUVQT0ZQSVRBT
kJna3Foa2lHOXcwQkFRVUZBREI2TVFzd0NRWURWUVFH
RXdKVlV6RVZNQk1HQTFVRUNoTU1RMjl0YldWeVkyVWd
UMjVsTVMwd0t3WURWUVFMRXlSVWFHbHpJRU5CSUdse
klHWnZjaUIwWlhOMGFXNW5JSEIxY25CdmMyVnpJRzl1
YkhreEpUQWpCZ05WQkFNVUhFTnZiVzFsY21ObElFOXVa
U0JVWlhOMElFTkJJRkp2YjNRZ0l6RXdIaGNOTURJd05UR
TBNVGMxTXpNM1doY05NRE13TlRFME1UWTFNek0zV2p
Cb01SZ3dGZ1lEVlFRREV3OUVZWFpwWkNCVVpYTjBJREl
3TURJeEVqQVFCZ05WQkFjVENVTjFjR1Z5ZEdsdWJ6RVV
NQklHQTFVRUN4TUxSVzVuYVc1bFpYSnBibWN4RlRBVEJ
nTlZCQW9UREVOdmJXMWxjbU5sSUU5dVpURUxNQWtH
QTFVRUJoTUNWVk13Z1o4d0RRWUpLb1pJaHZjTkFRRUJ
CUUFEZ1kwQU1JR0pBb0dCQU5nc2pTQkxjcFp2QnVDQ2l
TTHR3RGFkaFZEMGNLRXJuQ3M2azg5UEhSUGJSM FdYOH
BDUzByZWxIMkcyaDMxNU5vNGkzQVNldHZhYmdHellRV
FNlR2EzcWtNYmVLNDZTSGxtTkJOTUp2YUkvMmZVQiBx
dkkzejlLTVJSTGh3eUhCMEdFNmUvSzdnVGZkSUoOMUJo
bTZzSmcwYzJqZ041cWt1d3FZQkV4eWN1MUFnTUJBQUd
qT0RBMk1DYOdBMVVkRVFRZ01CNkJIRzE1VkdWemRFV
nRZV2xzUUdOdmJXMWpaWEpqWlc5dVpTNWpiMjB3Q3d
ZRFZSMFBCQVFEQWdYZ01BMEdDU3FHU0liM0RRRUJCU
VVBQTRJQkFRQOUrNEVaUWZYZWpmVnBsbXEzZnFtUjJZ
SGZhczErcXA0MUg4UWRmNmRESXBlYkZ2OUxocnorYkc
2c2hWQlptMVpYVXphaHl6N2Q3Z2U3V0MxR2FZVjFHYld
FTXJMUkZkeXM2c1VlQkZNbHZuNkZPRjNqOHdMY3JuN2
FFN3pRMEMwa2U5LzVVNVBHTnlaZWVaUGNLNTlKM0hP
dWpzbXUvaENPVW1OOXZVM2M3MHVjMmhRaE96aExJQ
0VlQ2VTRDFCd2hEMXNkdXZmNnVOanAzUGp2eUpCaklT
eDVxY2UwS25oQmxpcDR3ejRNTWxpdEtTdkFXSElqR1Bv
b0w0N01ac3I4N3RLamJHaTgxcWJrQ3hiYlZ1dEloYmkzZ
DRnaW1Ockc1RXJ0dUUxNmwvRW9GUkJLU2VRTXd2cFd
GUlliN2YreWtKVGE5ZVRLaWF4R2hOcDR4dnc5LS0tLS1F
TkQgQ0VSVElGSUNBVEUtLS0tLQ==</sicd:X509Certificate
>
</sicd:X509Data>
</sicd:EncryptionKeyInfo>
<sicd:KeyTypeUsage>SIGNATURE</sicd:KeyTypeUsage>
<sicd:KeyTypeUsage>AUTHENTICATION</sicd:KeyTypeUsage>
<sicd:KeyAlgorithm>RSA</sicd:KeyAlgorithm>
<sicd:Description>String</sicd:Description>
<sicd:Location>String</sicd:Location>
</PublicKeys>
-<ConnectorCapability ConnectorName="x-
ccns:cup.commerceone.com:connector::buy">
<EncryptionCapability>false</EncryptionCapability>
<SignatureCapability>true</SignatureCapability>
</ConnectorCapability>
-<ConnectorCapability ConnectorName="x-
ccns:cup.commerceone.com:connector::centerBuyl">
<EncryptionCapability>true</EncryptionCapability>
<SignatureCapability>false</SignatureCapability>
<EncryptionPublicKeyParty>x-
ccns:commerceone.com:CollaborationParty::buyParty</Encryptio
nPublicKeyParty>
</ConnectorCapability>
-<SendingCPSecurityPolicyProfile>
<AvailableCredentials>BASIC</AvailableCredentials>
<AvailableCredentials>X509</AvailableCredentials>
</SendingCPSecurityPolicyProfile>
-<CPSendServicesSecurityPolicy AuthenticateParty="x-
ccns:commerceone.com:CollaborationParty::buyParty">
-<SecurityPolicyTemplatePreference Name="3DES-RSA-2048">
<Category>XMLEncryption</Category>
<Preference>1</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="AES-128-RSA-2048">
<Category>XMLEncryption</Category>
<Preference>2</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="RC2-128-RSA-2048">
<Category>XMLEncryption</Category>
<Preference>3</Preference>
</SecurityPolicyTemplatePreference>
</CPSendServicesSecurityPolicy>
</SecuritySenderInfo>
SecurityReceiverInfo.XML
<?xml version="1.0"encoding="UTF-8"?>
-<!--
edited with XML Spy v4.4U(http://www.xmlspy.com)by Symon Chang(Commerce One)
-->
-<SecurityReceiverInfo
xmlns="publlcid:com.commerceone:schemas/contract/helperinfo/v1_0/
SecuritySenderReceiverInfo.xsd"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:sicd="publicid:com.commerceone:schemas/soapextension/contrac
t/securlty/v1_0/SecurityContract.xsd"
xmlns:xsi="http://ww.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="publicid:com.commerceone:schemas/contract/helpe
rinfo/v1_0/SecuritySenderReceiverInfo.xsd
C:\platform\core\main\wse\schema\contract\helperinfo\v1_0\Securit
ySenderReceiverInfo.xsd">
-<CommunitySecurityTemplatesPreference>
-<SecurityAlgorithmTemplates>
-<XMLSignatureAlgorithmTemplate Name="DSA-SHA1-C14N"
ID="bb587fa0-b980-11d6-b8e9-c40beac518e7">
<Category>XMLSignature</Category>
-<sicd:XMLDsigPolicy PolicyId="P-XMLSignatureDSA-SHA1-
C14N">
<sicd:SignaturePolicyAlgorithm>http://www.w3.org/
2000/09/xmldsig#</sicd:SignaturePolicyAlgorithm>
<sicd:SignatureAlgorithm>SHA1withDSA</sicd:Signatu
reAlgorithm>
<sicd:HashFunction>SHA1</sicd:HashFunction>
<sicd:CanonicalizationMethod>http://www.w3.org/TR
/2000/CR-xml-c14n-
20001026</sicd:CanonicallzationMethod>
<sicd:Transform>http://msdn.microsoft.com/ws/20
02/01/Security#RoutingSignatureTransform</sicd:
Transform>
</sicd:XMLDsigPolicy>
</XMLSignatureAlgorithmTemplate>
-<XMLSignatureAlgorithmTemplate Name="DSA-SHA1-EXC14N"
ID="bb587fa0-b980-11d6-b8e6-c40beac518e7">
<Category>XMLSignature</Category>
-<sicd:XMLDsigPolicy PolicyId="P-XMLSignatureDSA-SHA1-
EXC14N">
<sicd:SignaturePolicyAlgorithm>http://www.w3.org/
2000/09/xmldsig#</sicd:SignaturePolicyAlgorithm>
<sicd:SigmatureAlgorithm>SHA1withDSA</sicd:Signatu
reAlgorithm>
<sicd:HashFunction>SHA1</sicd:HashFunction>
<sicd:CanonicalizatiohMethod>http://www.w3.org/20
01/10/xml-exc-c14n#</sicd:CanonicalizationMethod>
<sicd:Transform>http://msdn.microsoft.com/ws/20
02/01/Security#RoutingSignatureTransform</sicd:
Transform>
</sicd:XMLDsigPolicy>
