分享
 
 
 

RFC2935 - Internet Open Trading Protocol (IOTP) HTTP Supplement

王朝other·作者佚名  2008-05-31
窄屏简体版  字體: |||超大  

Network Working Group D. Eastlake

Request for Comments: 2935 Motorola

Category: Standards Track C. Smith

Royal Bank of Canada

September 2000

Internet Open Trading Protocol (IOTP) HTTP Supplement

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

Internet Open Trading Protocol (IOTP) messages will be carried as

Extensible Markup Language (XML) documents. As sUCh, the goal of

mapping to the transport layer is to ensure that the underlying XML

documents are carried successfully between the various parties.

This document describes that mapping for the Hyper Text Transport

Protocol (HTTP), Versions 1.0 and 1.1.

Table of Contents

1. Introduction................................................... 2

2. HTTP Servers and Clients....................................... 2

3. HTTP Net Locations............................................. 2

4. Consumer Clients............................................... 2

4.1 Starting the IOTP Client and the Merchant IOTP Server.......... 3

4.2 Ongoing IOTP Messages.......................................... 3

4.3 Stopping an IOTP Transaction................................... 4

5. Starting the Payment handler and Deliverer IOTP Servers........ 5

6. Security Considerations........................................ 5

7. IANA Considerations............................................ 5

8. References..................................................... 6

9. Authors' Addresses............................................. 7

10. Full Copyright Statement....................................... 9

1. Introduction

Internet Open Trading Protocol (IOTP) [RFC2801] messages will be

carried as XML [XML] documents. As such, the goal of mapping to the

transport layer is to ensure that the underlying XML documents are

carried successfully between the various parties.

This document describes that mapping for the Hyper Text Transport

Protocol (HTTP), Versions 1.0 and 1.1 [RFCs 1945, 2616].

There may be future documents describing IOTP over email (SMTP), TCP,

cable TV, or other transports.

The key Words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",

"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this

document are to be interpreted as described in [RFC2119].

2. HTTP Servers and Clients

The structure of IOTP maps on to the structure of HTTP in the

following way:

The merchant, payment handler, delivery handler, and customer care

roles are all represented by HTTP servers. Each may be

represented by a separate server, or they may be combined in any

combination.

The consumer role is represented by an HTTP client.

Note: A Merchant, may act in the role of a consumer, for example to

deposit electronic cash. In this case the Merchant, as an

organization rather than as a role, would need to be supported by an

HTTP client.

3. HTTP Net Locations

The Net Locations contained within the IOTP specification are all

URIs [RFC2396]. If a secure connection is required or desired a

secure channel that both the HTTP Server and Client support MUST be

used. Examples of such channels are SSL version 3 or TLS [RFC2246].

4. Consumer Clients

In most environments, the consumer agent will initially be an Html

browser. However, current browsers do not provide the needed

capability to act as an agent for the consumer for an IOTP

transaction. This leads to two requirements:

a method of starting and passing control to the IOTP client, and

a method of closing down the IOTP client cleanly and passing control

back to the HTML browser once the IOTP Transaction has finished.

4.1 Starting the IOTP Client and the Merchant IOTP Server

At some point, the HTTP client at the consumer will send an HTTP

request that is interpreted as an "IOTP Startup Request" by the

Merchant HTTP server. This might, for example, be the result of

clicking on a "pay" button. This message is a stand-in for a request

message of some form and the Merchant Server will respond with the

first IOTP Message in the form of an XML document.

The MIME type for all IOTP messages is: "APPLICATION/IOTP"; however

"APPLICATION/X-IOTP" has been in use for eXPerimentation and

development and SHOULD also be recognized. See section 7 below for

the MIME type registration template for APPLICATION/IOTP. Because

HTTP is binary clean, no content-transfer-encoding is required. (See

[RFC2376] re the application/xml type which has some similar

considerations.)

This HTTP response will be interpreted by the HTML browser as a

request to start the application associated with MIME type

"APPLICATION/IOTP", and to pass the content of this message to that

application.

At this point, the IOTP client will be started and have the first

message.

IOTP messages are short-lived. Therefore, the HTTP server SHOULD

avoid having its responses cached. In HTTP V1.0, the "nocache"

pragma can be used. This can be neglected on SSL/TLS secured

connections which are not cached and on HTTP POST requests in HTTP

v1.1 as in v1.1 POST responses are not cached.

4.2 Ongoing IOTP Messages

Data from earlier IOTP Messages in a transaction MUST be retained by

the IOTP Client so that it may (1) be copied to make up part of later

IOTP messages, (2) used in calculations to verify signatures in later

IOTP message, (3) be resent in some cases where a request has timed

out without response, (4) used as input to the Customer Care role in

later versions of IOTP, etc. The way in which the data is copied

depends on the IOTP Transaction. The data MUST be retained until the

end of the transaction, whether by success, failure, or cancelation,

and as long thereafter as it is desired for any of the parties to

inquire into it.

The IOTP messages contain Net Locations (e.g. the PayReqNetLocn)

which for HTTP will contain the URIs to which the IOTP client MUST

send IOTP messages.

Subsequent IOTP messages (XML documents) will be sent using the POST

function of HTTP. The HTTP client MUST perform full HTTP POST

requests.

The XML documents MUST be sent in a manner compatible with the

external encodings allowed by the XML [XML] specification.

4.3 Stopping an IOTP Transaction

The following should be read in conjunction with [RFC2801].

An IOTP Transaction is complete when

-- the IOTP client decides to fail the IOTP Transaction for some

reason either by canceling the transaction or as a result of

discovering an error in an IOTP message received, or

-- a "time out" occurs or a connection fails, e.g. a response to an

IOTP Message, has not been received after some user-defined period

of Time (including retransmissions).

An IOTP Client which processes an IOTP Transaction which:

-- completes successfully (i.e. it has not received an Error Block

with a HardError or a Cancel Block) MUST direct the browser to the

Net Location specified in SuccessNetLocn in the Protocol Options

Component, i.e., cause it to do an HTTP GET with that URL.

-- does not complete successfully, because it has received some Error

Trading Block, MUST display the information in the Error Message,

stop the transaction, and pass control to the browser so that it

will do a GET on the Error Net Location specified for the role

from which the error was received.

-- is cancelled since a Cancel Block has been received, MUST stop the

IOTP Transaction and hand control to the browser so that it will

do a GET on the on the Cancel Net Location specified for the role

from which the Cancel Block was received.

-- is in error because an IOTP Message does not conform to this

specification, MUST send an IOTP Message containing a Error

Trading Block to role from which the erroneous message was

received and the ErrorLogNetLoc specified for that role, stop the

IOTP Transaction, and hand control to the browser so that it will

do a GET from the Error Net Location specified for the role from

which the bad message was received.

-- has a "time out", MUST display a message describing the time out.

May give the user the option of cancelling or retrying and/or may

automatically retry. On failure due to time out, treat as an

error above.

Each implementation of an IOTP client may decide whether or not to

terminate the IOTP Client application immediately upon completing an

IOTP Transaction or whether to wait until it is closed down as a

result of, for example, user shut down or browser shut down.

5. Starting the Payment handler and Deliverer IOTP Servers

Payment Handler and Deliverer IOTP Servers are started by receiving

an IOTP Message which contains:

-- for a Payment handler, a Payment Request Block, and

-- for a Delivery Handler, a Delivery Request Block

6. Security Considerations

Security of Internet Open Trade Protocol messages is primarily

dependent on signatures within IOTP as described in [RFC2801] and

[RFC2802]. Privacy protection for IOTP interactions can be oBTained

by using a secure channel for IOTP messages, such as SSL/TLS [RFC

2246].

Note that the security of payment protocols transported by IOTP is

the responsibility of those payment protocols, NOT of IOTP.