</XMLSignatureAlgorithmTemplate>
-<XMLSignatureAlgorithmTemplate Name="RSA-MD5-C14N"
ID="bb587fa0-b980-11d6-b8e8-c40beac518e7">
<Category>XMLSignature</Category>
-<sicd:XMLDsigPolicy PolicyId="P-XMLSignatureRSA-MD5-
C14N">
<sicd:SignaturePolicyAlgorithm>http://www.w3.org/
2000/09/xmldsig#</sicd:SignaturePolicyAlgorithm>
<sicd:SignatureAlgorithm>MD5withRSA</sicd:Signatur
eAlgorithm>
<sicd:HashFunction>MD5</sicd:HashFunction>
<sicd:CanonicalizationMethod>http://www.w3.org/TR
/2000/CR-xml-c14n-
20001026</sicd:CanonicalizationMethod>
<sicd:Transform>http://msdn.microsoft.com/ws/20
02/01/Security#RoutingSignatureTransform</sicd:
Transform>
</sicd:XMLDsigPolicy>
</XMLSignatureAlgorithmTemplate>
-<XMLSignatureAlgorithmTemplate Name="RSA-MD5-EXC14N"
ID="bb587fa0-b980-11d6-b8e5-c40beac518e7">
<Category>XMLSignature</Category>
-<sicd:XMLDsigPolicy PolicyId="P-XMLSignatureRSA-MD5-
EXC14N">
<sicd:SignaturePolicyAlgorithm>http://www.w3.org/
2000/09/xmldsig#</sicd:SignaturePolicyAlgorithm>
<sicd:SignatureAlgorithm>MD5withRSA</sicd:Signatur
eAlgorithm>
<sicd:HashFunction>MD5</sicd:HashFunction>
<sicd:CanonicalizationMethod>http://www.w3.org/20
01/10/xml-exc-c14n#</sicd:CanonicalizationMethod>
<sicd:Transform>http://msdn.microsoft.com/ws/20
02/01/Security#RoutingSignatureTransform</sicd:
Transform>
</sicd:XMLDsigPolicy>
</XMLSignatureAlgorithmTemplate>
-<XMLSignatureAlgorithmTemplate Name="RSA-SHA1-C14N"
ID="bb587fa0-b980-11d6-b8e7-c40beac518e7">
<Category>XMLSignature</Category>
-<sicd:XMLDsigPolicy PolicyId="P-XMLSignatureRSA-SHA1-
C14N">
<sicd:SignaturePolicyAlgorithm>http://www.w3.org/
2000/09/xmldsig#</sicd:SignaturePolicyAlgorithm>
<sicd:SignatureAlgorithm>SHA1withRSA</sicd:Signatu
reAlgorithm>
<sicd:HashFunction>SHA1</sicd:HashFunction>
<sicd:CanonicalizationMethod>http://www.w3.org/TR
/2000/CR-xml-c14n-
20001026</sicd:CanonicalizationMethod>
<sicd:Transform>http://msdn.microsoft.com/ws/20
02/01/Security#RoutingSignatureTransform</sicd:
Transform>
</sicd:XMLDsigPolicy>
</XMLSignatureAlgorithmTemplate>
-<XMLSignatureAlgorithmTemplate Name="RSA-SHA1-EXC14N"
ID="bb587fa0-b980-11d6-b8e4-c40beac518e7">
<Category>XMLSignature</Category>
-<sicd:XMLDsigPolicy PolicyId="P-XMLSignatureRSA-SHA1-
EXC14N">
<sicd:SignaturePolicyAlgorithm>http://www.w3.org/
2000/09/xmldsig#</sicd:SignaturePolicyAlgorithm>
<sicd:SignatureAlgorithm>SHA1withRSA</sicd:Signatu
reAlgorithm>
<sicd:HashFunction>SHA1</sicd:HashFunction>
<sicd:CanonlcalizationMethod>http://www.w3.org/20
01/10/xml-exc-c14n#</sicd:CanonicalizationMethod>
<sicd:Transform>http://msdn.microsoft.com/ws/20
02/01/Security#RoutingSignatureTransform</sicd:
Transform>
</sicd:XMLDsigPolicy>
</XMLSignatureAlgorithmTemplate>
-<XMLEncryptionAlgorithmTemplate Name="3DES-RSA-2048"
ID="bb587fa0-b980-11d6-b8ea-c40beac518e7">
<Category>XMLEncryption</Category>
-<sicd:XMLEncryptionPolicy PolicyId="P-XMLEncrypt3DES-RSA-
2048">
<sicd:EncryptionPolicyAlgorithm>http://www.w3.org/
2001/04/xmlenc#</sicd:EncryptionPolicyAlgorithm>
<sicd:EncryptionMethod>http://www.w3.org/2001/0
4/xmlenc#3des-cbc</sicd:EncryptionMethod>
<sicd:KeySize>2048</sicd:KeySize>
<sicd:KeyEncryptionMethod>http://www.w3.org/200
1/04/xmlenc#rsa-1_5</sicd:KeyEncryptionMethod>
</sicd:XMLEncryptionPolicy>
</XMLEncryptionAlgorithmTemplate>
-<XMLEncryptionAlgorithmTemplate Name="AES-128-RSA-2048"
ID="bb587fa0-b980-11d6-b8eb-c40beac518e7">
<Category>XMLEncryption</Category>
-<sicd:XMLEncryptionPolicy PolicyId="P-XMLEncryptAES-128-
RSA-2048">
<sicd:EncryptionPolicyAlgorithm>http://www.w3.org/
2001/04/xmlenc#</sicd:EncryptionPolicyAlgorithm>
<sicd:EncryptionMethod>http://www.w3.org/2001/0
4/xmlenc#aes128-cbc</sicd:EncryptionMethod>
<sicd:KeySize>2048</sicd:KeySize>
<sicd:SymmetryKeySize>128</sicd:SymmetryKeySize>
<sicd:KeyEncryptionMethod>http://www.w3.org/200
1/04/xmlenc#rsa-1_5</sicd:KeyEncryptionMethod>
</sicd:XMLEncryptionPolicy>
</XMLEncryptionAlgorithmTemplate>
-<XMLEncryptionAlgorithmTemplate Name="DES-RSA-1024"
ID="bb587fa0-b980-11d6-b8ec-c40beac518e7">
<Category>XMLEncryption</Category>
-<sicd:XMLEncryptionPolicy PolicyId="P-XMLEncryptDES-RSA-
1024">
<sicd:EncryptionPolicyAlgorithm>http://www.w3.org/
2001/04/xmlenc#</sicd:EncryptionPolicyAlgorithm>
<sicd:EncryptionMethod>http://www.commerceone.c
om/security/xmlenc#des</sicd:EncryptionMethod>
<sicd:KeySize>1024</sicd:KeySize>
<sicd:KeyEncryptionMethod>http://www.w3.org/200
1/04/xmlenc#rsa-1_5</sicd:KeyEncryptionMethod>
</sicd:XMLEncryptionPolicy>
</XMLEnctyptionAlgorithmTemplate>
</SecurityAlgorithmTemplates>
-<CommunitySecurityPolicyPreference>
<SignMessageHeader>false</SignMessageHeader>
<EncryptCredential>false</EncryptCredential>
<CredentialPreference>BASIC</CredentialPreference>
</CommunitySecurityPolicyPreference>
-<SecurityPolicyTemplatePreference Name="RSA-SHA1-EXC14N"
ID="bb587fa0-b980-11d6-b8e4-c40beac518e7">
<Category>XMLSignature</Category>
<Preference>101</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="RSA-MD5-EXC14N"
ID="bb587fa0-b980-11d6-b8e5-c40beac518e7">
<Category>XMLSignature</Category>
<Preference>102</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="DSA-SHA1-EXC14N"
ID="bb587fa0-b980-11d6-b8e6-c40beac518e7">
<Category>XMLSignature</Category>
<Preference>103</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="RSA-SHA1-C14N"
ID="bb587fa0-b980-11d6-b8e7-c40beac518e7">
<Category>XMLSignature</Category>
<Preference>104</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="RSA-MD5-C14N"
ID="bb587fa0-b980-11d6-b8e8-c40beac518e7">
<Category>XMLSignature</Category>
<Preference>105</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="DSA-SHA1-C14N"
ID="bb587fa0-b980-11d6-b8e9-c40beac518e7">
<Category>XMLSignature</Category>
<Preference>106</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="3DES-RSA-2048"
ID="bb587fa0-b980-11d6-b8ea-c40beac518e7">
<Category>XMLEncryption</Category>
<Preference>107</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="AES-128-RSA-2048"
ID="bb587fa0-b980-11d6-b8eb-c40beac518e7">
<Category>XMLEncryption</Category>
<Preference>108</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="DES-RSA-1024"
ID="bb587fa0-b980-11d6-b8ec-c40beac518e7">
<Category>XMLEncryption</Category>
<Preference>109</Preference>
</SecurityPolicyTemplatePreference>
</CommunltySecurityTemplatesPreference>
-<SAMsgSecurityPolicy>
-<SAMsgPart PartName="Order"isOptional="false">
-<PartSignatureAlgCategory>
<XMLSignatureAlgCategory>XMLSignature</XMLSignatureAl
gCategory>
</PartSignatureAlgCategory>
-<PartEncryptionAlgCategory>
<XMLEncryptionAlgCategory>XMLEncryption</XMLEncryptio
nAlgCategory>
</PartEncryptionAlgCategory>
</SAMsgPart>
-<SAMsgPart PartName="Image"isOptional="false">
-<PartEncryptionAlgCategory>
<XMLEncryptionAlgCategory>XMLEncryption</XMLEncryptio
nAlgCategory>
</PartEncryptionAlgCategory>
</SAMsgPart>
</SAMsgSecurityPolicy>
-<PublicKeys>
<sicd:PartyID>x-
ccns:commerceone.com:CollaborationParty::sellParty</sicd:Party
ID>
-<sicd:EncryptionKeyInfo KeyOwner="x-
ccns:commerceone.com:CollaborationParty::sellParty">
<sicd:PublicKeyID>DefauitTestCert</sicd:PublicKeyID>
-<sicd:X509Data>
<sicd:X509Certificate>LS0tLS1CRUdJTiBDRVJUSUZJQ0FU
RS0tLS0tTUlJREZEQ0NBZnlnQXdJQkFnSUVQT0ZQSVRBT
kJn
a3Foa2lHOXcwQkFRVUZBREI2TVFzd0NRWURWUVFHRX
dKVlV6RVZNQk1HQTFVRUNoTU1RMjl0YldW
eVkyVWdUMjVsTVMwd0t3WURWUVFMRXlSVWFHbHpJR
U5CSUdseklHWnZjaUIwWlhOMGFXNW5JSEIx
Y25CdmMyVnpJRzl1YkhreEpUQWpCZ05WQkFNVUhFTnZ
iVzFsY21ObElFOXVaU0JVWlhOMElFTkJJ
Rkp2YjNRZ0l6RXdIaGNOTURJd05URTBNVGMxTXpNM1d
oY05NRE13TlRFME1UWTFNek0zV2pCb01S
Z3dGZ1lEVlFRREV3OUVZWFpwWkNCVVpYTjBJREl3TURJ
eEVqQVFCZ05WQkFjVENVTjFjR1Z5ZEds
dWJ6RVVNQklHQTFVRUN4TUxSVzVuYVc1bFpYSnBibWN
4RlRBVEJnTlZCQW9UREVOdmJXMWxjbU5s
SUU5dVpURUxNQWtHQTFVRUJoTUNWVk13Z1o4d0RRW
UpLb1pJaHZjTkFRRUJCUUFEZ1kwQU1JR0pB
b0dCQU5nc2pTQkxjcFp2QnVDQ2lTTHR3RGFkaFZEMGNL
RXJuQ3M2azg5UEhSUGJSMFdYOHBDUzBy
ZWxIMkcyaDMxNU5vNGkzQVNldHZhYmdHellRVFNiR2Ez
cWtNYmVLNDZTSGxtTkJOTUp2YUkvMmZV
QlBxdkkzejlLTVJSTGh3eUhCMEdFNmUvSzdnVGZkSUo0M
UJobTZzSmcwYzJqZ041cWt1d3FZQkV4
eWN1MUFnTUJBQUdqT0RBMk1DY0dBMVVkRVFRZ01CN
kJIRzE1VkdWemRFVnRZV2xzUUdOdmJXMWpa
WEpqWlc5dVpTNWpiMjB3Q3dZRFZSMFBCQVFEQWdYZ0
1BMEdDU3FHU0llM0RRRUJCUVVBQTRJQkFR
Q0UrNEVaUWZYZWpmVnBsbXEzZnFtUjJZSGZhczErcXA0
MUg4UWRmNmRESXBiYkZ2OUxocnorYkc2
c2hWQlptMVpYVXphaHl6N2Q3Z2U3V0MxR2FZVjFHYldF
TXJMUkZkeXM2c1VlQkZNbHZuNkZPRjNq
OHdMY3JuN2FFN3pRMEMwa2U5LzVVNVBHTnlaZWVaUG
NLNTlKM0hPdWpzbXUvaENpVW1OOXZVM2M3
MHVjMmhRaE96aExJQ0VlQ2VTRDFCd2hEMXNkdXZmNn
VOanAzUGp2eUpCaklTeDVxY2UwS25oQmxp
cDR3ejRNTWxpdEtTdkFXSElqR1Bvb0w0N01ac3I4N3RLa
mJHaTgxcWJrQ3hiYiZ1dEloYmkzZDRn
aW1Ockc1RXJ0dUUxNmwvRW9GUkJLU2VRTXd2cFdGUll
lN2YreWtKVGE5ZVRLaWF4R2hOcDR4dnc5
LS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==</sicd:X509
Certificate>
</sicd:X509Data>
</sicd:EncryptionKeyInfo>
<sicd:KeyTypeUsage>ENCRYPTION</sicd:KeyTypeUsage>
<sicd:KeyTypeUsage>SIGNATURE</sicd:KeyTypeUsage>
<sicd:KeyTypeUsage>AUTHENTICATION</sicd:KeyTypeUsage>
</PublicKeys>
-<PublicKeys>
<sicd:PartyID>PartyBSeller</sicd:PartyID>
-<sicd:EncryptionKeyInfo KeyOwner="PartyBSeller">
<sicd:PublicKeyID>RKeyA</sicd:PublicKeyID>
-<sicd:X509Data>
<sicd:X509Certificate>LS0tLS1CRUdJTlBDRVJUSUZJQ0FU
RS0tLS0tTUlJREZEQ0NBZnlnQXdJQkFnSUVQT0ZQSVRBT
kJna3Foa2lHOXcwQkFRVUZBREI2TVFzd0NRWURWUVFH
RXdKVlV6RVZNQk1HQTFVRUNoTU1RMjl0YldWeVkyVWd
UMjVsTVMwd0t3WURWUVFMRXlSVWFHbHpJRU5CSUdse
klHWnZjaUIwWlhOMGFXNW5JSEIxY25CdmMyVnpJRzl1
YkhreEpUQWpCZ05WQkFNVUhFTnZlVzFsY21ObElFOXVa
U0JVWlhOMElFTkJJRkp2YjNRZ0l6RXdIaGNOTURJd05UR
TBNVGMxTXpNM1doY05NRE13TlRFME1UWTFNek0zV2p
Cb01SZ3dGZ1lEVlFRREV3OUVZWFpwWkNCVVpYTjBJREl
3TURJeEVqQVFCZ05WQkFjVENVTjFjR1Z5ZEdsdWJ6RVV
NQklHQTFVRUN4TUxSVzVuYVc1bFpYSnBibWN4RlRBVEJ
nTlZCQW9UREVOdmJXMWxjbU5sSUU5dVpURUxNQWtH
QTFVRUJoTUNWVk13Z1o4d0RRWUpLb1pJaHZjTkFRRUJ
CUUFEZ1kwQU1JR0pBb0dCQU5nc2pTQkxjcFp2QnVDQ2l
TTHR3RGFkaFZEMGNLRXJuQ3M2azg5UEhSUGJSMFdYOH
BDUzByZWxIMkcyaDMxNU5vNGkzQVNidHZhYmdHellRV
FNlR2EzcWtNYmVLNDZTSGxtTkJOTUp2YUkvMmZVQlBx
dkkzejlLTVJSTGh3eUhCMEdFNmUvSzdnVGZkSUo0MUJo
bTZzSmcwYzJqZ041cWt1d3FZQkV4eWN1MUFnTUJBQUd
qT0RBMk1DY0dBMVVkRVFRZ01CNkJIRzE1VkdWemRFV
nRZV2xzUUdOdmJXMWpaWEpqWlc5dVpTNWpiMjB3Q3d
ZRFZSMFBCQVFEQWdYZ01BMEdDU3FHU0llM0RRRUJCU
VVBQTRJQkFRQ0UrNEVaUWZYZWpmVnBsbXEzZnFtUjJZ