7. IANA Considerations

This specification defines the APPLICATION/IOTP MIME type. The

registration template is as follows [RFC2048]:

To: ietf-types@iana.org

Subject: Registration of MIME media type APPLICATION/IOTP

MIME media type name: APPLICATION

MIME subtype name: IOTP

Required parameters: (none)

Optional parameters: charset - see RFC2376

Encoding considerations: Content is XML and may in some cases

require quoted printable or base64 encoding. However, no encoding

is required for HTTP transport which is expected to be common.

Security considerations: IOTP includes provisions for digital

authentication but for confidentiality, other mechanisms such as

TLS should be used. See RFC2801 and RFC2802.

Interoperability considerations: See RFC2801.

Published specification: See RFC2801 and RFC2802.

Applications which use this media type: Internet Open Trading

Protocol applications.

Additional information: (none)

Person & email address to contact for further information:

Name: Donald E. Eastlake 3rd

Email: Donald.Eastlake@motorola.com

Intended usage: COMMON

Author/Change controller: IETF

8. References

[RFC1945] Berners-Lee, T., Fielding, R. and H. Frystyk, "Hypertext

Transfer Protocol -- HTTP/1.0", RFC1945, May 1996.

[RFC2048] Freed, N., Klensin, J. and J. Postel, "Multipurpose

Internet Mail Extensions (MIME) Part Four: Registration

Procedure", RFC2048, November 1996.

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate

Requirement Levels", BCP 14, RFC2119, March 1997.

[RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",

RFC2246, January 1999.

[RFC2376] Whitehead, E. and M. Murata, "XML Media Types", RFC2376,

July 1998.

[RFC2396] Berners-Lee, T., Rielding, R. and L. Masinter, "Uniform

Resource Identifiers (URI): Generic Syntax", RFC2396,

August 1998.

[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,

Masinter, L., Leach, P. and T. Berners-Lee, "Hypertext

Transfer Protocol -- HTTP/1.1", RFC2616, June 1999.

[RFC2801] Burdett, D., "Internet Open Trading Protocol - IOTP

Version 1.0", RFC2801, April 2000.

[RFC2802] Davidson, K. and Y. Kawatsura, "Digital Signatures for the

v1.0 Internet Open Trading Protocol (IOTP)", RFC2802,

April 2000

[XML] Bray, T., Paoli, J. and C. Sperberg-McQueen, "Extensible

Markup Language (XML) 1.0" <http://www.w3.org/TR/REC-xml>,

February 1998.

9. Authors' Addresses

Donald E. Eastlake 3rd

Motorola

140 Forest Avenue

Hudson, MA 01749 USA

Phone: +1 978-562-2827(h)

+1 508-261-5434(w)

Fax: +1 508-261-4447(w)

EMail: Donald.Eastlake@motorola.com

Chris J. Smith

Royal Bank of Canada

277 Front Street West

Toronto, Ontario M5V 3A4 CANADA

Phone: +1 416-348-6090

Fax: +1 416-348-2210

EMail: chris.smith@royalbank.com

10. Full Copyright Statement

Copyright (C) The Internet Society (2000). All Rights Reserved.

This document and translations of it may be copied and furnished to

others, and derivative works that comment on or otherwise explain it

or assist in its implementation may be prepared, copied, published

and distributed, in whole or in part, without restriction of any

kind, provided that the above copyright notice and this paragraph are

included on all such copies and derivative works. However, this

document itself may not be modified in any way, such as by removing

the copyright notice or references to the Internet Society or other

Internet organizations, except as needed for the purpose of

developing Internet standards in which case the procedures for

copyrights defined in the Internet Standards process must be

followed, or as required to translate it into languages other than

English.

The limited permissions granted above are perpetual and will not be

revoked by the Internet Society or its successors or assigns.

This document and the information contained herein is provided on an

"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING

TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING

BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION

HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF

MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

Funding for the RFCEditor function is currently provided by the

Internet Society.

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有