SGZhczErcXA0MUg4UWRmNmRESXBiYkZ2OUxocnorYkc
2c2hWQlptMVpYVXphaHl6N2Q3Z2U3V0MxR2FZVjFHYld
FTXJMUkZkeXM2c1VlQkZNbHZuNkZPRjNqOHdMY3JuN2
FFN3pRMEMwa2U5LzVVNVBHTnlaZWVaUGNLNTlKM0hP
dWpzbXUvaENPVW1OOXZVM2M3MHVjMmhRaE96aExJQ
0VlQ2VTRDFCd2hEMXNkdXZmNnVOanAzUGp2eUpCaklT
eDVxY2UwS25oQmxpcDR3ejRNTWxpdEtTdkFXSEiqR1Bv
b0w0N01ac3I4N3RLamJHaTgxcWJrQ3hiYlZ1dEloYmkzZ
DRnaW1Ockc1RXJ0dUUxNmwvRW9GUkJLU2VRTXd2cFd
GUlliN2YreWtKVGE5ZVRLaWF4R2hOcDR4dnc5LS0tLS1F
TkQgQ0VSVElGSUNBVEUtLS0tLQ==</sicd:X509Certificate
>
</sicd:X509Data>
</sicd:EncryptionKeyInfo>
<sicd:KeyTypeUsage>ENCRYPTION</sicd:KeyTypeUsage>
<sicd:KeyAlgorithm>RSA</sicd:KeyAlgorithm>
<sicd:Description>String</sicd:Description>
<sicd:Location>String</sicd:Location>
</PublicKeys>
-<PublicKeys>
<sicd:PartyID>ConnectorB</sicd:PartyID>
-<sicd:EncryptionKeyInfo KeyOwner="BOwner">
<sicd:PublicKeyID>RKeyB</sicd:PublicKeyID>
-<sicd:X509Data>
<sicd:X509Certificate>LS0tLS1CRUdJTiBDRVJUSUZJQ0FU
RS0tL0tTUlJREZEQ0NBZnlnQXdJQkFnSUVQT0ZQSVRBT
kJna3Foa2lHOXcwQkFRVUZBREI2TVFzd0NRWURWUVFH
RXdKVlV6RVZNQk1HQTFVRUNoTU1RMjl0YldWeVkyVWd
UMjVsTVMwd0t3WURWUVFMRXlSVWFHbHpJRU5CSUdse
klHWnZjaUIwWlhOMGFXNW5JSEIxY25CdmMyVnpJRzl1
YkhTeEpUQWpCZ05WQkFNVUhFTnZiVzFsY21ObElFOXVa
U0JVWlhOMElFTkJJRkp2YjNRZ0l6RXdIaGNOTURJd05UR
TBNVGMxTXpNM1doY05NRE13TlRFME1UWTFNek0zV2p
Cb01SZ3dGZ1lEVlFRREV3OUVZWFpwWkNCVVpYTjBJREl
3TURJeEVqQVFCZ05WQkFjVENVTjFjR1Z5ZEdsdWJ6RVV
NQklHQTFVRUN4TUxSVzVuYVc1bFpYSnBlbWN4RlRBVEJ
nTlZCQW9UREVOdmJXMWxjbU5sSUU5dVpURUxNQWtH
QTFVRUJoTUNWVk13Z1o4d0RRWUpLb1pJaHZjTkFRRUJ
CUUFEZ1kwQU1JR0pBb0dCQU5nc2pTQkxjcFp2QnVDQ2l
TTHR3RGFkaFZEMGNLRXJuQ3M2azg5UEhSUGJSMFdYOH
BDUzByZWxIMkcyaDMxNU5vNGkzQVNidHZhYmdHellRV
FNiR2EzcWtNYmVLNDZTSGxtTkJOTUp2YUkvMmZVQlBx
dkkzejlLTVJSTGh3eUhCMEdFNmUvSzdnVGZkSUo0MUJo
bTZzSmcwYzJqZ041cWt1d3FZQkV4eWN1MUFnTUJBQUd
qT0RBMk1DY0dBMVVkRVFRZ01CNkJIRzE1VkdWemRFV
nRZV2xzUUdOdmJXMWpaWEpqWlc5dVpTNWpiMjB3Q3d
ZRFZSMFBCQVFEQWdYZ01BMEdDU3FHU0liM0RRRUJCU
VVBQTRJQkFRQ0UrNEVaUWZYZWpmVnBsbXEzZnFtUjJZ
SGZhczErcXA0MUg4UWRmNmRESXBlYkZ2OUxocnorYkc
2c2hWQlptMVpYVXphaHl6N2Q3Z2U3V0MxR2FZVjFHYld
FTXJMUkZkeXM2c1VlQkZNbHZuNkZPRjNqOHdMY3JuN2
FFN3pRMEMwa2U5LzVVNVBHTnlaZWVaUGNLNTlKM0hP
dWpzbXUvaENPVW1OOXZVM2M3MHVjMmhRaE96aExJQ
0VlQ2VTRDFCd2hEMXNkdXZmNnVOanAzUGp2eUpCaklT
eDVxY2UwS25oQmxpcDR3ejRNTWxpdEtTdkFXSElqR1Bv
b0w0N01ac3I4N3RLamJHaTgxcWJrQ3hiYlZ1dEloYmkzZ
DRnaW1Ockc1RXJ0dUUxNmwvRW9GUkJLU2VRTXd2cFd
GUlliN2YreWtKVGE5ZVRLaWF4R2hOcDR4dnc5LS0tLS1F
TkQgQ0VSVElGSUNBVEUtLS0tLQ==</sicd:X509Certiflcate
>
</sicd:X509Data>
</sicd:EncryptionKeyInfo>
<sicd:KeyTypeUsage>SIGNATURE</sicd:KeyTypeUsage>
<sicd:KeyTypeUsage>ENCRYPTION</sicd:KeyTypeUsage>
<sicd:KeyAlgorithm>RSA</sicd:KeyAlgorithm>
<sicd:Description>String</sicd:Description>
<sicd:Location>String</sicd:Location>
</PublicKeys>
-<ConnectorCapabliity ConnectorName="x-
ccns:cup.commerceone.com:connector::centerSell">
<EncryptionCapability>true</EncryptionCapability>
<SignatureCapability>true</SignatureCapability>
</ConnectorCapability>
-<ConnectorCapability ConnectorName="x-
ccns:cup.commerceone.com:connector::sell">
<EncryptionCapability>false</EncryptionCapabllity>
<SignatureCapability>true</SignatureCapability>
</ConnectorCapability>
-<CPRecvServicesSecurityPolicy>
-<SecurityPolicyTemplatePreference Name="3DES-RSA-2048">
<Category>XMLEncryption</Category>
<Preference>1</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="RSA-MD5-C14N">
<Category>XMLSignature</Category>
<Preference>2</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="RSA-SHA1-C14N">
<Category>XMLSignature</Category>
<Preference>6</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name="AES-128-RSA-2048">
<Category>XMLEncryption</Category>
<Preference>5</Preference>
</SecurityPolicyTemplatePreference>
-<ServiceAuthentication>
<AcceptedCredentials>X509</AcceptedCredentials>
<AcceptedCredentials>BASIC</AcceptedCredentials>
<sicd:AuthenticateMode>SOURCE</sicd:AuthenticateMode>
</ServiceAuthentication>
</CPRecvServicesSecurityPolicy>
</SecurityReceiverInfo>
ComputeSecurityContract.XML
<?xml version="1.0"?>
-<prefix_0:SecurityContractICD
xmins:prefix_0="publicid:com.commerceone:schemas/soapextension/con
tract/security/v1_0/SecurityContract.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-<prefix_0:SecurityPolicies>
-<prefix_0:AuthenticationPolicies>
-<prefix_0:X509CredentialPolicy PolicyId="P-AuthenX.509Source">
<prefix_0:CredentialPolicyAigorithm>X.509v3</prefix_0:Cre
dentialPolicyAlgorithm>
<prefix_0:AuthenticateMode>SOURCE</prefix_0:Authenticat
eMode>
</prefix_0:X509CredentialPolicy>
</prefix_0:AuthenticationPolicies>
-<prefix_0:SignaturePolicies>
-<prefix_0:XMLDsigPolicy PolicyId="P-XMLSignatureRSA-MD5-
C14N">
<prefix_0:SignaturePolicyAlgorithm>http://www.w3.org/2
000/09/xmldsig#</prefix_0:SignaturePolicyAlgorithm>
<prefix_0:SignatureAlgorithm>MD5withRSA</prefix_0:Sign
atureAlgorithm>
<prefix_0:HashFunction>MD5</prefix_0:HashFunction>
<prefix_0:CanonicallzationMethod>http://www.w3.org/TR
/2000/CR-xml-c14n-
20001026</prefix_0:CanonicalizationMethod>
<prefix_0:Transform>http://msdn.microsoft.com/ws/20
02/01/Securlty#RoutingSignatureTransform</prefix_0:
Transform>
</prefix_0:XMLDsigPolicy>
</prefix_0:SignaturePolicies>
-<prefix_0:EncryptionPolicies>
-<prefix_0:XMLEncryptionPolicy PolicyId="P-XMLEncrypt3DES-RSA-
2048">
<prefix_0:EncryptionPolicyAlgorithm>http://www.w3.org/
2001/04/xmlenc#</prefix_0:EncryptionPolicyAlgorithm>
<prefix_0:EncryptionMethod>http://www.w3.org/2001/0
4/xmlenc#3des-cbc</prefix_0:EncryptionMethod>
<prefix_0:KeySize>2048</prefix_0:KeySize>
<prefix_0:KeyEncryptionMethod>http://www.w3.org/200
1/04/xmlenc#rsa-1_5</prefix_0:KeyEncryptionMethod>
</prefix_0:XMLEncryptionPolicy>
</prefix_0:EncryptionPolicies>
-<preflx_0:EncryptionKeyInfo KeyOwner="x-
ccns:commerceone.com:CollaborationParty::sellParty">
<prefix_0:PublicKeyID>DefaultTestCert</prefix_0:PublicKeyID>
-<prefix_0:X509Data>
<prefix_0:X509Certificate>LS0tLS1CRUdJTiBDRVJUSUZJQ
0FURS0tLS0tTUlJREZEQ0NBZnlnQXdJQkFnSUVQT0ZQSV
RBTkJn
a3Foa2lHOXcwQkFRVUZBREI2TVFzd0NRWURWUVFHRX
dKVlV6RVZNQk1HQTFVRUNoTU1RMjl0YldW
eVkyVWdUMjVsTVMwd0t3WURWUVFMRXlSVWFHbHpJR
U5CSUdseKlHWnZjaUIwWlhOMGFXNW5JSEIx
Y25CdmMyVnpJRzl1YkhreEpUQWpCZ05WQkFNVUhFTnZ
iVzFsY21ObElFOXVaU0JVWlhOMElFTkJJ
Rkp2YjNRZ0l6RXdIaGNOTURJd05URTBNVGMxTXpNM1d
oY05NRE13TlRFME1UWTFNek0zV2pCb01S
Z3dGZ1lEVlFRREV3OUVZWFpwWkNCVVpYTjBJREl3TURJ
eEVqQVFCZ05WQkFjVENVTjFjR1Z5ZEds
dWJ6RVVNQklHQTFVRUN4TUxSVzVuYVc1bFpYSnBibWN
4RlRBVEJnTlZCQW9UREVOdmJXMWxjbU5s
SUU5dVpURUxNQWtHQTFVRUJoTUNWVk13Z1o4d0RRW
UpLb1pJaHZjTkFRRUJCUUFEZ1kwQU1JR0pB
b0dCQU5nc2pTQkxjcFp2QnVDQ2lTTHR3RGFkaFZEMGNL
RXJuQ3M2azg5UEhSUGJSMFdYOHBDUzBy
ZWxIMkcyaDMxNU5vNGkzQVNidHZhYmdHellRVFNiR2Ez
cWtNYmVLNDZTSGxtTkJOTUp2YUkvMmZV
QlBxdkkzejlLTVJSTGh3eUhCMEdFNmUvSzdnVGZkSUo0M
UJobTZzSmcwYzJqZ041cWt1d3FZQkV4
eWN1MUFnTUJBQUdqT0RBMk1DY0dBMVVkRVFRZ01CN
kJIRzE1VkdWemRFVnRZV2xzUUdOdmJXMWpa
WEpqWlc5dVpTNWpiMjB3Q3dZRFZSMFBCQVFEQWdYZ0
1BMEdDU3FHU0liM0RRRUJCUVVBQTRJQkFR
Q0UrNEVaUWZYZWpmVnBsbXEzZnFtUjJZSGZhczErcXA0
MUg4UWRmNmRESXBiYkZ2OUxocnorYkc2
c2hWQlptMVpYVXphaHl6N2Q3Z2U3V0MxR2FZVjFHYldF
TXJMUkZkeXM2c1VlQkZNbHZuNkZPRjNq
OHdMY3JuN2FFN3pRMEMwa2U5LzVVNVBHTnlaZWVaUG
NLNTlKM0hPdWpzbXUvaENPVW1OOXZVM2M3
MHVjMmhRaE96aExJQ0VlQ2VTRDFCd2hEMXNkdXZmNn
VOanAzUGp2eUpCakiTeDVxY2UwS25oQmxp
cDR3ejRNTWxpdEtTdkFXSElqR1Bvb0w0N01ac3I4N3RLa
mJHaTgxcWJrQ3hiYlZ1dEloYmkzZDRn
aW1Ockc1RXJ0dUUxNmwvRW9GUkJLU2VRTXd2cFdGUll
iN2YreWtKVGE5ZVRLaWF4R2hOcDR4dnc5
LS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==</prefix_0:
X509Certificate>
</prefix_0:X509Data>
</prefix_0:EncryptionKeyInfo>
</prefix_0:SecurityPolicies>
-<prefix_0:SecurityChannel channelId="CHANNEL1"sourceConnector="x-
ccns:cup.commerceone.com:connector::buy"targetConnector="x-
ccns:cup.commerceone.com:connector::sell">
-<prefix_0:Credential AlgorithmId="P-AuthenX.509Source"
SequenceID="4"DelegationFlag="false">
<prefix_0:PublicKeyName>BuyerPublicKey</prefix_0:PublicKeyN
ame>
</prefix_0:Credential>
-<prefix_0:Integrity AlgorithmId="P-XMLSignatureRSA-MD5-C14N">
<prefix_0:PublicKeyName
KeyOwner="OwnerA">BuyerPublicKey</prefix_0:PublicKeyNam
e>
<prefix_0:MessagePart PartName="Order"isOptional="false"/>
</prefix_0:Integrity>
</prefix_0:SecurityChannel>
-<prefix_0:SecurityChannel channelId="CHANNEL2"sourceConnector="x-
ccns:cup.commerceone.com:connector::centerSell"
targetConnector="x-
ccns:cup.commerceone.com:connector::centerSell">
-<prefix_0:Confidentlal AlgorithmId="P-XMLEncrypt3DES-RSA-2048">
<prefix_0:PublicKeyName KeyOwner="x-
ccns:commerceone.com:CollaborationParty::sellParty">Defa
ultTestCert</prefix_0:PublicKeyName>
<prefix_0:MessagePart PartName="Order"isOptional="false"/>
<prefix_0:MessagePart PartName="Image"isOptional="false"/>
</prefix_0:Confidential>
</prefix_0:SecurityChannel>
</prefix_0:SecurityContractICD>
Claims (31)
1.一种为至少一个消息在服务之间的交换动态地确定安全选项的方法,该消息含有一个或多个部分,该方法包括:
为第一和第二服务提供机器可读安全简档,其中,安全简档标识各自服务可接受的数个安全要素,所述安全要素包括:
签名消息的一个或多个部分的要求;
加密消息的一个或多个部分的要求;
包括签名算法和应用于消息的一个或多个部分的与签名算法有关的一个或多个签名选项子集;
包括加密算法和应用于消息的一个或多个部分的与加密算法有关的一个或多个加密选项子集;
与签名算法一起使用的一个或多个签名密钥;
与加密算法一起使用的一个或多个加密密钥;
应用于消息的一个或多个部分的至少一个验证算法;
访问安全简档和为各个服务可接受的消息选择特定的一组安全要素;和
服从特定选项集在各个服务之间传送消息。
2.根据权利要求1所述的方法,其中,安全简档保存在第一和第二服务的安全逻辑单元可访问的登记表中。
3.根据权利要求1所述的方法,其中,一个或多个安全要素通过机器可读默认安全简档中的默认值指定。
4.根据权利要求1所述的方法,其中,签名的要求应用于消息的各个部分。
5.根据权利要求1所述的方法,其中,签名的要求应用于整个消息。
6.根据权利要求1所述的方法,其中,加密的要求应用于消息的各个部分。
7.根据权利要求1所述的方法,其中,加密的要求应用于整个消息。
8.根据权利要求1所述的方法,其中,签名算法应用于整个消息。
9.根据权利要求1所述的方法,其中,加密算法应用于整个消息。
10.根据权利要求1所述的方法,其中,签名和加密密钥是非对称的。
11.根据权利要求1所述的方法,其中,加密密钥是对称的。
12.根据权利要求1所述的方法,其中,验证算法由可信代理在传送消息之前完成和通过验证断言证明。
13.根据权利要求1所述的方法,其中,验证算法包括提交伴随着消息的证件以由接收消息的服务加以检查。
14.根据权利要求1所述的方法,其中,安全要素进一步包括至少一个验证算法的标识以建立发送服务的特权。
15.根据权利要求14所述的方法,其中,授权算法由可信代理在传送消息之前完成和通过授权断言证明。
16.根据权利要求14所述的方法,其中,验证算法包括提交伴随着消息的证件以由接收消息的服务加以检查。
17.根据权利要求1所述的方法,其中,安全简档进一步包括签名和加密安全要素之间的偏爱的声明,而选择特定选项子集考虑到至少一个服务的偏爱。
18.根据权利要求17所述的方法,其中,特定选项子集对应于各个服务可接受和接收消息的服务最优选的选项子集。
19.根据权利要求17所述的方法,其中,特定选项子集对应于各个服务可接受和发送消息的服务最优选的选项子集。
20.根据权利要求17所述的方法,其中,选择特定选项子集考虑两个服务的偏爱。
21.根据权利要求17所述的方法,其中,选择特定选项子集考虑各个服务可接受的安全要素当中的最高安全等级。
22.根据权利要求17所述的方法,其中,选择特定选项子集考虑各个服务可接受的安全要素当中的最低安全等级。
23.根据权利要求17所述的方法,其中,在签名或加密消息的一个或多个部分的要求之间选择考虑至少一个服务的偏爱。
24.根据权利要求17所述的方法,其中,在签名或加密消息的一个或多个部分的要求之间的选择对应于各个服务可接受和接收消息的服务最优选的选项子集。
25.根据权利要求17所述的方法,其中,在签名或加密消息的一个或多个部分的要求之间的选择对应于各个服务可接受和发送消息的服务最优选的选项子集。
26.根据权利要求17所述的方法,其中,在签名或加密消息的一个或多个部分的要求之间的选择考虑两个服务的偏爱。
27.根据权利要求17所述的方法,其中,在签名或加密消息的一个或多个部分的要求之间的选择考虑各个服务可接受的安全要素当中的最高安全等级。
28.根据权利要求17所述的方法,其中,在签名或加密消息的一个或多个部分的要求之间的选择考虑各个服务可接受的安全要素当中的最低安全等级。
29.根据权利要求1所述的方法,其中,安全简档进一步包括各个服务用来实现签名和加密的一个或多个资源。
30.根据权利要求17所述的方法,其中,安全简档进一步包括各个服务用来实现签名和加密的一个或多个资源。
31.根据权利要求1所述的方法,其中,安全简档进一步包括各个服务用来验证发送消息的服务的一个或多个资源。
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US10/246,276 | 2002-09-18 | ||
| US10/246,276 US7444522B1 (en) | 2002-09-18 | 2002-09-18 | Dynamic negotiation of security arrangements between web services |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1695123A CN1695123A (zh) | 2005-11-09 |
| CN100342347C true CN100342347C (zh) | 2007-10-10 |
Family
ID=32028951
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB038251655A Expired - Fee Related CN100342347C (zh) | 2002-09-18 | 2003-08-19 | 为消息在服务之间的交换动态地确定安全选项的方法 |
Country Status (7)
| Country | Link |
|---|---|
| US (1) | US7444522B1 (zh) |
| EP (1) | EP1540479A4 (zh) |
| JP (2) | JP2005539453A (zh) |
| KR (1) | KR100970771B1 (zh) |
| CN (1) | CN100342347C (zh) |
| AU (1) | AU2003263904B2 (zh) |
| WO (1) | WO2004027618A1 (zh) |
Families Citing this family (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7451107B1 (en) * | 2000-01-28 | 2008-11-11 | Supply Chain Connect, Llc | Business-to-business electronic commerce clearinghouse |
| US6912582B2 (en) * | 2001-03-30 | 2005-06-28 | Microsoft Corporation | Service routing and web integration in a distributed multi-site user authentication system |
| US7523490B2 (en) * | 2002-05-15 | 2009-04-21 | Microsoft Corporation | Session key security protocol |
| US8561161B2 (en) * | 2002-12-31 | 2013-10-15 | International Business Machines Corporation | Method and system for authentication in a heterogeneous federated environment |
| US7685631B1 (en) | 2003-02-05 | 2010-03-23 | Microsoft Corporation | Authentication of a server by a client to prevent fraudulent user interfaces |
| US7636941B2 (en) * | 2004-03-10 | 2009-12-22 | Microsoft Corporation | Cross-domain authentication |
| US20060010251A1 (en) * | 2004-06-16 | 2006-01-12 | Nokia Corporation | Global community naming authority |
| JP4455418B2 (ja) * | 2005-06-13 | 2010-04-21 | キヤノン株式会社 | 通信パラメータ設定方法及び通信装置 |
| US20060294383A1 (en) * | 2005-06-28 | 2006-12-28 | Paula Austel | Secure data communications in web services |
| US20070276948A1 (en) * | 2006-05-24 | 2007-11-29 | Sap Ag | System and method for automated configuration and deployment of applications |
| US8122500B2 (en) * | 2006-06-23 | 2012-02-21 | International Business Machines Corporation | Tracking the security enforcement in a grid system |
| US9111276B2 (en) * | 2006-12-08 | 2015-08-18 | Sap Se | Secure execution environments for process models |
| US20080208806A1 (en) * | 2007-02-28 | 2008-08-28 | Microsoft Corporation | Techniques for a web services data access layer |
| US20090012987A1 (en) * | 2007-07-05 | 2009-01-08 | Kaminsky David L | Method and system for delivering role-appropriate policies |
| US20090099882A1 (en) * | 2007-10-15 | 2009-04-16 | Sap Ag | Enhanced Security Framework for Composite Applications |
| US8396806B2 (en) * | 2007-10-30 | 2013-03-12 | Red Hat, Inc. | End user license agreements associated with messages |
| US8001582B2 (en) | 2008-01-18 | 2011-08-16 | Microsoft Corporation | Cross-network reputation for online services |
| US8572691B2 (en) * | 2008-07-17 | 2013-10-29 | International Business Machines Corporation | Selecting a web service from a service registry based on audit and compliance qualities |
| CN101325483B (zh) * | 2008-07-28 | 2011-06-15 | 中国电信股份有限公司 | 对称密钥更新方法和对称密钥更新装置 |
| US20100146582A1 (en) * | 2008-12-04 | 2010-06-10 | Dell Products L.P. | Encryption management in an information handling system |
| US8732094B2 (en) | 2010-07-30 | 2014-05-20 | Hewlett-Packard Development Company, L.P. | Enforcement of security requirements for a business model |
| US9020981B2 (en) * | 2011-09-30 | 2015-04-28 | Comprehend Systems, Inc. | Systems and methods for generating schemas that represent multiple data sources |
| US8924431B2 (en) | 2011-09-30 | 2014-12-30 | Comprehend Systems, Inc. | Pluggable domain-specific typing systems and methods of use |
| JP5490157B2 (ja) * | 2012-02-02 | 2014-05-14 | 株式会社エヌ・ティ・ティ・データ | プロファイル生成装置、プロファイル生成方法 |
| JP6066586B2 (ja) * | 2012-05-22 | 2017-01-25 | キヤノン株式会社 | 情報処理システム、その制御方法、およびそのプログラム。 |
| US9009817B1 (en) | 2013-03-12 | 2015-04-14 | Open Invention Network, Llc | Virtual smart card to perform security-critical operations |
| US9032505B1 (en) | 2013-03-15 | 2015-05-12 | Wells Fargo Bank, N.A. | Creating secure connections between distributed computing devices |
| US9906367B2 (en) * | 2014-08-05 | 2018-02-27 | Sap Se | End-to-end tamper protection in presence of cloud integration |
| US10432592B2 (en) | 2015-05-10 | 2019-10-01 | Citrix Systems, Inc. | Password encryption for hybrid cloud services |
| US9471404B1 (en) | 2015-10-07 | 2016-10-18 | International Business Machines Corporation | Enriching API registry using big data analytics |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5159630A (en) * | 1991-05-29 | 1992-10-27 | International Communication Systems Corporation | Facsimile message encryption system |
| US5539828A (en) * | 1994-05-31 | 1996-07-23 | Intel Corporation | Apparatus and method for providing secured communications |
| CN1194072A (zh) * | 1995-08-25 | 1998-09-23 | 英特尔公司 | 用于存取控制的参数化散列函数 |
| CN1287639A (zh) * | 1998-01-16 | 2001-03-14 | 媒体数位网络体系公司 | 用于验证对等部件的系统和方法 |
| CN1339207A (zh) * | 1998-12-16 | 2002-03-06 | 斯麦脱信托有限公司 | 实现数字签名的方法和系统 |
| US6389533B1 (en) * | 1999-02-05 | 2002-05-14 | Intel Corporation | Anonymity server |
Family Cites Families (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5005200A (en) | 1988-02-12 | 1991-04-02 | Fischer Addison M | Public key/signature cryptosystem with enhanced digital signature certification |
| US5557798A (en) * | 1989-07-27 | 1996-09-17 | Tibco, Inc. | Apparatus and method for providing decoupling of data exchange details for providing high performance communication between software processes |
| US5157726A (en) * | 1991-12-19 | 1992-10-20 | Xerox Corporation | Document copy authentication |
| US5311438A (en) | 1992-01-31 | 1994-05-10 | Andersen Consulting | Integrated manufacturing system |
| US5224166A (en) | 1992-08-11 | 1993-06-29 | International Business Machines Corporation | System for seamless processing of encrypted and non-encrypted data and instructions |
| EP0734556B1 (en) * | 1993-12-16 | 2002-09-04 | Open Market, Inc. | Network based payment system and method for using such system |
| US5790677A (en) * | 1995-06-29 | 1998-08-04 | Microsoft Corporation | System and method for secure electronic commerce transactions |
| US5812669A (en) | 1995-07-19 | 1998-09-22 | Jenkins; Lew | Method and system for providing secure EDI over an open network |
| JP3982848B2 (ja) * | 1995-10-19 | 2007-09-26 | 富士通株式会社 | セキュリティレベル制御装置及びネットワーク通信システム |
| US5784566A (en) * | 1996-01-11 | 1998-07-21 | Oracle Corporation | System and method for negotiating security services and algorithms for communication across a computer network |
| US6226746B1 (en) * | 1998-03-20 | 2001-05-01 | Sun Microsystems, Inc. | Stack-based system and method to combine security requirements of methods |
| US6115744A (en) | 1996-07-30 | 2000-09-05 | Bea Systems, Inc. | Client object API and gateway to enable OLTP via the internet |
| US6072942A (en) | 1996-09-18 | 2000-06-06 | Secure Computing Corporation | System and method of electronic mail filtering using interconnected nodes |
| WO1998015894A1 (en) | 1996-10-09 | 1998-04-16 | At & T Corp. | Method to produce application oriented languages |
| US5941945A (en) | 1997-06-18 | 1999-08-24 | International Business Machines Corporation | Interest-based collaborative framework |
| US6393442B1 (en) | 1998-05-08 | 2002-05-21 | International Business Machines Corporation | Document format transforations for converting plurality of documents which are consistent with each other |
| US6269380B1 (en) | 1998-08-31 | 2001-07-31 | Xerox Corporation | Property based mechanism for flexibility supporting front-end and back-end components having different communication protocols |
| US6148290A (en) * | 1998-09-04 | 2000-11-14 | International Business Machines Corporation | Service contract for managing service systems |
| US6125391A (en) | 1998-10-16 | 2000-09-26 | Commerce One, Inc. | Market makers using documents for commerce in trading partner networks |
| US6463460B1 (en) | 1999-04-23 | 2002-10-08 | The United States Of America As Represented By The Secretary Of The Navy | Interactive communication system permitting increased collaboration between users |
| US6538673B1 (en) | 1999-08-23 | 2003-03-25 | Divine Technology Ventures | Method for extracting digests, reformatting, and automatic monitoring of structured online documents based on visual programming of document tree navigation and transformation |
| US6434628B1 (en) | 1999-08-31 | 2002-08-13 | Accenture Llp | Common interface for handling exception interface name with additional prefix and suffix for handling exceptions in environment services patterns |
| WO2001033369A1 (en) | 1999-11-02 | 2001-05-10 | Commerce One Operations, Inc. | Commerce community schema for the global trading web |
| US6636889B1 (en) | 2000-01-04 | 2003-10-21 | International Business Machines Corporation | System and method for client replication of collaboration space |
| JP2001325172A (ja) * | 2000-05-17 | 2001-11-22 | Fujitsu Ltd | 通信設定管理システム |
| DE10024347B4 (de) * | 2000-05-17 | 2007-02-22 | Fujitsu Limited, Kawasaki | Sicherheitsservice-Schicht |
| US6732101B1 (en) * | 2000-06-15 | 2004-05-04 | Zix Corporation | Secure message forwarding system detecting user's preferences including security preferences |
| GB0027280D0 (en) * | 2000-11-08 | 2000-12-27 | Malcolm Peter | An information management system |
| JP2002261839A (ja) * | 2001-02-28 | 2002-09-13 | Fujitsu Ltd | 通信セキュリティ管理システム及びそのプログラム |
| JP4390405B2 (ja) * | 2001-05-31 | 2009-12-24 | 富士通株式会社 | コンピュータシステム、サービス層、ポリシーキャッシュ機能部およびポリシー管理装置 |
| US6671695B2 (en) * | 2001-06-18 | 2003-12-30 | The Procter & Gamble Company | Dynamic group generation and management |
| US20030046583A1 (en) | 2001-08-30 | 2003-03-06 | Honeywell International Inc. | Automated configuration of security software suites |
| US20030074579A1 (en) * | 2001-10-16 | 2003-04-17 | Microsoft Corporation | Virtual distributed security system |
| US7219223B1 (en) * | 2002-02-08 | 2007-05-15 | Cisco Technology, Inc. | Method and apparatus for providing data from a service to a client based on encryption capabilities of the client |
| US7149730B2 (en) * | 2002-05-03 | 2006-12-12 | Ward Mullins | Dynamic class inheritance and distributed caching with object relational mapping and cartesian model support in a database manipulation and mapping system |
-
2002
- 2002-09-18 US US10/246,276 patent/US7444522B1/en not_active Expired - Fee Related
-
2003
- 2003-08-19 CN CNB038251655A patent/CN100342347C/zh not_active Expired - Fee Related
- 2003-08-19 AU AU2003263904A patent/AU2003263904B2/en not_active Ceased
- 2003-08-19 JP JP2004537673A patent/JP2005539453A/ja active Pending
- 2003-08-19 EP EP03797854A patent/EP1540479A4/en not_active Withdrawn
- 2003-08-19 KR KR1020057004614A patent/KR100970771B1/ko not_active IP Right Cessation
- 2003-08-19 WO PCT/US2003/025894 patent/WO2004027618A1/en active Application Filing
-
2011
- 2011-07-28 JP JP2011177761A patent/JP4892640B2/ja not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5159630A (en) * | 1991-05-29 | 1992-10-27 | International Communication Systems Corporation | Facsimile message encryption system |
| US5539828A (en) * | 1994-05-31 | 1996-07-23 | Intel Corporation | Apparatus and method for providing secured communications |
| CN1194072A (zh) * | 1995-08-25 | 1998-09-23 | 英特尔公司 | 用于存取控制的参数化散列函数 |
| CN1287639A (zh) * | 1998-01-16 | 2001-03-14 | 媒体数位网络体系公司 | 用于验证对等部件的系统和方法 |
| CN1339207A (zh) * | 1998-12-16 | 2002-03-06 | 斯麦脱信托有限公司 | 实现数字签名的方法和系统 |
| US6389533B1 (en) * | 1999-02-05 | 2002-05-14 | Intel Corporation | Anonymity server |
Also Published As
| Publication number | Publication date |
|---|---|
| KR100970771B1 (ko) | 2010-07-16 |
| AU2003263904B2 (en) | 2009-04-23 |
| WO2004027618A1 (en) | 2004-04-01 |
| EP1540479A4 (en) | 2010-12-08 |
| JP4892640B2 (ja) | 2012-03-07 |
| KR20050057416A (ko) | 2005-06-16 |
| AU2003263904A1 (en) | 2004-04-08 |
| US20080256364A1 (en) | 2008-10-16 |
| EP1540479A1 (en) | 2005-06-15 |
| US7444522B1 (en) | 2008-10-28 |
| JP2011238289A (ja) | 2011-11-24 |
| CN1695123A (zh) | 2005-11-09 |
| JP2005539453A (ja) | 2005-12-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100342347C (zh) | 为消息在服务之间的交换动态地确定安全选项的方法 | |
| Boritz et al. | Security in XML-based financial reporting services on the Internet | |
| US10540484B2 (en) | Networked services licensing system and method | |
| EP1455479B1 (en) | Enrolling/sub-enrolling a digital rights management (DRM) server into a DRM architecture | |
| US7386513B2 (en) | Networked services licensing system and method | |
| US8719171B2 (en) | Issuing a publisher use license off-line in a digital rights management (DRM) system | |
| KR101003557B1 (ko) | 전자 상거래 커뮤니티 네트워크 및 커뮤니티내/커뮤니티간 보안 라우팅 구현방법 | |
| CN103001923B (zh) | 用于控制对在计算机系统上的电子内容片段的访问的方法和系统 | |
| JP2003067326A (ja) | ネットワーク上の資源流通システム、及び相互認証システム | |
| US20040186998A1 (en) | Integrated security information management system and method | |
| US20020152376A1 (en) | Method for deployment of a workable public key infrastructure | |
| JP3914193B2 (ja) | 認証を得て暗号通信を行う方法、認証システムおよび方法 | |
| Park et al. | Trusted P2P computing environments with role-based access control | |
| JP2007074745A (ja) | 認証を得て暗号通信を行う方法、認証システムおよび方法 | |
| Chang et al. | Managing security policy in a large distributed web services environment | |
| Agrawal et al. | A conceptual approach to information security in financial account aggregation | |
| EP4165577A1 (en) | Internet data usage control system | |
| Shin | Web services | |
| INCIDENTAL et al. | Security in a Web Services World: A Proposed Architecture and Roadmap | |
| JP2005039569A (ja) | 分散型サービス処理システム | |
| An | Security AND Privacy White Paper | |
| Garcia et al. | Web Services Security | |
| Zhang | Delivering mobile services to mobile users in open networks: Quality of service, authentication and trust-based access control | |
| Venezuela et al. | Liberty ID-WSF Security and Privacy Overview | |
| Sharon Boeyen et al. | Liberty Trust Models Guidelines |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: KAIFANG CHUANGXIN NETWORKS CO., LTD. Free format text: FORMER OWNER: JGR ACQUISITION INC. Effective date: 20080111 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20080111 Address after: American New York Patentee after: Commerce One Operations Inc. Address before: Delaware Patentee before: JGR Acquisition Inc. |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20071010 Termination date: 20190819 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |