万维网服务之间的安全措施的动态协商的制作方法

文档序号:6419101阅读:575来源:国知局
导航: X技术> 最新专利>计算;推算;计数设备的制造及其应用技术
专利名称:万维网服务之间的安全措施的动态协商的制作方法
技术领域
本发明涉及协商和实现两个或更多个万维网服务之间的安全措施的基于计算机的设备和方法。更具体地说,本发明涉及指定输入和输出接口、与输入一致的安全合同的计算和生成以及按照协商的安全措施的安全实现的设备和方法。在权利要求书、说明书和附图中描述了本发明的具体方面。
背景技术
商家到商家(B2B)和应用到应用(A2A)电子商务正在取代用于电子数据交换(EDI)的旧协议。随着商家力争借助于B2B和A2A系统来提高它们的效率,出现了大量不兼容平台和竞争标准。在兼容标准之间,仍然需要填补相互之间的空隙。例如,企业定义了简单万维网服务是什么。与简单万维网服务有关的标准包括UDDI、WSDL、XSDL和SOAP。但是,这些标准没有完全满足实际B2B和A2A电子商务的安全性、可靠性、可管理性和编排(choregraphy)要求。尤其是安全性将许多选择和配置问题摆在人们面前。人们期望协同万维网服务和它们的安全性需要像非万维网商务那样演变。还没有任何随着万维网服务不断演变而动态地解决和更新安全选择和配置的综合或统一设备或方法。
许多企业首创扩展了可应用于B2B和A2A电子商务的标准。在编排方面的成果包括OASIS公司所作的ebXML/BPSS、IBM公司所作的WSFL和Microsoft公司所作的XLANG。在会话方面的成果包括OASIS公司所作的ebXML/TRP和Microsoft公司的WS-routing。占优势的安全成果是IBM和Microsoft公司所作的WS-security,还有称为SAML的OASIS公司所作的辅助安全成果。有关可靠性,存在Microsoft公司提出的建议、OASIS公司所作的ebXML/TRP和IBM公司所作的HTTPR。W3C正在解决所有这些领域中的标准化问题。主要工业巨头形成了称为WSI的竞争者联盟。但是,他们还没有解决动态安全协议问题。
于是,出现了开发为贸易伙伴动态解决安全选择和配置问题的方法和设备的机会。

发明内容
本发明涉及协商和实现两个或更多个万维网服务之间的安全措施的基于计算机的设备和方法。更具体地说,本发明涉及指定输入和输出接口、与输入一致的安全合同的计算和生成以及按照协商的安全措施的安全实现的设备和方法。在权利要求书、说明书和附图中描述了本发明的具体方面。


图1例示了共同体(community)和共同体的网络,它们是安全措施的计算机辅助动态协商可用的一个环境;图2描绘了安全措施(arrangement)的协商和实现;图3例示了算法类型之间的协调偏爱(preference);图4例示了当发送者对于安全措施的计算是本地的时,获取接收者信息的可替代实施例;和图5例示了可以用于实现本发明的这些方面的程序逻辑单元和资源的一个网络。
具体实施例方式
下面参照附图作出详细描述。描述优选实施例是为了举例说明本发明,而不是限制权利要求书所限定的本发明的范围。本领域的普通技术人员应该认识到,可以对如下的描述作出各种各样的等效改变。
图1例示了共同体和共同体的网络,它们是安全措施的计算机辅助动态协商可用的一个环境。在这些共同体中,一个共同体维护本地登记表,本地登记表包括诸如共同体组成部分的用户、公司、服务和连接器之类的信息。共同体可以是市场、企业或子企业。共同体可以属于一个或多个共同体网络。通常,共同体和网络存在一些共同的商业利益。互通性(interoperation)存在于一个或多个网络中的成员共同体之间。网络包括黄金市场网络1、贵金属市场网络2、专用网络3和全球贸易万维网4。在这个示例中,黄金市场网络1和贵金属市场网络2包含在全球贸易万维网4中。贵金属市场网络2包括黄金和白银市场14和13。黄金市场消费者可以在白银市场13中买卖白银,而白银市场消费者可以在黄金市场14中买卖黄金。一个共同体--PQR企业17属于黄金市场网络1、专用网络3和全球贸易万维网4,另一个共同体-ABC大供应商18属于专用网络3。在这个示例中,XYZ黄金市场14是买卖黄金的市场或共同体。多个企业属性这个共同体。像PQR企业17那样自己形成一个共同体的企业属于黄金市场网络1。这些共同体是黄金市场网络1和全球贸易万维网4的组成部分。小供应商15是黄金市场共同体的组成部分。其它企业16是作为黄金市场共同体网络1的组成部分的共同体。XYZ黄金市场14和其它黄金市场实体15-17之间的连接表示黄金市场要求参与黄金买卖的企业(共同体或其它)之间的所有业务都要经过XYZ黄金市场14,以便例如收集结帐和商业情报信息。PQR企业17是作为黄金市场的组成部分,与供应商18一起也作为局部专用网络的组成部分的共同体。小供应商15可以是本身不想形成共同体,而是将它的、诸如用户、机构、服务和转换之类的元数据登记在黄金市场的登记表中的个别小供应商。另一方面,ABC大供应商18形成它自己的专用网络,例如,由于它想要保存因开发它们相当昂贵而不允许一般公众访问的元数据、机构内系统和转换。由于PRQ 17是ABC 18的客户,所以它加入专用网络3中。金融服务提供商DEF金融市场12想要向全球贸易万维网4中的任何人提供金融服务,这样就形成它自己的共同体和与全球贸易万维网顶级市场11平起平坐。共同体的网络使共同体的全球登记表可供大家使用。全球登记表允许查找共同体和确定到那个共同体,或到可以路由准备到共同体的电子商务文档的外部连接器的一条或多条路线。从一个共同体路由到另一个共同体的文档可以在两个共同体的外部连接器之间直接路由,或者通过一个或多个中间共同体间接路由。在共同体登记表中也可以定义和维护涉及共同体的交易的商业和安全规则。一般说来,图1例示了产生对电子商务平台之间的互通性的推动力的实体和共同体的混合忠实性。
连接器是与其它应用程序通信的应用程序的一般术语。连接器可以对等(P2P)地或直接地通过起集线器、网关、外部端口、中心连接器等作用的其它连接器通信。P2P通信的连接器能够与使用相同传输/封装协议的其它连接器通信。当试图与不使用相同传输/封装协议的其它连接器通信时,P2P通信的连接器可以有选择地谋取进行翻译服务的其它中心连接器的帮助。直接通信的连接器根据路由规则,通过中心连接器通信。在有向图中可以映射连接器之间的路由规则,对于一种或多种传输/封装协议,支持一种或多种轴心辐条式拓扑结构(hub and spoke topology)。轴心辐条式拓扑结构分一层或多层使通信沿着辐条指向轴心。这有助于诸如结帐、商业情报收集、跟踪、审计、计费等的集中服务。像图2所建议的那样,多个轴心辐条式机构可以共用同一连接器,以支持不同传输/封装协议和技术。例如,可以要求较强的轴心辐条式机构将Sonic用作传输技术,而不是使用HTTP或HTTPS。可选地,通信路由可以取决于源和目的地是否是同一共同体的组成部分。在子共同体(它可能包括整个共同体)内,可能不需要集中功能,并且当与其它子共同体中的目的地通信时,在以不同方式(otherwise)被控制(to be directed)来与母连接器通信的连接器之间允许P2P通信。
连接器可能被标记成简单连接器(有时简称为连接器)、集线器(有时称为网关或路由器)或中心连接器。可替代地,可以在功能上描述它们。简单连接器被控制来通过中心连接器通信,除了允许它们在相同子共同体中的连接器之间进行P2P通信之外。所谓的集线器供明显指向它们或与它们链接的连接器使用。集线器可以提供不止一种功能,于是,可能不止一次地出现在从源到目的地的路线中。集线器转发电子商务文档或消息。集线器还可以在支持公用封装协议的传输协议之间进行翻译。例如,集线器可以翻译封装协议,并且还可以在发送而不是接收时实现不同的传输协议。中心连接器是集线器的特殊情况,它可以供没有明显指向它们或与它们链接的连接器使用。中心连接器可用于例如在根据路由规则从源开始穿过连接器没有通向支持目的地使用的传输/封装协议的任何集线器时,完成翻译功能。
模式和进程流提供了根据本发明的一些方面的安全措施的概况。在这种背景下,安全措施的协商是通过将发送和接收服务的安全简档用于确定相互同意的安全措施的基于计算机进程来实现的。最好,在无需用户介入的情况下,定期协商或潜在地更新这个安全措施。每当交换消息时或基于一些其它周期或偶发事件,譬如,每月、每周、每日发生影响消息在特定发送者和接收者之间交换的事件(例如,软件部件出现故障或安全偏爱发生改变),和当以前协商的措施失效时或基于一些其它周期或偶发事件,可以在用户的请求下或无需用户介入的情况下,协商、更新或有效性检验这种措施。源代码附录中的模式SecuritySender-ReceiverInfo.XSD描述了对安全措施的协商的一些输入。也在源代码附录中的模式SecurityContract.XSD描述了在所谓安全互通性合同文档(“SCID”)中,协商安全措施的一个实施例。进程流图1可以用于描述安全描述的协商和实现。
源代码附录中的模式SecuritySenderReceiverInfo.XSD可以用于证实对安全措施的协商数个输入文件。在这个实施例中,机器可读输入文件是XML文档。在其它实施例中,其它数据结构可以用于存储相同信息,例如,模仿XML代码的树结构。通过将文件装入诸如XML Spy TM之类的集成开发环境(IDE)中可以最好地理解模式SecuritySenderReceiverInfo.XSD,XML Spy TM提供模式的几种可替代视图,包括文档生成视图。发送者和接收者安全互通性合同文档信息块通过这种模式来定义。在Spy模式设计视图中观察到,SecuritySenderReceiverInfo.XSD包括用于定义发送者和接收者安全信息的几个部件。CommunitySecurityPolicyPreference部件声明共同体偏爱以签名首标、加密证件和证件偏爱。它可以用于为整个共同体指定默认值,也可以适用于为协作伙伴(CP)指定默认值。SAMsgSecurityPolicy部件允许指定签名和加密偏爱以及验证选项。在服务之间交换的消息可能存在多个部分。签名和加密策略可以应用于整个消息或各个部分。这种手段可以容易地推广到将签名和加密策略应用于各个部分内的单元。PublicKeys部件标识这个CP的密钥记录。ConnectorCapability部件向实现一部分安全措施的资源提供路由信息,譬如,连接器名。它包括诸如加密能力、签名能力、加密公开密钥方和签名公开密钥方之类的连接器能力参数。取决于涉及到签名还是加密,公开密钥方可以是发送者的CP、接收者的CP或连接器的拥有者。如果没有定义公开密钥方,则消息发送者的密钥可以用于签名,而消息接收者的密钥可以用于加密。SecurityContainer部件可以用于携带可用于安全的附加对象。SendingCPSecurityPolicyProfile部件包括发送CP可用证件信息。CPSendServicesSecurityPolicy和CPRecvSecurityPolicy部件分别包括发送和接收服务的数组安全策略。这里可以定义服务偏爱和超越(override)。
也在源代码附录中的模式SecurityContract.XSD可以用作准备机器可读安全互通性合同文档的模型。在这个实施例中,机器可读文档是XML文档。在其它实施例中,其它数据结构可以用于存储相同信息,例如,模仿XML代码的树结构。这种模式定义了策略和安全策略的通道。安全通道定义资源和到执行安全算法,譬如,签名、加密和验证算法的资源的路线。它也可以包括不拒绝和授权资源。
进程流图2可以用于描述安全措施的协商和实现。在一个实施例中,将发送和接收服务的偏爱保存在登记表201中。这个登记表可被发送和接收服务访问,以便每个服务可以计算安全措施,或者,它可用于发送和接收服务之一或两者可访问的安全措施计算服务。发送和接收服务可以保存它们自己的登记表。或者,可以为发送和接收服务开发一种协议,用于交换它们作为协商安全措施的一部分的安全偏爱。登记表201还可以保存与拥有服务的协商伙伴或协作伙伴所属的共同体或两者的默认偏爱有关的信息。一般说来,服务特有偏爱可能超越默认偏爱,或者,可以赋予某些默认偏爱优于服务特有偏爱。协作伙伴的默认偏爱可以与共同体的默认偏爱区别对待。安全措施计算服务202从登记表201或另一个源中取出安全措施偏爱的输入陈述并对其进行加工。在一个实施例中,这种计算服务是安全合同制订者。输出(203)一组安全措施。这些措施可能得到发送和接收服务确认,可能被发送和接收服务否决,也可能受到发送和接收服务信任。发送服务或向应发送服务205的另一个服务使用安全措施203来处理文档204,将其发送给接收服务209。在一些情况下,安全措施将要求从可信断言服务206获取断言。例如,发送和接收服务可能同意使用SAML服务来生成验证断言。安全措施203将要求生成SAML断言和发送服务205将从SAML服务器206中获取SAML断言。在另一个实施例中,可信服务206可以提供电子公证。可以委托银行或安全机构以与公证类似的功能生成验证断言。在一些情况下,安全措施将要求从公开密钥源208中获取用在非对称签名或加密中的公开密钥。例如,发送和接收服务可能同意使用XKMS服务来交换公开密钥。安全措施203将XKMS服务地址指定成公开密钥的源。发送服务205和接收服务209两者都访问同意的密钥源209。按照安全措施203,发送服务205通过网络207将文档204传送到接收方209。通过网络207的路由和传输可以是安全措施的组成部分,最好,可以由安全传输基础设施来管理。安全措施203可以由计算服务202提供给接收方209,要不然,可以由接收方来访问,与携带文档204的消息无关。可替代地,根据预先安排的协议,安全措施203可以与文档204一起包括进来。例如,它可以是消息首标的组成部分,或者,它可以是消息的独立部分。预先安排的协议可能要求利用各方的各自密钥签名和/或加密消息首标或消息部分。借助于上面关心的这种进程流和模式,可以说明来自源代码附录的例子。
文件SecuritySenderInfo.XML、SecurityReceiverInfo.XML和ComputeSecurityContract.XML提供了发送者偏爱和接收者偏爱和所得计算的安全措施的例子。在服从如上所述的XML模式的XML代码中陈述了发送者和接收者偏爱。在服从源代码附录中的SecurityContract.XSD的互通性安全合同文档中陈述了计算的安全措施。
在这个例子中,发送者偏爱信息包括共同体偏爱和服务偏爱。共同体偏爱阐述安全算法和偏爱,以签名首标、加密证件和在可用证件中作出选择。共同体偏爱也可以将安全算法排序,要不然,在安全算法之间指出偏爱。取代共同体的偏爱,或者除了共同体的偏爱之外,可以为协作伙伴提供类似的一组偏爱。在这个例子中,共同体在名为XMLSignatureAlgorithmTemplate的单元中存在六组签名算法选项,并在名为XMLEncryptionAlgorithm Template的单元中存在三组加密算法选项。这些组的选项都是模板。可以为特定算法提供不止一个选项模板。模板的使用简化了选项的配置并提高了发送和接收服务选择一致选项集的可能性。本例中的共同体不偏爱签名首标或加密证件,并接受基本证件。一般说来,共同体或协作伙伴可能偏爱服务可以选择的任何安全措施选项,或者,共同体或协作伙伴可能只偏爱一些选项。发送者偏爱文件中的共同体偏爱应该对应于在其它地方,譬如,在共同体偏爱的登记表项目中陈述的共同体偏爱。文件CommunitySecurityTemplatesPreference.XML是用于记录一些或所有共同体安全偏爱的文件的例子。
服务(在本例中,为发送服务)在SAMsgSecurityPolicy中记录它管理消息部分、整体签名与加密消息和进行验证的偏爱。消息可能具有几个部分。与消息部分相对应,服务可以标识消息部分和表达签名或不签名或加密或不加密消息部分的偏爱。在这个实施例中,可以选择对一类算法,譬如,一般算法或XML中专用算法的偏爱。在其它实施例中,服务可能不指定一类算法,或可能指定专用算法。
本例还覆盖了安全的其它措施。具有X509格式的接收者(购买者)公开密钥用于签名和验证。为发送服务标识两种资源一所谓的连接器,以用于签名和加密。发送者可用证件被标识成基本证件和X509证件。在SecurityPolicyTemplatePreference下从1到3排序发送服务的安全措施偏爱。在本例中,三种加密偏爱都用于XML专用加密。本例的这些和其它细节可以在源代码附录文件SecuritySenderInfo.XML中找到。
接收方偏爱可以在源代码附录文件SecurityReceiverInfo.XML中找到。一般说来,接收方偏爱简档的元素与发送方的那些非常相似,甚至从模式开始使用相同的元素类型。显著差异可以在验证和授权中找到,因为可应用于验证和授权的逻辑单元依赖于你正在出示你证件还是正在确定是否接受出示的东西。例如,发送方的SendingCPSecurityProfile列出了可用证件。这些元素不是接收方偏爱的组成部分。这种发放(issue)由标识AcceptedCredentials的接收方CPRecvServicesSecurityPolicy解决。
在本例中,陈述了安全措施逻辑单元协调的两种偏爱。一种偏爱在算法模板之间。元素SecurityPolicyTemplatePreference在发送和接收服务偏爱的每一个中出现两次,阐明了算法之间的共同体和服务特定偏爱。图3例示了协调算法类型之间的偏爱。堆栈301和302代表发送和接收偏爱。假设A是最安全的和G是最不安全的。在两个偏爱堆栈301和302中,偏爱B和D匹配。选择B或D的判定规则可能要考虑偏爱的一个堆栈或两个堆栈。例如,可能从匹配当中选择倾向于签名的接收服务偏爱(D)或倾向于加密的发送服务偏爱(B)。对这两种偏爱加以考虑,可以选择最安全的(B)或最不安全的(D)。在另一个实施例中,各自服务可能加权它们的偏爱或对它们的偏爱打分,组合权重或分数可以用于考虑这两种偏爱。第二种偏爱是是否签名或加密一部分消息。签名或加密什么由SAMsgSecurityPolicy的SAMsPart元素阐述。本例中的消息部分是Order和Image。在本例中,发送者和接收者偏爱对签名和加密Order匹配和只对加密Image匹配。除了Order之外,如果接收者想要签名的Image,偏爱将不匹配。然后,需要判定规则来解决失配问题。可用判定规则可以包括接收者取胜,发送者取胜,最高要求取胜,或最低要求取胜。一种偏爱协调确定是否应用安全措施。当应用安全措施时,在选项模型之间选择其它类型。
本例的一组计算安全措施出现在ComputeSecurityContact.XML中,下面部分地再现它ComputeSecurityContract.XML,which is partially reproduced below<SecurityContractlCD...>
<SecurityPolicies>
<SignaturePolicies>
<XMLDsigPolicy Policyld=″P-XMLSignatureRSA-MD5-C14N″>
<SignaturePolicyAlgorithm>...</SignaturePolicyAlgorithm>
<SignatureAlg...>MD5withRSA</SignatureAlg...>
<HashFunction>MD5</HashFunction>
<Canonical...>...14n-20001026</Canonical...>
<Transform>...#RoutingSignatureT...</Transform>
</XMLDsigPolicy>
</SignaturePolicies>
<EncryptionPolicies>
<XMLEncryptionPolicy Policyld=″P-XMLEncrypt3DES-RSA-2048″>
<EncryptionPolicyAlgorithm>http//www.w3.org/2001/04/xmlenc#</EncryptionPolicyAlgorithm>
<EncryptionMethod>http//www.w3.org/2001/04/xmlenc#3des-cbc</EncryptionMethod>
<KeySize>2048</KeySize>
<KeyEncryptionMethod>http//www.w3.org/2001/04/xmlenc#rsa-1_5</KeyEncryptionMethod>
</XMLEncryptionPolicy>
</EncryptionPolicies>
<EncryptionKeyInfo KeyOwner=″x-ccnscommerceone.comCollaborationParty∷sellParty″>
<PublicKeyID>DefauitTestCert</PublicKeyID>
<X509Data><X509Certificate>LS0tLS1...==</X509Certificate>
</X509Data>
</EncryptionKeyInfo>
</SecurityPolicies>
<SecurityChannel channelld=″CHANNEL1″sourceConnector=″x-ccnscup.commerceone.comconnector∷centerSell″targetConnector=″x-ccnscup.commerceone.comconnector∷centerSell″>
<Confidential Algorithmld=″P-XMLEncrypt3DES-RSA-2048″>
<PublicKeyName KeyOwner=″x-ccnscommerceone.comCollaborationParty∷sellParty″>DefaultTestCert</PublicKeyName>
<MessagePart PartName=″Order″isOptional=″false″/>
<MessagePart PartName=″Image″isOptional=″false″/>
</Confidential>
</SecurityChannel>
<SecurityChannel channelld=″CHANNEL2″sourceConnector=″x-ccnscup.commerceone.comconnector∷buy″targetConnector=″x-ccnscup.commerceone.comconnector∷sell″>
<Integrity Algorithmld=″P-XMLSignatureRSA-MD5-C14N″>
<PublicKeyName KeyOwner=″OwnerA″>BuyerPublicKey</PublicKeyName>
<MessagePart PartName=″Order″isOptional=″false″/>
</Integrity>
</SecurityChannel></SecurityContractlCD>
这组安全措施拥有安全策略和安全通道两个主要部分。在本例中,存在一个可应用于整个消息的安全策略和实现安全策略的各个部分的多个安全通道。安全策略部分展示签名策略和加密策略与加密密钥信息。它也可以展示与验证、授权和不拒绝发送或接收有关的信息。在本实施例中,同一签名和加密策略应用于文档的所有部分。在其它实施例中,多种算法可应用于不同部分。为签名、加密和验证选择的算法通过包含选项集的模板抽象化,从而简化算法的选择。所选算法与逻辑单元和资源相联系,因此,不同服务或进程可以用于签名/核实和加密/解密消息的不同部分。可以在安全策略部分的加密密钥单元中发送公开密钥或证书。安全通道部分描述应用安全策略所涉及的服务或连接器。对于特定策略,通道部分标识要求有助于应用安全策略(例如,发送服务请求加密)的源连接器和应用安全策略或起应用安全策略的逻辑单元和资源的中介作用的目标连接器。对于特定安全策略,譬如,签名、加密、验证、授权或不拒绝,在安全通道部分中提供执行安全策略所需的特定信息。
用于确定安全措施的数据可以分类成消息和活动相关数据、CP-服务相关数据、安全算法相关数据、路由相关数据、加密密钥相关数据和配置数据。与这些类别的使用有关的一些附加细节描述如下。消息和活动相关数据涉及数字签名、加密、不拒绝和授权。对于不拒绝,接收者可能对发送者要求不拒绝措施,相当于可信方核实到接收者的发送者消息。类似地,发送者可能对接收者要求不拒绝措施,相当于可信方核实接收者接收到发送者消息。除了上面的描述之外,应该提及的是,如果希望细粒度,签名和加密可以按单元应用于特定数据项。另外,可以为发送和接收服务对指定超越。例如,预先存在的或已证明的关系可以与整个新关系区别对待。可以实现对安全策略的超越,以便在特殊情况下谨慎地降低(或保证提高)安全要求。
CP-服务相关数据包括验证和授权数据。授权是准许或拒绝访问网络资源的过程。访问大多数计算机安全系统的授权是两步过程。第一步是验证,验证保证了当事人(用户、进程、应用或服务)是它声明的那个。第二步是授权,授权使当事人可以根据他们的身份访问各种资源。授权也被称为访问控制。访问控制用于授权访问万维网站资源。它管理有关用户、用户群和指定给用户的角色的信息。SAML提供了基于XML的手段来共享SOAP消息中有关安全事件(验证和授权)和属性(例如,客户信贷分类)的信息。然后,可以将这个SAML数据发送给第三方,并且,这还启用了‘distributed trust(分布式信任)’,从而用户签一次名,但可以重新使用他们的验证或授权细节。借助于SAML或类似的可信方技术,发放授权机构在请求者提供证据的情况下,针对对资源万维网服务的访问类型,判定是否准许主题服务(subjectservice)或发送者给出的请求。授权判定允许或拒绝对特定资源的主题访问。SAML对于万维网服务安全来说是有用选项,但它要求最初信任度和技术资源。在SAML不适用或不是优选的情况下,可以使用诸如ID/密码和与ID相联系的特权表之类的其它手段。本发明不受使用的授权技术限制,而是更抽象地推广到从当前适用的或以后发明的技术当中选择的那个。借助于SAML授权或ID/密码技术,可以加密授权数据和将它编制成消息。
安全算法相关数据包括算法和有关签名、加密和不拒绝的配置选项。正如模式所示的那样,签名算法选项(XML或non-XML)可以包括XMLDsig的使用、规范化算法的选择、签名方法和摘要算法。加密/解密选项(XML或non-XML)可以包括密钥长度、密钥和方法。默认值可以被服务继承,超越服务偏爱或被服务偏爱超越。另外,如上所述,可以为CP对指定特定超越。也如上所述的选项模板简化了安全措施的协商。不同选项将应用于XML和non-XML算法,例如,签名算法。XML签名算法,例如,XMLDsig,可以提供方法、规范化、变换和摘要的选项,而non-XML算法,例如,PCKS#7,可能只有签名和摘要方法的选项。共同体标准安全模板的使用是优选的,以保证在各个服务的偏爱表之间至少存在一个匹配。共同体可能要求在共同体内工作的所有CP或所有服务支持特定共同体标准安全选项集,以保证可以在共同体内交换消息。
路由相关数据包括如何访问实现验证/核实、签名/核实和加密/解密的逻辑单元和资源。可以使用任何类型的访问信息,例如,通用资源名(URN)或通用资源定位符(URL)。正如在上面引用的现有应用之一中讨论的那样,消息可能分多个跳段穿过用于转化或其它增值服务的连接器。于是,可以将多个路由步骤与任何动作相联系。在任何转化和其它增值服务之后通常需要重新考虑安全。
上面一般性地讨论了加密密钥相关数据。
配置数据包括默认(例如,共同体或协作伙伴)偏爱和证件偏爱。
图4例示了当发送者对于安全措施的计算是本地的时,获取接收者信息的可替代实施例。在该图中,标出了本地登记表431和远程登记表432。在本例中,发送者是本地的,而接收者是远程的。在本地登记表431中发送者数据是当前的和完整的。收集(421)发送者信息和使它可用于计算(411)安全措施的逻辑单元和资源。接收者数据可能是当前的和完整的,例如,如果接收者处在与发送者相同的共同体中和存在全共同体的登记表,或者,如果最近已经获得和本地高速缓冲了接收者信息。取决于可以找出(431或432)接收者信息的地方,调用进程422或423,以收集接收者信息和使它可用于计算安全措施的逻辑单元。得出一组安全措施401。
图5例示了可以用于实现本发明的这些方面的程序逻辑单元和资源的一个网络。这个网络的逻辑部件包括发送方收集部件551、接收方收集部件552、数据对象管理器541、路由管理器542、证件协商器531、模板协商器532、连接器管理器533、验证管理器521、策略管理器522、公开密钥管理器523、算法管理器524、策略制订器511、通道创建器512和安全措施文档创建器501。
在协作伙伴的共同体中运行生成安全措施的程序逻辑单元的一个实施例可以描述如下收集接收者安全信息,包括验证发送者CP的属性断言。收集发送者安全信息。观察路由块以找出实现安全措施的所有连接器信息。为每个连接器获取能力参数。走过路由链以找出哪个连接器对用于验证、签名和加密。获取接收者的服务-活动-消息对象。这可能包括获取来自接收者的SAMsgSecurityPolicy对象。这将含有多个部分和可以含有针对整个消息的签名和加密策略。它也可能包括获取来自发送者的SAMsgSecurity Policy对象,由此将超越选项与SAMsgSecurityPolicy对象匹配(下面将计算超越判定表)。从SAMsgSecuritypolicy对象中找出这个消息所需的所有算法,创建RequiredAlgorithmList。为SenderInfo和ReceiverInfo两者获取共同体偏爱对象。这可能包括获取发送者的CommunitySecurityTemplatesPreference对象,发送者的CommunitySecurityTemplatesPreference对象包括安全算法模板和共同体安全策略偏爱。如果不是同一共同体,这还可能包括接收者的CommunitySecurityTemplatesPreference对象。如果它们处在同一共同体中,也许设置对象指针就足够了。为发送者和接收者两者获取CP-Service对象和为相应共同体获取CP对象。这可能包括创建发送者和接收者的CPSecu-rityPolicyPreference。根据RequiredAlgorithmList中的发送者和接收者偏爱和判定规则,从偏爱表中选择,和创建RequiredTemplateObjectList。如果服务的各个偏爱表在任何算法上都不匹配,共同体默认值可以生成匹配。为接收者服务获取ServiceAuthentication对象。这将含有指定的一种或多种验证方法,包括接受的证件和验证模式。将来自ServiceAuthentication对象的证件与来自发送者的CPSecurityPolicyPreference的可用证件匹配。如果存在不止一个的匹配,那么,获取与来自接收者的CPSecurityPolicyPre-ference,或来自与接收者相对应的CommunitySecurityTemplatesPreference的CredentialPreference匹配的那一个。从接收者的CPSecurityPolicy-Preference或从接收者的CommunitySecurityTemplatesPreference对象中获取SignMessageHeader和EncryptCredential的值。如果在每个位置中都未指定值,则将它设置成诸如假值或真值之类的默认值。将接收者选择的可用发送者证件、在接收者的ServiceAuthentication对象中指定的验证模式、SignMessageHeader布尔属性和EncryptCredential用于验证算法。根据连接器的PublicKeyCapability获取适当密钥。这可能包括如果要求加密,则获取发送者的加密密钥,而如果要求签名,则获取接收者的签名密钥ID。如果要求X509验证,则获取接收者的验证密钥ID。创建安全措施的策略部分。找出通道部分的连接器并创建安全措施的通道部分。
判定表可以用于实现与是否签名或加密一部分消息有关的那种偏爱协调。此外,可以使判定偏向于接受不签名的偏爱或接受接收者偏爱,或正好相反。可以用于实现可能判定规则的一些判定表如下





本发明容易推广到支持在沿着发送器和接收器之间的路径的中间连接器上的签名和加密。能够在不是消息发送者或最终接收者的沿着路由路径的连接器上签名和加密文档是有用的。这可用于网关、路由器和中心连接器。对于网关,如果签名/力密消息数据从一种封装协议转换成另一种封装协议,可能需要由网关进行签名和加密。对于路由器和中心连接器,希望将指向企业的单个进入/退出点用于外部共同体。路由器或中心连接器可以起中心安全集线器的作用,或代表整个企业组织安全操作。这可以简化PKI管理和其它管理负担。这种功能可以通过在共同体的企业部分中建立连接器的安全能力来配置。连接器可以根据封装/传输协议配置成具有签名能力或加密能力,或可以与其它连接器上的协作伙伴的签名和加密能力链接。在网关和路由器的情况中,你可以将连接器配置成使用CP所有者或网关/路由器连接器的密钥。
本领域的普通技术人员可以从前面的描述中明显看出,根据本发明的这些方面和部件可以构造出各种各样的系统和方法。一个实施例是为一个或多个消息在发送和接收服务之间的交换确定安全选项的方法。这种方法使用对于第一和第二服务可能采取机器安全简档形式的发送者和接收者安全偏爱。安全简档可以标识各个服务可接受的安全选项/元素和选项子集。选项可能包括签名或加密消息的一个或多个部分的要求、与一个或多个签名算法相对应的签名选项子集、与一个或多个加密算法相对应的加密选项子集、签名和加密密钥的标识和验证算法的标识。动态方法包括访问安全简档和选择各自服务可接受的特定选项集。可选地,这个选项集可以用于在各个服务之间传送消息。本发明的几个选项和方面可以加到这个实施例中。安全简档可以保存在第一和第二服务的安全逻辑单元可访问的一个或多个登记表中。在共同体或协作伙伴安全简档中可以指定默认选项子集和/或偏爱,并且,可以将它们复制到服务安全简档。签名或加密的要求可以应用于一部分消息或整个消息。签名和加密算法可以应用于整个消息,从而降低复杂性。签名和加密密钥可以是对称的,也可以是非对称的。验证可以由诸如SAML服务器之类的可信代理在在各个服务之间传送消息之前进行。可信代理所作的验证可以通过验证断言证明。可替代地,验证可以包括由接收服务提交证件加以检查。这些证件可以是消息的一部分,或者,除了消息之外,发送这些证件。除了验证之外,通过安全措施可以解决授权。安全简档可以包括至少一个授权算法的标识以建立发送服务的特权。这种授权可以由可信代理在传送消息之前或通过将证件提交给接收消息的服务实现。本发明的进一步方面考虑了用于签名和/加密的选项子集当中各个服务的偏爱。可以考虑服务之一或两者的偏爱。可以应用上面讨论的判定规则的任何一项,包括接收者取胜、发送者取胜、最安全取胜、最不安全取胜或两个服务偏爱的加权因素。安全措施的确定可以包括确定各方为了实现签名、加密、验证、授权或不拒绝的任意组合而使用的资源。资源、算法和选项集可以被包装到安全通道。安全通道可以实现安全的一个方面。
虽然通过参照上面详述的优选实施例和例子公开了本发明,但应该明白,这些例子的用途是说明性的,而不是限制性的。在所述的实施例中暗示了计算机辅助处理。于是,本发明可以用计算机辅助处理的方法、包括实现这些方法的逻辑单元的系统、利用逻辑单元实现这些方法的媒体、利用逻辑单元实现这些方法的数据流或计算机可访问处理服务具体化。可以设想,本领域的普通技术人员可以容易地作出修改和组合,这些修改和组合在本发明的精神和所附权利要求书的范围内。
计算机程序列表附录SecuritySenderReceiverInfo.XSD<?xml version=″1.0″encoding=″UTF-8″?>-<!--edited with XML Spy v4.4U(http//www.xmlspy.com)by Symon Chang(Commerce One)-->-<xsschematargetNamespace=″publicidcom.commerceoneschemas/contract/helperinfo/v1_0/SecuritySenderReceiverInfo.xsd″xmlnsxs=″http//www.w3.org/2001/XMLSchema″xmlnssicd=″publicidcom.commerceoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″xmlnssicdr=″publicidcom.commerceoneschemas/contract/helperinfo/v1_0/SecuritySenderReceiverInfo.xsd″xmlnsds=″http//www.w3.org/2000/09/xmldsig#″xmlnssaml=″urnoasisnamestcSAML1.0assertion″xmlns=″publicidcom.commerceoneschemas/contract/helperinfo/v1_0/SecuritySenderReceiverInfo.xsd″elementFormDefault=″qualified″attributeFormDefault=″unqualified″><xsimportnamespace=″publicidcom.commerceoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″schemaLocation=″http//schemas.commerceone.com/schemas/soapextension/contract/security/v1_0/SecurityContract.xsd″/><xsimport namespace=″urnoasisnamestcSAML1.0assertion″schemaLocation=″http//www.oasis-open.org/committees/security/docs/cs-sstc-schema-assertion-01.xsd″/>-<!--Sender Security ICD Infomation Block-->-<xselement name=″SecuritySenderInfo″type=″SecuritySenderInfoType″>-<xsannotation>
<xsdocumentation>The root for all ICD security policyinfo fromthe sender.</xsdocumentation></xsannotation></xselement>-<!--Receiver Security ICD Infomation Block-->-<xselement name=″SecurityReceiverInfo″type=″SecurityReceiyerInfoType″>-<xsannotation>
<xsdocumentation>The root for all ICD security policy info fromthe Recevier.</xsdocumentation>
</xsannotation></xselement>-<!--Main Elements-->-<xselement name=″CommunitySecurityTemplatespreference″>-<xsannotation>
<xsdocumentation>Security Policy for this community,Including Security Algorithm Templates,CommunitySsecurity Policy Preferences and Community Security PolicyPreference.</xsdocumentation>
</xsannotation>
-<xscomplexType>
-<xssequence minOccurs=″0″>
<xselement ref=″sicdrSecurityAlgorithmTemplates″minOccurs=″0″/>
-<xselement name=″CommunitySecurityPolicyPreference″type=″sicdrConfiguredPreferencePolicyType″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>The preference will be signheader,encrypt credential,and credentialpreference,etc.It will be the default value forthe whole community.</xsdocumentation>
</xsannotation>
</xselement>
<xselement ref=″sicdrSecurityPolicyTemplatePreference″minOccurs=″0″maxOccurs=″unbounded″/>
</xssequence></xscomplexType></xselement>-<xselement name=″SendingCPSecurityPolicyProfile″>-<xsannotation>
<xsdocumentation>The Security Profile for the sendingCollaboration Party.It has CP′s Available Credentialsinfo.</xsdocumentation></xsannotation>-<xscomplexType>-<xssequence minOccurs=″0″>
<xselement name=″AvailableCredentials″type=″sicdrCredentialTypes″maxOccurs=″unbounded″/>
</xssequence></xscomplexType></xselement>-<xselement name=″SAMsgSecurityPolicy″type=″sicdrSAMsgPartsType″>-<xsannotation>
<xsdocumentation>Each Server/Active/Message have multipleparts and it can have signature and encryption policies forthe whole message.The authentication is defined at theservice level.</xsdocumentation></xsannotation></xselement>-<xselement name=″PublicKeys″type=″sicdPublicKeyType″>-<xsannotation><xsdocumentation>Public key records for this CP.The KeyIDwill be the unique key for the public key records.Thelocation will match all connectors within thisrequest.</xsdocumentation></xsannotation></xselement>-<xselement name=″ConnectorCapability″>-<xsannotation>
<xsdocumentation>Connector CapabilityParameters</xsdocumentation>
</xsannotation>-<xscomplexType>
-<xssequence>
-<xselement name=″EncryptionCapability″type=″xsboolean″>
-<xsannotation>
<xsdocumentation>Yes or No flag.The documentencryption/decryption can be performed at thisconnector or not.</xsdocumentation>
</xsannotation>
</xselement>
-<xselement name=″SignatureCapability″type=″xsboolean″>
-<xsannotation>
<xsdocumentation>Yes or No Flag.The signing themessage or verify the signature can beperformed at this connector ornot.</xsdocumentation>
</xsannotation>
</xselement>
-<xselement name=″EncryptionPublicKeyParty″type=″sicdCollaberationPartyID″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>The Public Key party that isused for encryption.This can be either sender′sCP or the owner of the connector.If it is notdefined,then the key of message receiver atthis connector location will be used forencryption.</xsdocumentation>
</xsannotation>
</xselement>
-<xselement name=″SigningPublicKeyParty″type=″sicdCollaberationPartyID″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>The Public Key party that isused for signing.This can be any CP or theowner of connector.If it is not defined,thenthe Key of message sender at this location willbe used for signature.</xsdocumentation>
</xsannotation>
</xselement>
</xssequence>
<xsattribute name=″ConnectorName″type=″xsstring″use=″optional″/></xscomplexType></xselement>-<!--Main Complex Types-->-<xscomplexType name=″SendingServicesSecurityPolicyType″>-<xsannotation>
<xsdocumentation>Servcies security policy for each CP.Thiscan be the policy for either sending or receivingservice.</xsdocumentation>
</xsannotation>
-<xssequence minOccurs=″0″>
<xselement ref=″sicdrSecurityPolicyTemplatePreference″minOccurs=″0″maxOccurs=″unbounded″/>
-<xselement ref=″ServiceAuthentication″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>Authentication method for a givenservice,including Accepted Credentials andAuthentication Mode.</xsdocumentation>
</xsannotation>
</xselement>
</xssequence>
</xscomplexType>
-<xscomplexType name=″ReceivingServicesSecurityPolicyType″>
-<xsannotation>
<xsdocumentation>Receiving Services security policy for eachCP</xsdocumentation>
</xsannotation>
-<xscomplexContent>
-<xsextension base=″sicdrSendingServicesSecurityPolicyType″>
-<xssequence minOccurs=″0″>
-<xselement ref=″sicdAuthorization″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>SAML Attribute Assertionfor the end connector to use.This will be adata type from SMALStandard.</xsdocumentation>
</xsannotation>
</xselement>
</xssequence>
</xsextension></xscomplexContent></xscomplexType>-<!--Simple Types-->-<xssimpleType name=″AuthenticateCapabilityTypes″>-<xsannotation>
<xsdocumentation>The Authenticate Capability for theconnector.</xsdocumentation></xsannotation>-<xsrestriction base=″xsNMTOKEN″>
<xsenumeration value=″LOCAL″/>
<xsenumeration value=″REMOTE″/>
<xsenumeration value=″BOTM″/>
<xsenumeration value=″NONE″/></xsrestriction></xssimpleType>-<xssimpleType name=″OverrideTypes″>-<xsannotation>
<xsdocumentation>Type of the override rules.This is used formatching.</xsdocumentation>
</xsannotation>
-<xsrestriction base=″xsNMTOKEN″>
<xsenumeration value=″Required″/>
<xsenumeration value=″Optional″/>
<xsenumeration value=″NotRequired″/>
</xsrestriction>
</xssimpleType>-<xssimpleType name=″NegotiationRuleTypes″>
-<xsannotation>
<xsdocumentation>Type of the Negotiation Ruleswhen thereare multiple matches during the algorithm negotiation,therule will determine which algorithm will be picked.It can bereceiver wins,sender wins,highest requirement wins orlowest requlrement wins.</xsdocumentation>
</xsannotation>
-<xsrestriction base=″xsNMTOKEN″>
<xsenumeration value=″ReceiverWins″/>
<xsenumeration value=″SenderWins″/>
<xsenumeration value=″MoreSecurityWins″/>
<xsenumeration value=″LessSecurityWins″/>
</xsrestriction></xssimpleType>-<xssimpleType name=″CategoryTypes″>-<xsannotation>
<xsdocumentation>Type of the algorithmcategory</xsdocumentation>
</xsannotation>-<xsrestriction base=″xsNMTOKEN″>
<xsenumeration value=″XMLSignature″/>
<xsenumeration value=″Signature″/>
<xsenumeration value=″XMLEncryption″/>
<xsenumeration value=″Encryption″/>
<xsenumeration value=″NonRepudiation″/>
<xsenumeration value=″NonRepudiationReceipt″/>
</xsrestriction></xssimpleType>-<xssimpleType name=″CredentialTypes″>-<xsannotation>
<xsdocumentation>Type of the credentialalgorithm</xsdocumentation></xsannotation>-<xsrestriction base=″xsNMTOKEN″>
<xsenumeration value=″BASIC″/>
<xsenumeration value=″X509″/>
<xsenumeration value=″BASE64_BINARY″/>
<xsenumeration value=″ANONYMOUS″/>
<xsenumeration value=″NONE″/></xsrestriction></xssimpleType>-<l--Elements and Complex types-->
-<xselement name=″ServiceAuthentication″>
-<xsannotation>
<xsdocumentation>Authentication method for a given service,including Accepted Credentials and AuthenticationMode.</xsdocumentation>
</xsannotation>
-<xscomplexType>
-<xssequence>
-<xselement name=″AcceptedCredentials″type=″sicdrCredentialTypes″maxOccurs=″5″>
-<xsannotation>
<xsdocumentation>Multiple credentiails can beaccpeted for a givenservice.</xsdocumentation>
</xsannotation>
</xselement>
<xselement ref=″sicdAuthenticateMode″/>
</xssequence>
</xscomplexType>
</xselement>-<xscomplexType name=″XMLSignatureAlgorithmTemplateType″>
-<xsannotation>
<xsdocumentation>Define XMLDsig type of policy andaigorithms</xsdocumentation>
</xsannotation>
-<xscomplexContent>
-<xsextensionbase=″sicdrAbstract_SecurityAlgorithmTemplateType″>
-<xssequence>
<xselement ref=″sicdXMLDsigPolicy″/>
</xssequence>
</xsextension>
</xscomplexContent></xscomplexType>-<xselement name=″XMLSignatureAlgorithmTemplate″type=″sicdrXMLSignatureAlgorithmTemplateType″>-<xsannotation>
<xsdocumentation>This is for XML onlysignature.</xsdocumentation>
</xsannctation></xselement>-<xselement name=″TemplateDescription″type=″xsstring″>-<xsannotation>
<xsdocumentation>This element is not used.It is a placeholderto circumvent a Castor bug.</xsdocumentation></xsannotation></xselement>-<xscomplexType name=″XMLEncryptionAlgorithmTemplateType″>-<xsannotation>
<xsdocumentation>Define XMLEnc type of policy andalgorithms</xsdocumentation></xsannotation>-<xscomplexContent>
-<xsextensionbase=″sicdrAbstract_SecurityAlgorithmTemplateType″>
-<xssequence>
<xselement ref=″sicdXMLEncryptionPolicy″/>
</xssequence>
</xsextension>
</xscomplexContent></xscomplexType>-<xselement name=″XMLEncryptionAlgorithmTemplate″type=″sicdrXMLEncryptionAlgorithmTemplateType″>-<xsannotation>
<xsdocumentation>This is for XML onlyencryption.</xsdocumentation>
</xsannotation></xselement>-<xscomplexType name=″Abstract_SecurityAlgorithmTemplateType″abstract=″true″>
-<xsannotation>
<xsdocumentation>The template will be used by the SICBuilder during run-time algorithmmatching.</xsdocumentation>
</xsannotation>
-<xssequence minOccurs=″0″>
-<xselement name=″Category″type=″sicdrCategoryTypes″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>The category of security algorithmtemplate.</xsdocumentation>
</xsannotation>
</xselement>
</xssequence>
<xsattribute name=″Name″type=″xsstring″use=″optional″/>
<xsattribute name=″ID″type=″xsstring″use=″optional″/></xscomplexType>-<xscomplexType name=″SecurityAlgorithmPreferenceType″abstract=″false″>-<xsannotation>
<xsdocumentation>The preference of each security algorithmpolicy.</xsdocumentation>
</xsannotation>-<xscomplexContent>
-<xsextensionbase=″sicdrAbstract_SecurityAlgorithmTemplateType″>
-<xssequence>
<xselement name=″Preference″type=″xsshort″/>
</xssequence>
</xsextension></xscomplexContent></xscomplexType>-<xselement name=″SecurityAlgorithmTemplates″>-<xsannotation>
<xsdocumentation>Each Community will have a set ofrecommended Security Algorithm for CP to selectfrom.</xsdocumentation></xsannotation>-<xscomplexType>
-<xssequence>
<xselement ref=″sicdrXMLSignatureAlgorithmTemplate″maxOccurs=″unbounded″/>
<xselement ref=″sicdrXMLEncryptionAlgorithmTemplate″maxOccurs=″unbounded″/>
</xssequence></xscomplexType></xselement>-<xscomplexType name=″ConfiguredPreferencePolicyType″>-<xsannotation>
<xsdocumentation>Define some configurable policy preference.
This can be either at whole community level or at the CPlevel.</xsdocumentation></xsannotation>-<xssequence>-<xselement name=″SignMessageHeader″type=″xsboolean″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>If set then the Header and ICDBlock will be signed.</xsdocumentation>
</xsannotation></xselement>-<xselement name=″EncryptCredential″type=″xsboolean″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>If set then the credential headerwill be encrypted.This only apply to the non-SAMLtype of of credential,where Authentication mode isTARGET.</xsdocumentation>
</xsannotation>
</xselement>-<xselement name=″CredentialPreference″type=″sicdrCredentialTypes″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>Select one from BASIC and X509.Itwill be used,when there are multiple credentialmatched condition.SICB will pick the one matchesto this field first.</xsdocumentation>
</xsannotation>
</xselement>-<xselement name=″NegotiationRule″type=″NegotiationRuleTypes″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>When there are multiple matchesduring the algorithm negotiation,the rule willdetermine which algorithm will be picked.It can bereceiver wins,sender wins,highest requirementwins or lowest requirementwins.</xsdocumentation>
</xsannotation>
</xselement></xssequence></xscomplexType>-<xselement name=″SecurityPolicyTemplatePreference″type=″sicdrSecurityAlgorithmPreferenceType″>-<xsannotation>
<xsdocumentation>The preference will be signature,XMLsignature,encryption,XML encryption,etc.It can have anynumber of preferences in each category.</xsdocumentation></xsannotation></xselement>-<xscomplexType name=″SAMsgPartElementType″>-<xsannotation>
<xsdocumentation>The element within the part fromServer/Activity/Message.</xsdocumentation></xsannotation>-<xssimpleContent>-<xsextenslon base=″xsstring″>
<xsattribute name=″Signature″type=″xsboolean″use=″optional″/>
<xsattribute name=″SignatureType″type=″xsanyURI″use=″optional″/>
<xsattribute name=″Encryption″type=″xsboolean″use=″optional″/>
<xsattribute name=″EncryptionType″type=″xsanyURI″use=″optional″/>
<xsattribute name=″BlockId″type=″xsshort″use=″optional″/></xsextension></xssimpleContent></xscomplexType>-<xscomplexType name=″SAMsgPartType″>-<xsannotation>
<xsdocumentation>The part within amessage.</xsdocumentation></xsannotation>-<xssequence minOccurs=″0″>-<xselement name=″SAMsgPartElement″minOccurs=″0″maxOccurs=″unbounded″>
-<xsannotation>
<xsdocumentation>This is for eachCP/Service/Activity/Message.The element isdefined by using XPath.If an element within thepart is defined,then the attributes of the elementwill be used to determinewhether the element willbe signed or encrypted.</xsdocumentation>
</xsannotation>
-<xscomplexType>
-<xssimpleContent>
<xsextension base=″sicdrSAMsgPartElementType″/>
</xssimpleContent>
</xscomplexType></xselement>-<xselement name=″PartSignatureAlgCategory″type=″sicdrSAMsgPartSignatureAlgorithmType″minOccurs=″0″>-<xsannotation>
<xsdocumentation>If the signature algorithm isdefined,then the whole part will besigned.</xsdocumentation>
</xsannotation>
</xselement>
-<xselement name=″PartEncryptionAlgCategory″type=″sicdrSAMsgPartEncryptionAlgorithmType″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>If the encryption algorithm isdefined,then the whole part will beencrypted.</xsdocumentation>
</xsannotation>
</xselement></xssequence><xsattribute name=″PartName″type=″xsstring″use=″required″/><xsattribute name=″SignatureType″type=″xsanyURI″use=″optional″/><xsattribute name=″EncryptionType″type=″xsanyURI″use=″optional″/><xsattribute name=″BlockId″type=″xsshort″use=″optional″/><xsattribute name=″isOptional″type=″xsboolean″use=″optional″default=″false″/></xscomplexType>-<xscomplexType name=″SAMsgPartsType″>-<xsannotation>
<xsdocumentation>The root for parts in a message for eachCP/Service/Activity.</xsdocumentation></xsannotation>-<xssequence>-<xselement name=″SAMsgPart″type=″sicdrSAMsgPartType″minOccurs=″0″maxOccurs=″unbounded″>
-<xsannotation>
<xsdocumentation>This is for eachCP/Service/Activity.Each message part hasmultiple elements and it can have signature orencryption policies for the messagepart.</xsdocumentation>
</xsannotation></xselement>-<xselement name=″SAMsgSignatureAlgCategory″type=″sicdrSAMsgSignatureAlgorithmType″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>If the signature policy is defined,then the whole message will besigned.</xsdocumentation>
</xsannotation></xselement>-<xselement name=″SAMsgEncryptionAlgCategory″type=″sicdrSAMsgEncryptionAlgorithmType″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>If the encryption policy is defined,then the whole message will beencrypted.</xsdocumentation>
</xsannotation>
</xselement>
</xssequence>
<xsattribute name=″MessageName″type=″xsstring″use=″optional″/>
</xscomplexType>
-<xscomplexType name=″Abstract_CPMessageSecurityAlgorithmType″abstract=″true″>
-<xsannotation>
<xsdocumentation>This type will have Encryption or SignatureAlgorithms.</xsdocumentation>
</xsannotation>
<xsattribute name=″Override″type=″sicdrOverrideTypes″use=″optional″/>
</xscomplexType>
-<xscomplexType name=″SAMsgPartEncryptionAlgorithmType″>
-<xsannotation>
<xsdocumentation>Define the encryption policy for each partwithin a message perCP/Service/Activity</xsdocumentation>
</xsannotation>
-<xscomplexContent>
-<xsextensionbase=″sicdrAbstract_CPMessageSecurityAlgorithmType″>
-<xssequence>
-<xschoice>
<xselement name=″XMLEncryptionAlgCategory″type=″sicdrCategoryTypes″fixed=″XMLEncryption″minOccurs=″0″/>
<xselement name=″EncryptionAlgCategory″type=″sicdrCategoryTypes″fixed=″Encryption″minOccurs=″0″/>
</xschoice>
</xssequence>
</xsextension></xscomplexContent></xscomplexType>-<xscomplexType name=″SAMsgEncryptionAlgorithmType″>-<xsannotation>
<xsdocumentation>Define the category of the encryption policyfor the whole message per CP/Service/Activity.In this case,both XML and Non-XML must be defined.</xsdocumentation></xsannotation>-<xscomplexContent>-<xsextensionbase=″sicdrAbstract_CPMessageSecurityAlgorithmType″>
-<xssequence>
<xselement name=″XMLEncryptionAlgCategory″type=″sicdrCategoryTypes″fixed=″XMLEncryption″/>
<xselement name=″EncryptionAlgCategory″type=″sicdrCategoryTypes″fixed=″Encryption″minOccurs=″0″/>
</xssequence></xsextension></xscomplexContent>
</xscomplexType>-<xscomplexType name=″SAMsgPartSignatureAlgorithmType″>
-<xsannotation>
<xsdocumentation>Define the signature policy for each partwithin a message perCP/Service/Activity</xsdocumentation>
</xsannotation>
-<xscomplexContent>
-<xsextensionbase=″sicdrAbstract_CPMessageSecurityAlgorithmType″>
-<xssequence>
-<xschoice>
<xselement name=″SignatureAlgCategory″type=″sicdrCategoryTypes″fixed=″Signature″minOccurs=″0″/>
<xselement name=″XMLSignatureAlgCategory″type=″sicdrCategoryTypes″fixed=″XMLSignature″minOccurs=″0″/>
</xschoice>
</xssequence>
</xsextension></xscomplexContent></xscomplexType>-<xscomplexType name=″SAMsgSignatureAlgorithmType″>-<xsannotation>
<xsdocumentation>Define the category of the signature policyfor the whoie message per CP/Service/Activity.In this case,only the XML Signature algorithm will bedefined.</xsdocumentation></xsannotation>-<xscomplexContent>-<xsextensionbase=″sicdrAbstract_CPMessageSecurityAlgorithmType″>
-<xssequence>
<xselement name=″XMLSignatureAlgCategory″type=″sicdrCategoryTypes″fixed=″XMLSignature″/>
</xssequence></xsextension></xscomplexContent></xscomplexType>-<xselement name=″CPSendServicesSecurityPolicy″>-<xsannotation>
<xsdocumentation>For the CP/Sending Service will have a setof security policy.The policy is defined per Sending CP′spreferences.This will be used foroverride.</xsdocumentation></xsannotation>-<xscomplexType>-<xscomplexContent>-<xsextensionbase=″sicdrSendingServicesSecurityPolicyType″>
-<xsattribute name=″AuthenticateParty″type=″sicdCollaberationPartyID″use=″optional″>
-<xsannotation>
<xsdocumentation>Host service delegateparty ID or the Sender′s partyID</xsdocumentation>
</xsannotation>
</xsattribute>
<xsattribute name=″DelegateFlag″type=″xsboolean″use=″optional″default=″false″/>
</xsextension>
</xscomplexContent>
</xscomplexType></xselement>-<xscomplexType name=″SecuritySenderInfoType″>-<xscomplexContent>
-<xsextension base=″SecurityInfoType″>
-<xssequence minOccurs=″0″>
<xselement ref=″sicdrSendingCPSecurityPolicyProfile″mlnOccurs=″0″/>
-<xselement ref=″CPSendServicesSecurityPolicy″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>For the CP/SendingService will have a set of security policy.
The policy is defined perSending CP′spreferences.This will be used foroverride.</xsdocumentation>
</xsannotation>
</xselement>
</xssequence>
</xsextension></xscomplexContent></xscomplexType>-<xselement name=″CPRecvServicesSecurityPolicy″type=″sicdrRecelvingServicesSecurityPolicyType″>-<xsannotation>
<xsdocumentation>For each CP,every Receiving Service willhave a set of security policy.The policy is defined perReceiving CP′s requirements.</xsdocumentation></xsannotation></xselement>-<xscomplexType name=″SecurityReceiverInfoType″>-<xscomplexContent>-<xsextension base=″sicdrSecurityInfoType″>-<xssequence minOccurs=″0″>
-<xselement ref=″sicdrCPRecvServicesSecurityPolicy″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>For each CP,everyReceiving Service will have a set ofsecurity policy.The policy is defined perReceiving CP′srequirements.</xsdocumentation>
</xsannotation>
</xselement></xssequence>
</xsextension>
</xscomplexContent>
</xscomplexType>
-<xscomplexType name=″SecurityInfoType″>
-<xssequence minOccurs=″0″>
-<xselementref=″sicdrCommunitySecurityTemplatesPreference″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>Security Policy for this community,including Security Algorithm Templates,defaultsecurity Policy Templates and Community SecurityPolicy Preference.</xsdocumentation>
</xsannotation>
</xselement>
-<xselement ref=″sicdrSAMsgSecurityPolicy″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>Each Server/Active/Message havemultiple parts and it can have signature andencryption policles for the whole message.Theauthentication is defined at the servicelevel.</xsdocumentation>
</xsannotation>
</xselement>
-<xselement ref=″sicdrPublicKeys″minOccurs=″0″maxOccurs=″unbounded″>
-<xsannotation>
<xsdocumentation>Public key records for this CP.TheKeyID will be the unique key for the public keyrecords.The location will match all connectorswithin this request.</xsdocumentation>
</xsannotation>
</xselement>
-<xselement ref=″sicdrConnectorCapability″minOccurs=″0″maxOccurs=″unbounded″>
-<xsannotation>
<xsdocumentation>Connector CapabilityParameters</xsdocumentation>
</xsannotation>
</xselement>
<xselement ref=″sicdSecurityContainer″minOccurs=″0″maxOccurs=″unbounded″/>
</xssequence>
<xsattribute name=″passcode″type=″xsbase64Binary″use=″optional″/></xscomplexType></xsschema>
SecurityContractKeyInfo.XSD<?xml version=″1.0″encoding=″UTF-8″?>-<!--edited with XML SPy v4.4U(http//www.xmlspy.com)by Symon Chang(Commerce One)-->-<xsschematargetNamespace=″publicidcom.commereeoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″xmlnssicd=″publicidcom.commerceoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″xmlnsxs=″http//www.w3.org/2001/XMLSchema″elementFormDefault=″qualified″attributeFormDefault=″unqualified″version=″1.0″>-<xssimpleType name=″CollaberationPartyID″>
-<xsannotation>
<xsdocumentation>This is the Collaboration Partner′sID</xsdocumentation>
</xsannotation>
<xsrestriction base=″xsstring″/></xssimpleType>-<xssimpleType name=″KeyUsageTypes″>-<xsannotation>
<xsdocumentation>Key is used for signature,encryption,and/or authentication.</xsdocumentation>
</xsannotation>-<xsrestriction base=″xsNMTOKENS″>
<xsenumeration value=″AUTHENTICATION″/>
<xsenumeration value=″ENCRYPTION″/>
<xsenumeration value=″SIGNATURE″/>
<xsenumeration value=″SSL″/>
</xsrestriction></xssimpleType>-<xssimpleType name=″KeyAlgorithmTypes″>-<xsannotation>
<xsdocumentation>Key is RSA or DSA type ofkey.</xsdocumentation></xsannotation>-<xsrestriction base=″xsNMTOKENS″>
<xsenumeration value=″RSA″/>
<xsenumeration value=″DSA″/></xsrestriction></xssimpleType>-<xssimpleType name=″AuthenticateModeTypes″>-<xsannotation>
<xsdocumentation>The locatlon of where the authenticationtakes place.NONE means neither source nor targetconnector will perform the authentlcation.This may be thecase of letting foreign connector to perform theauthentication.</xsdocumentation></xsannotation>-<xsrestrictlon base=″xsNMTOKEN″>
<xsenumeration value=″SOURCE″/>
<xsenumeration value=″TARGET″/>
<xsenumeration value=″NONE″/>
</xsrestriction>
</xssimpleType>
-<xselement name=″PublicKey″type=″sicdPublicKeyType″>
-<xsannotation>
<xsdocumentation>The Public Key record.Each public key willhave partyID,KeyInfo,description andusages.</xsdocumentation>
</xsannotation>
</xselement>
-<xselement name=″EncryptionKeyInfo″>
-<xsannotation>
<xsdocumentation>The KeyInfo that has both PublicKeyID andX509Data for encryption.</xsdocumentation>
</xsannotation>
-<xscomplexType>
-<xscomplexContent>
-<xsextension base=″sicdKeyInfoType″>
<xsattribute name=″KeyOwner″type=″sicdCollaberationPartyID″use=″optional″/>
</xsextension>
</xscomplexContent></xscomplexType></xselement>-<xscomplexType name=″PublicKeyType″>-<xsannotation>
<xsdocumentation>The Public Key record,including PartyID,KeyInfo,Usages and Description.</xsdocumentation></xsannotation>-<xssequence><xselement ref=″sicdPartyID″/>-<xselement ref=″sicdEncryptlonKeyInfo″>-<xsannotation>
<xsdocumentation>The KeyInfo block that has KeyIDand X509 Data.</xsdocumentation>
</xsannotation></xselement>-<xselement ref=″sicdKeyTypeUsage″maxOccurs=″4″>-<xsannotation>
<xsdocumentation>Key is used for signature,encryption,and/orauthentication.</xsdocumentation></xsannotation></xselement>-<xselement name=″KeyAlgorithm″type=″sicdKeyAlgorithmTypes″minOccurs=″0″>-<xsannotation>
<xsdocumentation>The Key is RSA or DSAkey</xsdocumentation></xsannotation></xselement><xselement ref=″sicdDescription″minOccurs=″0″/>-<xselement name=″Location″type=″xsstring″minOccurs=″0″>-<xsannotation>
<xsdocumentation>The connector ID that key thePrlvate Key.</xsdocumentation>
</xsannotation>
</xselement>
</xssequence>
</xscomplexType>
-<xselement name=″PartyID″type=″sicdCollaberationPartyID″>
-<xsannotation>
<xsdocumentation>Trading partner ID or Collaboration PartnerID in UUID format.</xsdocumentation>
</xsannotation>
</xselement>
-<xselement name=″Description″type=″xsstring″>
-<xsannotation>
<xsdocumentation>The description of thekey</xsdocumentation>
</xsannotation>
</xselement>
-<xselement name=″KeyTypeUsage″type=″sicdKeyUsageTypes″>
-<xsannotation>
<xsdocumentation>Key is used for signature,encryption,and/or authentication.</xsdocumentation>
</xsannotation>
</xselement>-<xselement name=″KeyInfo″>
-<xsannotation>
<xsdocumentation>The KeyInfo object is from the XMLDsigdsKeyInfo object.However,within SICD we only use PublicKey ID field.</xsdocumentation>
</xsannotation>
-<xscomplexType>
-<xssequence>
<xselement ref=″sicdPublicKeyID″/>
</xssequence>
</xscomplexType></xselement>-<xselement name=″PublicKeyID″type=″xsstring″>-<xsannotation>
<xsdocumentation>The Public Key ID is a unique key ID(UUIDor from XMKS server).</xsdocumentation>
</xsannotation></xselement>-<xselement name=″PublicKeyName″type=″sicdPublicKeyNameType″>-<xsannotation>
<xsdocumentation>The Name of the Public Key.It is same asthe PublicKeyID but has owner name as the optionalattribute.</xsdocumentation></xsannotation></xselement>-<xscomplexType name=″PublicKeyNameType″>-<xssimpleContent>-<xsextension base=″xsstring″>
<xsattribute name=″KeyOwner″type=″sicdCollaberationPartyID″use=″optional″/>
</xsextension>
</xssimpleContent>
</xscomplexType>
-<xscomplexType name=″KeyInfoType″>
-<xsannotation>
<xsdocumentation>This is for Encryption.The KeyInfo object isfrom the XMLDsig dsKeyInfo object.However,within SICDwe only use Public Key ID and X509 Certificate twofields.</xsdocumentation>
</xsannotation>
-<xssequence>
<xselement ref=″sicdPublicKeyID″/>
-<xselement name=″X509Data″minOccurs=″0″>
-<xscomplexType>
-<xssequence>
<xselement name=″X509Certificate″type=″xsbase64Binary″/>
</xssequence>
</xscomplexType>
</xselement>
</xssequence></xscomplexType>-<!--Policy Types-->-<xscomplexType name=″Abstract_PolicyType″abstract=″true″>
-<xsannotation>
<xsdocumentation>This is the abstract policy for all securitypolicy related algorithm.The ID is the Template Name forthe Algorithm.</xsdocumentation>
</xsannotation>
<xsattribute name=″PolicyId″type=″xsstring″use=″optional″/></xscomplexType>-<xscomplexType name=″Abstract_CredentialPolicyType″abstract=″true″>
-<xsannotation>
<xsdocumentation>This is the abstract policy for authenticationcredential policy algorithm.</xsdocumentation>
</xsannotation>
-<xscomplexContent>
-<xsextension base=″sicdAbstract_PolicyType″>
-<xssequence>
<xselement name=″CredentialPolicyAlgorithm″type=″xsstring″/>
</xssequence>
</xsextension></xscomplexContent></xscomplexType>-<xselement name=″AuthenticateImplementation″type=″xsstring″>-<xsannotation>
<xsdocumentation>Optional for different implementation,suchas SAML,SecureID,or Kerberos.</xsdocumentation></xsannotation></xselement>
-<xselement name=″AuthenticateMode″type=″sicdAuthenticateModeTypes″>
-<xsannotation>
<xsdocumentation>The location of where the authenticationtakes place.It can be either SOURCE connector or TARGETconnector.SOURCE means the sender′s local connectors willperform SAML Single Sign-On type of authentication.
TARGET means the connector on the receiving end willperform the authentication.NONE means neither source nortarget connector will perform the authentication.This maybe the case of letting forelgn connector to perform theauthentication.</xsdocumentation>
</xsannotation>
</xselement>
-<xscomplexType name=″AuthenticationCredentialPolicyType″>
-<xsannotation>
<xsdocumentation>This authentication and credential policywill work for Basic and X509.</xsdocumentation>
</xsannotation>
-<xscomplexContent>
-<xsextension base=″sicdAbstract_CredentialPolicyType″>
-<xssequence minOccurs=″0″>
<xselement ref=″sicdAuthenticateMode″/>
<xselement ref=″sicdAuthenticateImplementation″minOccurs=″0″/>
</xssequence>
</xsextension>
</xscomplexContent>
</xscomplexType>
-<xscomplexType name=″AnonymousCredentialPolicyType″>
-<xsannotation>
<xsdocumentation>This is an anonymous credential policy typethat has no credential.</xsdocumentation>
</xsannotation>
-<xscomplexContent>
-<xsrestriction base=″sicdAbstract_CredentialPolicyType″>
-<xssequence>
<xselement name=″CredentialPolicyAlgorithm″type=″xsstring″fixed=″Anonymous″/>
</xssequence>
</xsrestriction>
</xscomplexContent></xscomplexType>-<xscomplexType name=″BasicCredentialPolicyType″>-<xsannotation>
<xsdocumentation>This is a basic credential policy type thatuses ID and password as credential.</xsdocumentation></xsannotation>-<xscomplexContent>
<xsextension base=″sicdAuthenticationCredentialPolicyType″/></xscomplexContent></xscomplexType>-<xscomplexType name=″X509CredentialPolicyType″>
-<xsannotation>
<xsdocumentation>This is a X509 credantial policytype.</xsdocumentation>
</xsannotation>
-<xscomplexContent>
<xsextension base=″sicdAuthenticationCredentialPolicyType″/>
</xscomplexContent>
</xscomplexType>-<xscomplexType name=″BASE64_BINARYCredentialPolicyType″>
-<xsannotation>
<xsdocumentation>This is a BASE64_BINARY_CREDENTIALpolicy type.</xsdocumentation>
</xsannotation>
-<xscomplexContent>
-<xsextension base=″sicdAuthenticationCredentialPolicyType″>
-<xssequence>
<xselement name=″valueType″type=″xsQName″/>
<xselement name=″encodingType″type=″xsQName″/>
</xssequerce>
</xsextension>
</xscomplexContent></xscomplexType>-<xscomplexType name=″Abstract_EncryptionPolicyType″abstract=″true″>
-<xsannotation>
<xsdocumentation>This is the abstract policy for Encryptionpolicy algorithm.</xsdocumentation>
</xsannotation>
-<xscomplexContent>
-<xsextension base=″sicdAbstract_PolicyType″>
-<xssequence>
<xselement name=″EncryptionPolicyAlgorithm″type=″xsstring″/>
<xselement name=″EncryptionMethod″type=″xsstring″/>
<xselement ref=″sicdKeySize″/>
<xselement ref=″sicdSymmetryKeySize″minOccurs=″0″/>
</xssequerce>
</xsextension></xscomplexContent></xscomplexType>-<xscomplexType name=″EncryptionPolicyType″>-<xsannotation>
<xsdocumentation>This encryption policy will work for bothXMLEnc and PKCS#7.</xsdocumentation></xsannotation>-<xscomplexContent>-<xsextension base=″sicdAbstract_EncryptionPolicyType″>
-<xssequence>
<xselement name=″KeyEncryptionMethod″type=″xsstring″minOccurs=″0″/>
</xssequence>
</xsextension>
</xscomplexContent>
</xscomplexType>
-<xselement name=″KeySize″>
-<xsannotation>
<xsdocumentation>This is the asymmetry encryption orsymmetry key size,depends which algorithm is used.For anasymmetry case,this will be the asymmetry key size,andthe symmetry key size is defined on the SymmetryKeySizefield.</xsdocumentation>
</xsannotation>
-<xssimpleType>
-<xsrestriction base=″xsshort″>
<xsminInclusive value=″56″/>
<xsmaxExclusive value=″4096″/>
</xsrestriction>
</xssimpleType>
</xselement>
-<xselement name=″SymmetryKeySize″>
-<xsannotation>
<xsdocumentation>This is the symmetry encryption key size,ifthe asymmetry algorithm is used.</xsdocumentation>
</xsannotation>
-<xssimpleType>
-<xsrestriction base=″xsshort″>
<xsminInclusive value=″56″/>
<xsmaxExclusive value=″4096″/>
</xsrestriction>
</xssimpleType></xselement>-<xscomplexType name=″XMLEncryptionPolicyType″>-<xsannotation>
<xsdocumentation>This will work for any encryption policytype.</xsdocumentation>
</xsannotation>-<xscomplexContent>
-<xsextension base=″sicdAbstract_EncryptionPolicyType″>
-<xssequence>
<xselement name=″KeyEncryptionMethod″type=″xsstring″default=″http//www.w3.org/2001/04/xmlenc#rsa-1_5″/>
<xselement name=″DecryptionTransform″type=″xsstring″minOccurs=″0″/>
</xssequence>
</xsextension></xscomplexContent></xscomplexType>-<xscomplexType name=″Abstract_SignaturePolicyType″abstract=″true″>-<xsannotation>
<xsdocumentation>This is the abstract policy for DigitalSignature policy algorithm.</xsdocumentation></xsannotation>-<xscomplexContent>
-<xsextension base=″sicdAbstract_PolicyType″>
-<xssequence>
<xselement name=″SignaturePolicyAlgorithm″type=″xsstring″/>
<xselement name=″SignatureAlgorithm″type=″xsstring″/>
<xselement name=″HashFunction″type=″xsstring″/>
</xssequence>
</xsextension>
</xscomplexContent>
</xscomplexType>
-<xscomplexType name=″SignaturePolicyType″>
-<xsannotation>
<xsdocumentation>This will work for any digital signaturepolicy type.</xsdocumentation>
</xsannotation>
-<xscomplexContent>
<xsextension base=″sicdAbstract_SignaturePolicyType″/>
</xscomplexContent>
</xscomplexType>
-<xscomplexType name=″XMLDsigPolicyType″>
-<xsannotation>
<xsdocumentation>This is for XMLDsigpolicy.</xsdocumentation>
</xsannotation>
-<xscomplexContent>
-<xsextension base=″sicdSignaturePolicyType″>
-<xssequence>
<xselement name=″CanonicalizationMethod″type=″xsstring″minOccurs=″0″/>
<xselement name=″Transform″type=″xsstring″minOccurs=″0″/>
</xssequence>
</xsextension>
</xscomplexContent></xscomplexType>-<!--Message Part-->-<xscomplexType name=″PartElementType″>-<xsannotation>
<xsdocumentation>Xpath is used to define the element withinthe part of the message.</xsdocumentation>
</xsannotation>-<xssimpleContent>
-<xsextension base=″xsstring″>
<xsattribute name=″Type″type=″xsanyURI″use=″optional″/>
<xsattribute name=″BlockId″type=″xsshort″use=″optional″/>
</xsextension></xssimpleContent></xscomplexType>-<xscomplexType name=″MessagePartsType″>
-<xsannotation>
<xsdocumentation>The part within a message.URI is used todefine the part.</xsdocumentation>
</xsannotation>
-<xssequence>
-<xselement name=″PartElement″type=″sicdPartElementType″minOccurs=″0″maxOccurs=″unbounded″>
-<xsannotation>
<xsdocumentation>The element within the part.It isonly apply to XML type of messagepart.</xsdocumentation>
</xsannotation>
</xselement>
</xssequence>
<xsattribute name=″PartName″type=″xsstring″use=″required″/>
<xsattribute name=″Type″type=″xsanyURI″use=″optional″/>
<xsattribute name=″AlgorithmId″type=″xsstring″use=″optional″/>
<xsattribute name=″BlockId″type=″xsshort″use=″optional″/>
<xsattribute name=″isOptional″type=″xsboolean″use=″optional″default=″false″/></xscomplexType>-<xselement name=″MessagePart″type=″sicdMessagePartsType″>-<xsannotation>
<xsdocumentation>The part within the message.TheAlgorithmId is for this part.If the AlgorithmId is notdefined,then parent′s AlgorithmId will beused.</xsdocumentation>
</xsannotation></xselement></xsschema>
SecurityContract.XSD<?xml version=″1.0″encoding=″UTF-8″?>-<!--edited with XML Spy v4.4U(http//www.xmlspy.com)by Chong Hsu(Commerce One)-->-<!-Security Interop Contract DocumentCreated bySymon ChangCopyright 2002 Commerce One,Inc.-->-<xsschematargetNamespace=″publicidcom.commerceoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″xmlnssaml=″urnoasisnamestcSAML1.0assertion″xmlnssicd=″publicidcom.commerceoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″xmlnsxs=″http//www.w3.org/2001/XMLSchema″xmlnsds=″http//www.w3.org/2000/09/xmldsig#″elementFormDefault=″qualified″attributeFormDefault=″unqualified″version=″1.0″>-<!--imports-->
-<!--<xsimportnamespace=″publicidcom.commerceoneschemas/soapextension/contract/v1_0/InteroperabilityContract.xsd″schemaLocation=″http//schemas.commerceone.com/schemas/soapextension/contract/v1_0/InteroperabilityContract.xsd″/>--><xsimport namespace=″urnoasisnamestcSAML1.0assertion″schemaLocation=″http//www.oasis-open.org/committees/security/docs/cs-sstc-schema-assertion-01.xsd″/>-<!--includes--><xsinclude schemaLocation=″SecurityContractKeyInfo.xsd″/>-<!--Schema for Security Policies-->-<!--top element-->-<xselement name=″SecurityContractICD″type=″sicdSecurityContractType″>-<xsannotation>
<xsdocumentation>The Security Interop Contract agreement.Itdefines Policies and channels for securitypolicles.</xsdocumentation></xsannotation></xselement>-<!--Schema for Security Policies-->-<!--Define Crdetential Policies-->-<xselement name=″BasicCredentialPolicy″type=″sicdBaslcCredentialPolicyType″>
-<xsannotation>
<xsdocumentation>The credential and authentication algorithmpolicy for ID and Password.</xsdocumentation>
</xsannotation></xselement>-<xselement name=″X509CredentialPolicy″type=″sicdX509CredentialPolicyType″>
-<xsannotation>
<xsdocumentation>The credential and authentication algorithmpolicy for X.509 Certificate.</xsdocumentation>
</xsannotation></xselement>-<xselement name=″AnonymousCredentialPolicy″type=″sicdAnonymousCredentlalPolicyType″>
-<xsannotation>
<xsdocumentation>The credential and authentication algorithmpolicy for no credential.</xsdocumentation>
</xsannotation></xselement>-<xselement name=″BASE64_BINARYCredentialPolicy″type=″sicdBASE64_BINARYCredentialPolicyType″>
-<xsannotation>
<xsdocumentation>The credential and authentication algorithmpolicy for BASE64_BINARY_CREDENTIAL</xsdocumentation>
</xsannotation></xselement>-<xselement name=″AuthenticationPolicies″>-<xsannotation>
<xsdocumentation>The abstraction for credential andauthentication algorithm policy.</xsdocumentation>
</xsannotation>-<xscomplexType>
-<xssequence>
<xselement ref=″sicdBasicCredentialPolicy″minOccurs=″0″maxOccurs=″unbounded″/>
<xselement ref=″sicdX509CredentialPolicy″minOccurs=″0″maxOccurs=″unbounded″/>
<xselement ref=″sicdBASE64_BINARYCredentialPolicy″minOccurs=″0″maxOccurs=″unbounded″/>
<xselement ref=″sicdAnonymousCredentialPolicy″minOccurs=″0″maxOccurs=″unbounded″/>
</xssequence></xscomplexType></xselement>-<!--Define Encryption Policies
-->
-<xselement name=″EncryptionPolicy″type=″sicdEncryptionPolicyType″>
-<xsannotation>
<xsdocumentation>The encryption algorithm and policy,suchas PCSK#7,or S/MIME.</xsdocumentation>
</xsannotation>
</xselement>
-<xselement name=″XMLEncryptionPolicy″type=″sicdXMLEncryptionPolicyType″>
-<xsannotation>
<xsdocumentation>The encryption algorithm and policy forXMLEnc.</xsdocumentation>
</xsannotation>
</xselement>
-<xselement name=″EncryptionPolicies″>
-<xsannotation>
<xsdocumentation>The group of encryption algorithms andpolicies for XMLEnc,PCSK#7,or S/MIME.The PolicyID willbe the TemplateID in the Registry.This ID will be used inthe Channel Section as AlgorithmID to identify whichencryption policy algorithm will be used.</xsdocumentation>
</xsannotation>
-<xscomplexType>
-<xssequence>
<xselement ref=″sicdXMLEncryptionPolicy″minOccurs=″0″maxOccurs=″unbounded″/>
<xselement ref=″sicdEncryptionPolicy″minOccurs=″0″maxOccurs=″unbounded″/>
</xssequence>
</xscomplexType></xselement>-<!--Digital Signature Policy-->-<xselement name=″XMLDsigPolicy″type=″sicdXMLDsigPolicyType″>-<xsannotation>
<xsdocumentation>The signature algorithm and policy forXMLDsig.</xsdocumentation>
</xsannotation></xselement>-<xselement name=″SignaturePolicy″type=″sicdSignaturePolicyType″>-<xsannotation>
<xsdocumentation>The signature algorithm and policy forXMLDsig,PCSK#7 or S/MIME.</xsdocumentation></xsannotation></xselement>-<xselement name=″SignaturePolicies″>-<xsannotation>
<xsdocumentation>The group of digital signature algorithmsand policies for XMLDsig,PCKS#7,or S/MIME.The Policy IDwill be the TemplateID in the Registry.This Policy ID will beused in the Channel Section as AlgorithmID to identifywhich sinature policy algorithm will beused.</xsdocumentation>
</xsannotation>-<xscomplexType>
-<xssequence>
<xselement ref=″sicdXMLDsigPolicy″minOccurs=″0″maxOccurs=″unbounded″/>
<xselement ref=″sicdSignaturePolicy″minOccurs=″0″maxOccurs=″unbounded″/>
</xssequence></xscomplexType></xselement>-<!--Non-repudiation-->-<xselement name=″NonRepudiationPolicy″type=″sicdSignaturePolicyType″substitutionGroup=″sicdNonRepudlationPolicies″>-<xsannotation>
<xsdocumentation>The non-repudiation algorithm and policythat use digital signature.</xsdocumentation></xsannotation></xselement>-<xselement name=″NonRepudiationPolicies″type=″sicdAbstract_PolicyType″abstract=″true″>-<xsannotation>
<xsdocumentation>The policy and algorithm for non-repudiation of origin.</xsdocumentation></xsannotation></xselement>-<xselement name=″NonRepudiationReceiptPolicy″type=″sicdSignaturePolicyType″substitutionGroup=″sicdNonRepudiationReceiptPolicies″>-<xsannotation>
<xsdocumentation>The non-repudiation algorithm and policythat use dlgital signature.</xsdocumentation></xsannotation></xselement>-<xselement name=″NonRepudiationReceiptPolicies″type=″sicdAbstract_PolicyType″abstract=″true″>-<xsannotation>
<xsdocumentation>The policy and algorithm for non-repudiation of recelpt.</xsdocumentation></xsannotation></xselement>-<xselement name=″SecurityPolicies″>-<xsannotation>
<xsdocumentation>The security Policies section.It defines allpolicy related security policies.</xsdocumentation></xsannotation>-<xscomplexType>-<xssequence>
<xselement ref=″sicdAuthenticationPolicies″minOccurs=″0″/>
<xselement ref=″sicdSignaturePolicies″minOccurs=″0″/>
<xselement ref=″sicdEncryptionPolicies″minOccurs=″0″/>
<xselement ref=″sicdNonRepudiationPolicies″minOccurs=″0″maxOccurs=″unbounded″/>
<xselement ref=″sicdNonRepudiationReceiptPolicies″minOccurs=″0″maxOccurs=″unbounded″/>
<xselement ref=″sicdEncryptionKeyInfo″minOccurs=″0″maxOccurs=″unbounded″/>
</xssequence>
</xscomplexType>
</xselement>-<!--Schema for Channel-->
-<xscomplexType name=″KeyAlgorithmType″>
-<xsannotation>
<xsdocumentation>The root for Integrity and Confidentialblocks.All these two types of block within the Securitychannel have to have PublicKeyID and Algorithm Id,so doesthe signing and encryption policy within the Credentialblock.</xsdocumentation>
</xsannotation>
-<xssequence>
<xselement ref=″sicdPublicKeyName″/>
</xssequence>
<xsattribute name=″AlgorithmId″type=″xsstring″use=″optional″/>
</xscomplexType>-<xscomplexType name=″KeyMessagePartsType″>
-<xsannotation>
<xsdocumentation>The root for parts in a nessage.It alsodefine the KeyInfo and the algorithm policy for allparts.</xsdocumentation>
</xsannotation>
-<xscomplexContent>
-<xsextension base=″sicdKeyAlgorithmType″>
-<xssequence minOccurs=″0″>
<xselement ref=″sicdMessagePart″minOccurs=″0″maxOccurs=″unbounded″/>
</xssequence>
<xsattribute name=″SequenceID″type=″xsshort″use=″optional″/>
</xsextension></xscomplexContent></xscomplexType>-<xselement name=″Credential″>-<xsannotation>
<xsdocumentation>The credential and authentication policy.
Note that the CredentailEncryptionAlgorithm is here.This isdue to authentication will be preformed before thedecryption at inbound.</xsdocumentation></xsannotation>-<xscomplexType>-<xssequence minOccurs=″0″>-<xschoice minOccurs=″0″>
-<xselement name=″PartyID″type=″sicdCollaberationPartyID″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>The party ID that is usedfor Basic credential.</xsdocumentation>
</xsannotation>
</xselement>
-<xselement ref=″sicdPublicKeyName″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>The key that is used forX.509 credential.</xsdocumentation>
</xsannotation>
</xselement>
</xschoice>
-<xselement name=″CredentialEncryptionAlgorithm″type=″sicdKeyAlgorithmType″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>The Encryption Algorithm thatis used to encrypt the credential.This will onlybe used when the Authentication mode isTARGET.</xsdocumentation>
</xsannotation>
</xselement>
</xssequence>
<xsattribute name=″AlgorithmId″type=″xsstring″use=″required″/>
<xsattribute name=″SequenceID″type=″xsshort″use=″optional″/>
<xsattribute name=″DelegationFlag″type=″xsboolean″use=″optional″default=″false″/>
</xscomplexType>
</xselement>
-<xselement name=″Confidential″>
-<xsannotation>
<xsdocumentation>The encryption security policy.TheAlgorithmId will be the tmeplateID from the Registry.If theAlgorithmId is defined and no message parts,then thewhole message will be encrypted.In this case,if there areNon-XML parts,then the NonXMLAlgorithmID will bedefined,too.</xsdocumentation>
</xsannotation>
-<xscomplexType>
-<xscomplexContent>
-<xsextension base=″sicdKeyMessagePartsType″>
<xsattribute name=″NonXMLAlgorithmId″type=″xsstring″use=″optional″/>
</xsextension>
</xscomplexContent></xscomplexType></xselement>-<xselement name=″Integrity″>-<xsannotation>
<xsdocumentation>The digitai slgnature security policy.TheAlgorithmId will be the tmeplateID from the Registry.If theAlgorithmID is defined,and no message parts then thewhole message will be signed.</xsdocumentation></xsannotation>
-<xscomplexType>
-<xscomplexContent>
-<xsextension base=″sicdKeyMessagePartsType″>
-<xssequence minOccurs=″0″>
-<xselement name=″HeaderSignatureAlgorithm″type=″sicdKeyAlgorithmType″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>The SignatureAlgorithm that is used to sign theheader credntial.</xsdocumentation>
</xsannotation>
</xselement>
</xssequence>
<xsattribute name=″NonXMLAlgorithmId″type=″xsstring″use=″optional″/>
</xsextension>
</xscomplexContent>
</xscomplexType>
</xselement>
-<xselement name=″NonRepudiation″>
-<xsannotation>
<xsdocumentation>The non-repudiation of orginpolicy.</xsdocumentation>
</xsannotation>
-<xscomplexType>
-<xssequence>
<xselement name=″NROSignPart″type=″sicdKeyMessagePartsType″/>
</xssequence>
</xscomplexType></xselement>-<xselement name=″NonRepudiationReceipt″>-<xsannotation>
<xsdocumentation>The non-repudiation of receiptpolicy.</xsdocumentation>
</xsannotation>-<xscomplexType>
-<xssequence>
<xselement name=″NRRSignPart″type=″sicdKeyMessagePartsType″/>
</xssequence></xscomplexType></xselement>-<xselement name=″Authorization″>-<xsannotation>
<xsdocumentation>The SAML attribute assertion for thesending CP that will be pass to the receiving service.Thiswill be shown in the end-to-end securitychannel.</xsdocumentation></xsannotation>-<xscomplexType>-<xssequence minOccurs=″0″>
<xselement ref=″samlAssertion″minOccurs=″0″maxOccurs=″unbounded″/>
</xssequence>
<xsattribute name=″RequireSubscription″type=″xsboolean″use=″required″/>
</xscomplexType>
-<!--samlAttributeStatementType″>
-->
</xselement>
-<xselement name=″SecurityContainer″>
-<xsannotation>
<xsdocumentation>This will be the container for those piggyback security related objects.</xsdocumentation>
</xsannotation>
-<xscomplexType>
-<xssequence minOccurs=″0″>
-<xselement name=″MMLCredential″minOccurs=″0″>
-<xscomplexType>
-<xssequence minOccurs=″0″>
<xselement name=″MarketParticipantID″type=″xsstring″minOccurs=″0″/>
<xselement name=″TPName″type=″xsstring″minOccurs=″0″/>
<xselement name=″TPShortName″type=″xsstring″minOccurs=″0″/>
<xselement name=″TPRoleName″type=″xsstring″minOccurs=″0″maxOccurs=″unbounded″/>
</xssequence>
</xscomplexType>
</xselement>
<xselement name=″PiggybackObject″type=″xsanyType″minOccurs=″0″maxOccurs=″unbounded″/>
</xssequence></xscomplexType></xselement>-<xselement name=″SecurityChannel″>-<xsannotation>
<xsdocumentation>The Security Channel defines the fromconnector and to connector,and what to do within thechannel,such as authentication,encryption and digitalsignature.</xsdocumentation></xsannotation>-<xscomplexType>-<xssequence>
<xselement ref=″sicdCredential″minOccurs=″0″/>
<xselement ref=″sicdConfidential″minOccurs=″0″/>
<xselement ref=″sicdIntegrity″minoccurs=″0″/>
-<xselement ref=″sicdAuthorization″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>The SAML attribute assertionfor the sending CP that will be pass to thereceiving service.This will be shown in theend-to-end securitychannel.</xsdocumentation>
</xsannotation>
</xselement>
<xselement ref=″sicdNonRepudiation″minOccurs=″0″/>
<xselement ref=″sicdNonRepudiationReceipt″minOccurs=″0″/>
-<xselement ref=″sicdSecurityContainer″minOccurs=″0″>
-<xsannotation>
<xsdocumentation>This will be the container forthose piggy back security relatedobjects.</xsdocumentation>
</xsannotation>
</xselement>
</xssequence>
<xsattribute name=″channelId″type=″xsstring″use=″optional″/>
<xsattribute name=″sourceConnector″type=″xsstring″use=″required″/>
<xsattribute name=″targetConnector″type=″xsstring″use=″required″/>
</xscomplexType></xselement>-<xscomplexType name=″SecurityContractType″>-<xssequence>
<xselement ref=″sicdSecurityPolicies″/>
<xselement ref=″sicdSecurityChannel″maxOccurs=″unbounded″/>
</xssequence></xscomplexType></xsschema>
CommunitySecurityTemplatesInfo.XML<?xml version=″1.0″encoding=″UTF-8″?>-<!--edited with XML Spy v4.4U(http//www.xmlspy.com)by Symon Chang(Commerce One)-->-<sicdrCommunitySecurityTemplatesPreferencexmlnssicdr=″publicidcom.commerceoneschemas/contract/helperinfo/v1_0/SecuritySenderReceiverInfo.xsd″xmlnssicd=″publicidcom.commerceoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″xmlnsxsi=″http//www.w3.org/2001/XMLSchema-instance″xsischemaLocation=″publicidcom.commerceoneschemas/contract/helperinfo/v1_0/SecuritySenderReceiverInfo.xsdhttp//schemas.commerceone.com/schemas/contrect/helperinfo/v1_0/SecuritySenderReceiverInfo.xsd″>-<sicdrSecurityAlgorithmTemplates>-<sicdrXMLSignatureAlgorithmTemplate Name=″DSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e9-c40beac518e7″>
<sicdrCategory>XMLSigneture</sicdrCategory>
-<sicdXMLDsigPolicy PolicyId=″P-XMLSignetureDSA-SHA1-C14N″>
<sicdSignaturePolicyAlgorithm>http//www.w3.org/2000/09/xmldsig#</sicdSignaturePolicyAlgorithm>
<sicdSignatureAlgorithm>SHA1withDSA</sicdSignatureAlgorithm>
<sicdHashFunction>SHA1</sicdHashFunction>
<sicdCanonicalizationMethod>http//www.w3.org/TR/2000/CR-xml-c14n-20001026</sicdCanonicalizationMethod>
<sicdTransform>http//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform</sicdTransform>
</sicdXMLDsigPolicy>
</sicdrXMLSignatureAlgorithmTemplate>
-<sicdrXMLSignatureAlgorithmTemplate Name=″DSA-SMA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e6-c40beac518e7″>
<sicdrCategory>XMLSignature</sicdrCategory>
-<sicdXMLDsigPolicy PolicyId=″P-XMLSignatureDSA-SHA1-EXC14N″>
<sicdSignaturePolicyAlgorithm>http//www.w3.org/2000/09/xmldsig#</sicdSignaturePolicyAlgorithm>
<sicdSignatureAlgorithm>SHA1withDSA</sicdSignatureAlgorithm>
<sicdHashFunction>SHA1</sicdHashFunction>
<sicdCanonicalizationMethod>http//www.w3.org/2001/10/xml-exc-c14n#</sicdCanonicalizationMethod>
<sicdTransform>http//msdn.microsoft.com/ws/2002/
01/Security#RoutlngSignatureTransform</sicdTransform></sicdXMLDsigPolicy></sicdrXMLSignatureAlgorithmTempiate>-<sicdrXMLSignatureAlgorithmTemplate Name=″RSA-MD5-C14N″ID=″bb587fa0-b980-11d6-b8e8-c40beac518e7″>
<sicdrCategory>XMLSignatute</sicdrCategory>-<sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-MD5-C14N″>
<sicdSignaturePolicyAlgorithm>http//www.w3.org/2000/09/xmldsig#</sicdSignaturePolicyAlgorithm>
<sicdSignatureAlgorithm>MD5withRSA</sicdSignatureAlgorithm>
<sicdHashFunction>MD5</sicdHashFunction>
<sicdCanonicalizationMethod>http//www.w3.org/TR/2000/CR-xml-c14n-20001026</sicdcanonicalizationMethod>
<sicdTransform>http//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform</sicdTransform></sicdXMLDsigPolicy></sicdrXMLSignatureAlgorithmTemplate>-<sicdrXMLSignatureAlgorithmTemplate Name=″RSA-MD5-EXC14N″ID=″bb587fa0-b980-11d6-b8e5-c40beac518e7″>
<sicdrCategory>XMLSignature</sicdrCategory>-<sicdXMLDsigPolicy PolicyId=″P-XMLSignatuteRSA-MD5-EXC14N″>
<sicdSignaturePolicyAlgorithm>http//www.w3.org/2000/09/xmldsig#</sicdSignaturePolicyAlgorithm>
<sicdSignatureAlgorithm>MD5withRSA</sicdSignatureAlgorithm>
<sicdHashFunction>MD5</sicdHashFunction>
<sicdCanonicalizationMethod>http//www.w3.org/2001/10/xml-exc-c14n#</sicdCanonicalizationMethod>
<sicdTransform>http//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform</sicdTransform></sicdXMLDsigPolicy></sicdrXMLSignatureAlgorithmTemplate>-<sicdrXMLSignatureAlgorithmTemplate Name=″RSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e7-c40beac518e7″>
<sicdrCategory>XMLSignature</sicdrCategory>-<sicdXMLDsigPolicy PolicyId=″P-XMLSignatuteRSA-SHA1-C14N″>
<sicdSignaturePolicyAlgorithm>http//www.w3.org/2000/09/xmldsig#</sicdSignaturePolicyAlgorithm>
<sicdSignatureAlgorithm>SHA1withRSA</sicdSignatureAlgorithm>
<sicdHashFunction>SHA1</sicdHashFunction>
<sicdCanonicalizationMethod>http//www.w3.org/TR/2000/CR-xml-c14n-20001026</sicdCanonicalizationMethod>
<sicdTransform>http//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform</sicdTransform></sicdXMLDsigPolicy></sicdrXMLSignatureAlgorithmTemplate>-<sicdrXMLSignatureAlgorithmTemplate Name=″RSA-SHA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e4-c40beac518e7″>
<sicdrCategory>XMLSignature</sicdrCategory>-<sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-SHA1-EXC14N″>
<sicdSignaturePolicyAlgorithm>http//www.w3.org/2000/09/xmldsig#</sicdSignaturePolicyAlgorithm>
<sicdSignatureAlgorithm>SHA1withRSA</sicdSignatureAlgorithm>
<sicdHashFunction>SHA1</sicdHashFunction>
<sicdCanonicalizationMethod>http//www.w3.org/2001/10/xml-exc-c14n#</sicdCanonicalizationMethod>
<sicdTransform>http//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform</sicdTransform>
</sicdXMLDsigPolicy></sicdrXMLSignatureAlgorithmTemplate>-<sicdrXMLEncryptionAlgorithmTemplate Name=″3DES-RSA-2048″ID=″bb587fa0-b980-11d6-b8ea-c40beec518e7″>
<sicdrCategory>XMLEncryption</sicdrCategory>
-<sicdXMLEncryptionPolicy PolicyId=″P-XMLEncrypt3DES-RSA-2048″>
<sicdEncryptionPolicyAlgorithm>http//www.w3.org/2001/04/xmlenc#</sicdEncryptionPolicyAlgorithm>
<sicdEncryptionMethod>http//www.w3.org/2001/04/xmlenc#3des-cbc</sicdEncryptionMethod>
<sicdKeySize>2048</sicdKeySize>
<sicdKeyEncryptionMethod>http//www.w3.org/2001/04/xmlenc#rsa-1_5</sicdKeyEncryptionMethod>
</sicdXMLEncryptionPolicy></sicdrXMLEncryptionAlgorithmTemplate>-<sicdrXMLEncryptionAlgorithmTemplate Name=″AES-128-RSA-2048″ID=″bb587fa0-b980-11d6-b8eb-c40beac518e7″>
<sicdrCategory>XMLEncryption</sicdrCategory>
-<sicdXMLEncryptionPolicy PolicyId=″P-XMLEncryptAES-128-RSA-2048″>
<sicdEncryptionPolicyAlgorithm>http//www.w3.org/2001/04/xmlenc#</sicdEncryptionPolicyAlgorithm>
<sicdEncryptionMethod>http//www.w3.org/2001/04/xmlenc#aes128-cbc</sicdEncryptionMethod>
<sicdKeySize>2048</sicdKeySize>
<sicdSymmetryKeySize>128</sicdSymmetryKeySize>
<sicdKeyEncryptionMethod>http//www.w3.org/2001/04/xmlenc#rsa-1_5</sicdKeyEncryptionMethod>
</sicdXMLEncryptionPolicy></sicdrXMLEncryptionAlgorithmTemplate>-<sicdrXMLEncryptionAlgorithmTemplate Name=″DES-RSA-1024″ID=″bb587fa0-b980-11d6-b8ec-c40beac518e7″>
<sicdrCategory>XMLEncryption</sicdrCategory>
-<sicdXMLEncryptionPolicy PolicyId=″P-XMLEncryptDES-RSA-1024″>
<sicdEncryptionPolicyAlgorithm>http//www.w3.org/2001/04/xmlenc#</sicdEncryptionPolicyAlgorithm>
<sicdEncryptionMethod>http//www.commerceone.com/security/xmlenc#des</sicdEncryptionMethod>
<sicdKeySize>1024</sicdKeySize>
<sicdKeyEncryptionMethod>http//www.w3.org/2001/04/xmlenc#rsa-1_5</sicdKeyEncryptionMethod>
</sicdXMLEncryptionPolicy></sicdrXMLEncryptionAlgorithmTemplate></sicdrSecurityAlgorithmTemplates>-<sicdrCommunitySecurityPolicyPreference><sicdrSignMessageHeader>false</sicdrSignMessageHeader><sicdrEncryptCredential>false</sicdrEncryptCredential><sicdrCredentialPreference>BASIC</sicdrCredentialPreference></sicdrCommunitySecurityPolicyPreference>-<sicdrSecurityPolicyTemplatePreference Name=″RSA-SHA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e4-c40beac518e7″><sicdrCategory>XMLSignature</sicdrCategory><sicdrPreference>101</sicdrPreference></sicdrSecurityPolicyTemplatePreference>-<sicdrSecurityPolicyTemplatePreference Name=″RSA-MD5-EXC14N″ID=″bb587fa0-b980-11d6-b8e5-c40beac518e7″><sicdrCategory>XMLSignature</sicdrCategory><sicdrPreference>102</sicdrPreference></sicdrSecurityPolicyTemplatePreference>-<sicdrSecurityPolicyTemplatePreference Name=″RSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e7-c40beac518e7″><sicdrCategory>XMLSignature</sicdrCategory><sicdrPreference>104</sicdrPreference></sicdrSecurityPolicyTemplatePreference>-<sicdrSecurityPolicyTemplatePreference Name=″RSA-MD5-C14N″ID=″bb587fa0-b980-11d6-b8e8-c40beac518e7″><sicdrCategory>XMLSignature</sicdrCategory><sicdrPreference>105</sicdrPreference></sicdrSecurityPolicyTemplatePreference>-<sicdrSecurityPolicyTemplatePreference Name=″3DES-RSA-2048″ID=″bb587fa0-b980-11d6-b8ea-c40beac518e7″><sicdrCategory>XMLEncryption</sicdrCategory><sicdrPreference>107</sicdrPreference></sicdrSecurityPolicyTemplatePreference>-<sicdrSecurityPolicyTemplatePreference Name=″AES-128-RSA-2048″ID=″bb587fa0-b980-11d6-b8eb-c40beac518e7″><sicdrCategory>XMLEncryption</sicdrCategory><sicdrPreference>108</sicdrPreference></sicdrSecurityPolicyTemplatePreference>-<sicdrSecurityPolicyTemplatePreference Name=″DES-RSA-1024″ID=″bb587fa0-b980-11d6-b8ec-c40beac518e7″><sicdrCategory>XMLEncryption</sicdrCategory><sicdrPreference>109</sicdrPreference></sicdrSecurityPolicyTemplatePreference></sicdrCommunitySecurityTemplatesPreference>
SecuritySenderInfo.XML<?xml version=″1.0″encoding=″UTF-8″?>-<!--edited with XML Spy v4.4U(http//www.xmlspy.com)by Symon Chang(Commerce One)-->-<!--Sample XML file generated by XML Spy v4.4U(http//www.xmlspy.com)-->-<SecuritySenderInfoxmlns=″publicidcom.commerceoneschemas/contract/helperinfo/v1_0/SecuritySenderReceiverInfo.xsd″xmlnsds=″http//www.w3.org/2000/09/xmldsig#″xmlnssaml=″urnoasisnamestcSAML1.0assertion″xmlnssicd=″publicidcom.commerceoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″xmlnsxsi=″http//www.w3.org/2001/XMLSchema-instance″xsischemaLocation=″publicldcom.commerceoneschemas/contract/helperinfo/v1_0/SecuritySenderReceiverInfo.xsdC\platform\core\main\wse\schema\contract\helperinfo\v1_0\SecuritySenderReceiverInfo.xsd″>-<CommunitySecurityTemplatesPreference>-<SecurityAlgorithmTemplates>
-<XMLSignatureAlgorithmTemplate Name=″DSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e9-c40beac518e7″>
<Category>XMLSignature</Category>
-<sicdXMLDsigPolicy PolicyId=″P-XMLSignatureDSA-SHA1-C14N″>
<sicdSignaturePolicyAlgorithm>http//www.w3.org/2000/09/xmldsig#</sicdSignaturePolicyAlgorithm>
<sicdSignatureAlgorithm>SHA1withDSA</sicdSignatureAlgorithm>
<sicdHashFunction>SHA1</sicdHashFunction>
<sicdCanonicalizationMethod>http//www.w3.org/TR/2000/CR-xml-c14n-20001026</slcdCanonicalizationMethod>
<sicdTransform>http//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform</sicdTransform>
</sicdXMLDsigPolicy>
</XMLSignatureAlgorithmTemplate>
-<XMLSlgnatureAlgorithmTemplate Name=″DSA-SHA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e6-c40beac518e7″>
<Category>XMLSignature</Category>
-<sicdXMLDsigPolicy PolicyId=″P-XMLSignatureDSA-SHA1-EXC14N″>
<sicdSignaturePolicyAlgorithm>http//www.w3.org/2000/09/xmldsig#</sicdSignaturePolicyAlgorithm>
<sicdSignatureAlgorithm>SHA1withDSA</sicdSignatureAlgorithm>
<sicdHashFunction>SHA1</sicdHashFunction>
<sicdCanonicalizationMethod>http//www.w3.org/2001/10/xml-exc-c14n#</sicdCanonicalizationMethod>
<sicdTransform>http//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform</sicdTransform></sicdXMLDsigPolicy></XMLSignatureAlgorithmTemplate>-<XMLSignatureAlgorithmTemplate Name=″RSA-MD5-C14N″ID=″bb587fa0-b980-11d6-b8e8-c40beac518e7″><Category>XMLSignature</Category>-<sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-MD5-C14N″>
<sicdSignaturePolicyAlgorithm>http//www.w3.org/2000/09/xmldsig#</sicdSignaturePolicyAlgorithm>
<sicdSignatureAlgorithm>MD5withRSA</sicdSignatureAlgorithm>
<sicdHashFunction>MD5</sicdHashFunction>
<sicdCanonicalizationMethod>http//www.w3.org/TR/2000/CR-xml-c14n-20001026</sicdCanonicalizationMethod>
<sicdTransform>http//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform</sicdTransform></sicdXMLDsigPolicy></XMLSignatureAlgorithmTemplate>-<XMLSignatureAlgorithmTemplate Name=″RSA-MD5-EXC14N″ID=″bb587fa0-b980-11d6-b8e5-c40beac518e7″>
<Category>XMLSignature</Category>-<sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-MD5-EXC14N″>
<sicdSignaturePolicyAlgorithm>http//www.w3.org/2000/09/xmldsig#</sicdSignaturePolicyAlgorithm>
<sicdSignatureAlgorithm>MD5withRSA</sicdSignatureAlgorithm>
<sicdHashFunction>MD5</sicdHashFunction>
<sicdCanonicalizationMethod>http//www.w3.org/2001/10/xml-exc-c14n#</sicdCanonicalizationMethod>
<sicdTransform>http//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform</sicdTransform></sicdXMLDsigPolicy></XMLSignatureAlgorithmTemplate>-<XMLSignatureAlgorithmTemplate Name=″RSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e7-c40beac518e7″><Category>XMLSignature</Category>-<sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-SHA1-C14N″>
<sicdSignaturePolicyAlgorithm>http//www.w3.org/2000/09/xmldsig#</sicdSignaturePolicyAlgorithm>
<sicdSignatureAlgorithm>SHA1withRSA</sicdSignatureAlgorithm>
<sicdHashFunction>SHA1</sicdHashFunction>
<sicdCanonicalizationMethod>http//www.w3.org/TR/2000/CR-xml-c14n-20001026</sicdCanonicalizationMethod>
<sicdTransform>http//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform</sicdTransform></sicdXMLDsigPolicy></XMLSignatureAlgorithmTemplate>-<XMLSignatureAlgorithmTemplate Name=″RSA-SHA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e4-c40beac518e7″><Category>XMLSignature</Category>-<sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-SHA1-EXC14N″>
<sicdSignaturePolicyAlgorithm>http//www.w3.org/2000/09/xmldsig#</sicdSignaturePolicyAlgorithm>
<sicdSignatureAlgorithm>SHA1withRSA</sicdSignatureAlgorithm>
<sicdHashFunction>SHA1</sicdHashFunction>
<sicdCanonicalizationMethod>http//www.w3.org/2001/10/xml-exc-c14n#</sicdCanonicalizationMethod>
<sicdTransform>http//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform</sicdTransform></sicdXMLDsigPolicy></XMLSignatureAlgorithmTemplate>-<XMLEncryptionAlgorithmTemplate Name=″3DES-RSA-2048″ID=″bb587fa0-b980-11d6-b8ea-c40beac518e7″><Category>XMLEncryption</Category>-<sicdXMLEncryptionPolicy PolicyId=″P-XMLEncrypt3DES-RSA-2048″>
<sicdEncryptionPolicyAlgorithm>http//www.w3.org/2001/04/xmlenc#</sicdEncryptionPolicyAlgorithm>
<sicdEncryptionMethod>http//www.w3.org/2001/04/xmlenc#3des-cbc</sicdEncryptionMethod>
<sicdKeySize>2048</sicdKeySize>
<sicdKeyEncryptionMethod>http//www.w3.org/2001/04/xmlenc#rsa-1_5</sicdKeyEncryptionMethod></sicdXMLEncryptionPolicy></XMLEncryptionAlgorithmTemplate>-<XMLEncryptionAlgorithmTemplate Name=″AES-128-RSA-2048″ID=″bb587fa0-b980-11d6-b8eb-c40beac518e7″><Category>XMLEncryption</Category>-<sicdXMLEncryptionPolicy PolicyId=″P-XMLEncryptAES-128-RSA-2048″>
<sicdEncryptionPolicyAlgorithm>http//www.w3.org/2001/04/xmlenc#</sicdEncryptionPolicyAlgorithm>
<sicdEncryptionMethod>http//www.w3.org/2001/04/xmlenc#aes128-cbc</sicdEncryptionMethod>
<sicdKeySize>2048</sicdKeySize>
<sicdSymmetryKeySize>128</sicdSymmetryKeySize>
<sicdKeyEncryptionMethod>http//www.w3.org/2001/04/xmlenc#rsa-1_5</sicdKeyEncryptionMethod></sicdXMLEncryptionPolicy></XMLEncryptionAlgorithmTemplate>-<XMLEncryptionAlgorithmTemplate Name=″DES-RSA-1024″ID=″bb587fa0-b980-11d6-b8ec-c40beac518e7″><Category>XMLEncryption</Category>-<sicdXMLEncryptionPolicy PolicyId=″P-XMLEncryptDES-RSA-1024″>
<sicdEncryptionPolicyAlgorithm>http//www.w3.org/2001/04/xmlenc#</sicdEncryptionPolicyAlgorithm>
<sicdEncryptionMethod>http//www.commerceone.com/security/xmlenc#des</sicdEncryptionMethod>
<sicdKeySize>1024</sicdKeySize>
<sicdKeyEncryptionMethod>http//www.w3.org/2001/04/xmlenc#rsa-1_5</sicdKeyEncryptionMethod></sicdXMLEncryptionPolicy></XMLEncryptionAlgorithmTemplate></SecurityAlgorithmTemplates>-<CommunitySecurityPolicyPreference><SignMessageHeader>false</SignMessageHeader><EncryptCredential>false</EncryptCredential><CredentialPreference>BASIC</CredentialPreference></CommunitySecurityPolicyPreference>-<SecurityPolicyTemplatePreference Name=″RSA-SHA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e4-c40beac518e7″><Category>XMLSignature</Category><Preference>101</Preference></SecurityPolicyTemplatePreference>-<SecurityPolicyTemplatePreference Name=″RSA-MD5-EXC14N″ID=″bb587fa0-b980-11d6-b8e5-c40beac518e7″><Category>XMLSignature</Category><Preference>102</Preference></SecurityPolicyTemplatePreference>-<SecurityPolicyTemplatePreference Name=″DSA-SHA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e6-c40beac518e7″><Category>XMLSignature</Category><Preference>103</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name=″RSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e7-c40beac518e7″>
<Category>XMLSignature</Category>
<Preference>104</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name=″RSA-MD5-C14N″ID=″bb587fa0-b980-11d6-b8e8-c40beac518e7″>
<Category>XMLSignature</Category>
<Preference>105</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name=″DSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e9-c40beac518e7″>
<Category>XMLSignature</Category>
<Preference>106</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name=″3DES-RSA-2048″ID=″bb587fa0-b980-11d6-b8ea-c40beac518e7″>
<Category>XMLEncryption</Category>
<Preference>107</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name=″AES-128-RSA-2048″ID=″bb587fa0-b980-11d6-b8eb-c40beac518e7″>
<Category>XMLEncryption</Category>
<Preference>108</preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name=″DES-RSA-1024″ID=″bb587fa0-b980-11d6-b8ec-c40beac518e7″>
<Category>XMLEncryption</Category>
<Preference>109</Preference>
</SecurityPolicyTemplatePreference>
</CommunltySecurityTemplatesPreference>
-<SAMsgSecurityPolicy>
-<SAMsgPart PartName=″Order″isOptional=″false″>
-<PartSignatureAlgCategory>
<XMLSignatureAlgCategory>XMLSignature</XMLSignatureAlgCategory>
</PartSignatureAlgCategory>
-<PartEncryptionAlgCategory>
<XMLEncryptionAlgCategory>XMLEncryption</XMLEncryptionAlgCategory>
</PartEncryptionAlgCategory>
</SAMsgPart>
-<SAMsgPart PartName=″Image″isOptional=″false″>
-<PartEncryptionAlgCategory>
<XMLEncryptionAlgCategory>XMLEncryption</XMLEncryptionAlgCategory>
</PartEncryptionAlgCategory></SAMsgPart></SAMsgSecurityPolicy>-<PublicKeys><sicdPartyID>x-ccnscommerceone.comCollaborationParty∷buyParty</sicdPartyID>-<sicdEncryptionKeyInfo KeyOwner=″OwnerA″>
<sicdPublicKeyID>BuyerPublicKey</sicdPublicKeyID>
-<sicdX509Data>
<sicdX509Certificate>LS0tLS1CRUdJTIBDRVJUSUZJQ0FURS0tLS0tTUIJREZEQ0NBZnInQxdJQkFnSUVQT0ZQSVRBTKJna3Foa2IHOXcwQkFRVUZBREI2TVFzd0NRWURWUVFHRXdKVIV6RVZNQk1HQTFVRUNoTU1RMjI0YIdWeVkyVWdUMjVsTVMwd0t3WURWUVFMRXISVWFHbHpJRU5CSUdsekIHWnZjaUIwWIhOMGFXNW5JSEIxY25CdmMyVnpJRzI1YkhreEpUQWpCZ05WQkFNVUhFTnZiVzFsY21ObEIFOXVaU0JVWIhOMEIFTkJJRkp2YjNRZ0I6RXdIaGNOTURJd05URTBNVGMxTxpNM1doY05NRE13TIRFME1UWTFNek0zV2pCb01SZ3dGZ1IEVIFRREV3OUVZWFpwWkNCVVpYTjBJREI3TURJeEVqQVFCZ05WQkFjVENVTjFjR1Z5ZEdsdWJ6RVVNQkIHQTFVRUN4TUxSVzVuYVc1bFpYSnBibWN4RIRBVEJnTIZCQW9UREVOdmJXMWxjbU5sSUU5dVpURUxNQWtHQTFVRUJoTUNWVk13Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQU1JR0pBb0dCQU5nc2pTQkxjcFp2QnVDQ2ITTHR3RGFkaFZEMGNLRXJuQ3M2azg5UEhSUGJSMFdYOHBDUzByZWxIMkcyaDMxNU5vNGkzQVNIdHZhYmdHeIIRVFNiR2EzcWtNYmVLNDZTSGxtTKJOTUp2YUkvMmZVQIBxdkkzejILTVJSTGh3eUhCMEdFNmUvSzdnVGZkSUo0MUJobTZzSmcwYzJqZ041cWt1d3FZQkV4eWN1MUFnTUJBQUdqT0RBMk1DY0dBMVVkRVFRZ01CNkJIRzE1VkdWemRFVnRZV2xzUUdOdmJXMWpaWEpqWIc5dVpTNWpiMjB3Q3dZRFZSMFBCQVFEQWdYZ01BMEdDU3FHU0IIM0RRRUJCUVVBQTRJQkFRQ0UrNEVaUWZYZWpmVnBsbXEzZnFtUjJZSGZhczErcXA0MUg4UWRmNmRESXBIYkZ2OUxocnorYkc2c2hWQIptMVpYVXphaHI6N2Q3Z2U3V0MxR2FZVjFHYIdFTXJMUkZkeXM2c1VIQkZNbHZuNkZPRjNqOHdMY3JuN2FFN3pRMEMwa2U5LzVVNVBHTnIaZWVaUGNLNTIKM0hPdWpzbXUvaENPVW1OOXZVM2M3MHVjMmhRaE96aExJQ0VIQ2VTRDFCd2hEMXNkdXZmNnVOanAzUGp2eUpCakITeDVxY2UwS25oQmxpcDR3ejRNTWxpdEtTdkFXSEIqR1Bvb0w0N01ac3I4N3RLamJHaTgxcWJrQ3hiYIZ1dEIoYmkzZDRnaW1Ockc1RXJ0dUUxNmwvRW9GUkJLU2VRTXd2cFdGUIIIN2YreWtKVGE5ZVRLaWF4R2hOcDR4dnc5LS0tLS1FTkQgQ0VSVEIGSUNBVEUtLS0tLQ==</sicdX509Certificate>
</sicdX509Data></sicdEncryption KeyInfo><sicdKeyTypeUsage>SIGNATURE</sicdKeyTypeUsage><sicdKeyTypeUsage>AUTHENrICATION</sicdKeyTypeUsage><sicdKeyAlgorithm>RSA</sicdKeyAlgorithm><sicdDescription>String</sicdDescription><sicdLocation>String</sicdLocation></PublicKeys>-<ConnectorCapability ConnectorName=″x-ccnscup.commerceone.comconnector∷buy″><EncryptionCapability>false</EncryptionCapability><SignatureCapability>true</SignatureCapability></ConnectorCapability>-<ConnectorCapability ConnectorName=″x-ccnscup.commerceone.comconnector∷centerBuyl″>
<EncryptionCapability>true</EncryptionCapability>
<SignatureCapability>false</SignatureCapability>
<EncryptionPublicKeyParty>x-ccnscommerceone.comCollaborationParty∷buyParty</EncryptionPublicKeyParty></ConnectorCapability>-<SendingCPSecurityPolicyProfile>
<AvailableCredentials>BASIC</AvailableCredentials>
<AvailableCredentials>X509</AvailableCredentials></SendingCPSecurityPolicyProfile>-<CPSendServicesSecurityPolicy AuthenticateParty=″x-ccnscommerceone.comCollaborationParty∷buyParty″>
-<SecurityPolicyTemplatePreference Name=″3DES-RSA-2048″>
<Category>XMLEncryption</Category>
<Preference>1</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name=″AES-128-RSA-2048″>
<Category>XMLEncryption</Category>
<Preference>2</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name=″RC2-128-RSA-2048″>
<Category>XMLEncryption</Category>
<Preference>3</Preference>
</SecurityPolicyTemplatePreference></CPSendServicesSecurityPolicy></SecuritySenderInfo>
SecurityReceiverInfo.XML<?xml version=″1.0″encoding=″UTF-8″?>-<!--edited with XML Spy v4.4U(http//www.xmlspy.com)by Symon Chang(Commerce One)-->-<SecurityReceiverInfoxmlns=″publicldcom.commerceoneschemas/contract/helperinfo/v1_0/SecuritySenderReceiverInfo.xsd″xmlnsds=″http//www.w3.org/2000/09/xmldsig#″xmlnssaml=″urnoasisnamestcSAML1.0assertion″xmlnssicd=″publicidcom.commerceoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″xmlnsxsi=″http//www.w3.org/2001/XMLSchema-instance″xsischemaLocation=″publicidcom.commerceoneschemas/contract/helperinfo/v1_0/SecuritySenderReceiverInfo.xsdC\platform\core\main\wse\schema\contract\helperinfo\v1_0\SecuritySenderReceiverInfo.xsd″>-<CommunitySecurityTemplatesPreference>-<SecurityAlgorithmTemplates>
-<XMLSignatureAlgorithmTemplate Name=″DSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e9-c40beac518e7″>
<Category>XMLSignature</Category>
-<sicdXMLDsigPolicy PolicyId=″P-XMLSignatureDSA-SHA1-C14N″>
<sicdSignaturePolicyAlgorithm>http//www.w3.org/2000/09/xmldsig#</sicdSignaturePolicyAlgorithm>
<sicdSignatureAlgorithm>SHA1withDSA</sicdSignatureAlgorithm>
<sicdHashFunction>SHA1</sicdHashFunction>
<sicdCanonicalizationMethod>http//www.w3.org/TR/2000/CR-xml-c14n-20001026</sicdCanonicalizationMethod>
<sicdTransform>http//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform</sicdTransform>
</sicdXMLDsigPolicy>
</XMLSignatureAlgorithmTemplate>
-<XMLSignatureAlgorithmTemplate Name=″DSA-SHA1-EXC14N″ID=″bbS87fa0-b980-11d6-b8e6-c40beac518e7″>
<Category>XMLSignature</Category>
-<sicdXMLDsigPolicy PolicyId=″P-XMLSignatureDSA-SHA1-EXC14N″>
<sicdSignaturePolicyAlgorithm>http//www.w3.org/2000/09/xmldsig#</sicdSignaturePolicyAlgorithm>
<sicdSignatureAlgorithm>SHA1withDSA</sicdSignatureAlgorithm>
<sicdHashFunction>SHA1</sicdHashFunction>
<sicdCanonicalizationMethod>http//www.w3.org/2001/10/xml-exc-c14n#</sicdCanonicalizationMethod>
<sicdTransform>http//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform</sicdTransform></sicdXMLDsigPolicy></XMLSignatureAlgorithmTemplate>-<XMLSignatureAlgorithmTemplate Name=″RSA-MD5-C14N″ID=″bb587fa0-b980-11d6-b8e8-c40beac518e7″><Category>XMLSignature</Category>-<sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-MD5-C14N″>
<sicdSignaturePolicyAlgorithm>http//www.w3.org/2000/09/xmldsig#</sicdSignaturePolicyAlgorithm>
<sicdSignatureAlgorithm>MD5withRSA</sicdSignatureAlgorithm>
<sicdHashFunctior>MD5</sicdHashFunction>
<sicdCanonicalizationMethod>http//www.w3.org/TR/2000/CR-xml-c14n-20001026</sicdCanonicalizationMethod>
<sicdTransform>htttp//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform</sicdTransform></sicdXMLDsigPolicy></XMLSignatureAlgorithmTemplate>-<XMLSignatureAlgorithmTemplate Name=″RSA-MD5-EXC14N″ID=″bb587fa0-b980-11d6-b8e5-c40beac518e7″><Category>XMLSignature</Category>-<sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-MD5-EXC14N″>
<sicdSignaturePolicyAlgorithm>http//www.w3.org/2000/09/xmldsig#</sicdSignaturePolicyAlgorithm>
<sicdSignatureAlgorithm>MD5withRSA</sicdSignatureAlgorithm>
<sicdHashFunction>MD5</sicdHashFunction>
<sicdCanonicalizationMethod>http//www.w3.org/2001/10/xml-exc-c14n#</sicdCanonicalizationMethod>
<sicdTransform>http//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform</sicdTransform></sicdXMLDsigPolicy></XMLSignatureAlgorithmTemplate>-<XMLSignatureAlgorithmTemplate Name=″RSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e7-c40beac518e7″><Category>XMLSignature</Category>-<sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-SHA1-C14N″>
<sicdSignaturePolicyAlgorithm>http//www.w3.org/2000/09/xmldsig#</sicdSignaturePolicyAlgorithm>
<sicdSignatureAlgorithm>SHA1withRSA</sicdSignatureAlgorithm>
<sicdHashFunctior>SHA1</sicdHashFunction>
<sicdCanonicalizationMethod>http//www.w3.org/TR/2000/CR-xml-c14n-20001026</sicdCanonicalizationMethod>
<sicdTransform>http//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform</sicdTrarsform></sicdXMLDsigPolicy></XMLSignatureAlgorithmTemplate>-<XMLSignatureAlgorithmTemplate Name=″RSA-SHA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e4-c40beac518e7″><Category>XMLSignature</Category>-<sicdXMLDsigPolicy PolicyId=″P-XMLSignatureRSA-SHA1-EXC14N″>
<sicdSigraturePolicyAlgorithm>http//www.w3.org/2000/09/xmldsig#</sicdSignaturePolicyAlgorithm>
<sicdSigmatureAlgorithm>SHA1withRSA</sicdSignatureAlgorithm>
<sicdHashFunction>SHA1</sicdHashFunction>
<sicdCanonlcalizationMethod>http//www.w3.org/2001/10/xml-exc-c14n#</sicdCanonicalizationMethod>
<sicdTransform>http//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform</sicdTransform></sicdXMLDsigPolicy></XMLSignatureAlgorithmTemplate>-<XMLEncryptionAlgorithmTemplate Name=″3DES-RSA-2048″ID=″bb587fa0-b980-11d6-b8ea-c40beac518e7″><Category>XMLEncryption</Category>-<sicdXMLEncryptionPolicy PolicyId=″P-XMLEncrypt3DES-RSA-2048″>
<sicdEncryptionPolicyAlgorithm>http//www.w3.org/2001/04/xmlenc#</sicdEncryptionPolicyAlgorithm>
<sicdEncryptionMethod>http//www.w3.org/2001/04/xmlenc#3des-cbc</sicdEncryptionMethod>
<sicdKeySize>2048</sicdKeySize>
<sicdKeyEncryptionMethod>http//www.w3.org/2001/04/xmlenc#rsa-1_5</sicdKeyEncryptionMethod></sicdXMLEncryptionPolicy></XMLEncryptionAlgorithmTemplate>-<XMLEncryptionAlgorithmTemplate Name=″AES-128-RSA-2048″ID=″bb587fa0-b980-11d6-b8eb-c40beac518e7″>
<Category>XMLEncryption</Category>
-<sicdXMLEncryptionPolicy PolicyId=″P-XMLEncryptAES-128-RSA-2048″>
<sicdEncryptionPolicyAlgorithm>http//www.w3.org/2001/04/xmlenc#</sicdEncryptionPolicyAlgorithm>
<sicdEncryptionMethod>http//www.w3.org/2001/04/xmlenc#aes128-cbc</sicdEncryptionMethod>
<sicdKeySize>2048</sicdKeySize>
<sicdSymmetryKeySize>128</sicdSymmetryKeySize>
<sicdKeyEncryptionMethod>http//www.w3.org/2001/04/xmlenc#rsa-1_5</sicdKeyEncryptionMethod>
</sicdXMLEncryptionPolicy></XMLEncryptlonAlgorithmTemplate>-<XMLEncryptionAlgorithmTemplate Name=″DES-RSA-1024″ID=″bb587fa0-b980-11d6-b8ec-c40beac518e7″>
<Category>XMLEncryption</Category>
-<sicdXMLEncryptionPolicy PolicyId=″P-XMLEncryptDES-RSA-1024″>
<sicdEncryptionPolicyAlgorithm>http//www.w3.org/2001/04/xmlenc#</sicdEncryptionPolicyAlgorithm>
<sicdEncryptionMethod>http//www.commerceone.com/security/xmlenc#des</sicdEncryptionMethod>
<sicdKeySize>1024</sicdKeySize>
<sicdKeyEncryptionMethod>http//www.w3.org/2001/04/xmlenc#rsa-1_5</sicdKeyEncryptionMethod>
</sicdXMLEncryptionPolicy></XMLEncryptionAlgorithmTemplate></SecurityAlgorithmTemplates>-<CommunitySecurityPolicyPreference><SignMessageHeader>false</SignMessageHeader><EncryptCredential>false</EncryptCredential><CredentialPreference>BASIC</CredentialPreference></CommunitySecurityPolicyPreference>-<SecurityPolicyTemplatePreference Name=″RSA-SHA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e4-c40beac518e7″><Category>XMLSignature</Category><Preference>101</Preference></SecurityPolicyTemplatePreference>-<SecurityPolicyTemplatePreference Name=″RSA-MD5-EXC14N″ID=″bb587fa0-b980-11d6-b8e5-c40beac518e7″><Category>XMLSignature</Category><Preference>102</Preference></SecurityPolicyTemplatePreference>-<SecurityPolicyTemplatePreference Name=″DSA-SHA1-EXC14N″ID=″bb587fa0-b980-11d6-b8e6-c40beac518e7″><Category>XMLSignature</Category><Preference>103</Preference></SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name=″RSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e7-c40beac518e7″>
<Category>XMLSignature</Category>
<Preference>104</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name=″RSA-MD5-C14N″ID=″bb587fa0-b980-11d6-b8e8-c40beac518e7″>
<Category>XMLSignature</Category>
<Preference>105</Preference>
</SacurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name=″DSA-SHA1-C14N″ID=″bb587fa0-b980-11d6-b8e9-c40beac518e7″>
<Category>XMLSignature</Category>
<Preference>106</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name=″3DES-RSA-2048″ID=″bb587fa0-b980-11d6-b8ea-c40beac518e7″>
<Category>XMLEncryption</Category>
<Preference>107</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name=″AES-128-RSA-2048″ID=″bb587fa0-b980-11d6-b8eb-c40beac518e7″>
<Category>XMLEncryption</Category>
<Preference>108</Preference>
</SecurityPolicyTemplatePreference>
-<SecurityPolicyTemplatePreference Name=″DES-RSA-1024″ID=″bb587fa0-b980-11d6-b8ac-c40beac518e7″>
<Category>XMLEncryption</Category>
<Preference>109</Preference>
</SecurityPolicyTemplatePreference>
</CommunitySecurityTemplatesPreference>
-<SAMsgSecurityPolicy>
-<SAMsgPart PartName=″Order″isOptional=″false″>
-<PartSignatureAlgCategory>
<XMLSignatureAlgCategory>XMLSignature</XMLSignatureAlgCategory>
</PartSignatureAlgCategory>
-<PartEncryptionAlgCategory>
<XMLEncryptionAlgCategory>XMLEncryption</XMLEncryptionAlgCategory>
</PartEncryptionAlgCategory>
</SAMsgPart>-<SAMsgPart PartName=″Image″isOptional=″false″>
-<PartEncryptionAlgCategory>
<XMLEncryptionAlgCategory>XMLEncryption</XMLEncryptionAlgCategory>
</PartEncryptionAlgCategory></SAMsgPart></SAMsgSecurityPolicy>-<PublicKeys><sicdPartyID>x-ccnscommerceone.comCollaborationParty∷sellParty</sicdPartyID>-<sicdEncryptionKeyInfo KeyOwner=″x-ccnscommerceore.comCollaborationParty∷sellParty″>
<sicdpublicKeyID>DefaultTestCert</sicdPublicKeyID>
-<sicdX509Data>
<sicdX509Certificate>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tTUIJREZEQ0NBZnInQXdJQkFnSUVQT0ZQSVRBTKJna3Foa2IHOXcwQkFRVUZBREI2TVFzd0NRWURWUVFHRXdKVIV6RVZNQk1HQTFVRUNoTU1RMjI0YIdWeVkyVWdUMjVsTVMwd0t3WURWUVFMRXISVWFHbHpJRU5CSUdsekIHWnZjaUIwWIhOMGFXNW5JSEIxY25CdmMyVnpJRzI1YkhreEpUQWpCZ05WQkFNVUhFTnZiVzFsY21ObEIFOXVaU0JVWIhOMEIFTkJJRkp2YjNRZ0I6RXdIaGNOTURJd05URTBNVGMxTXpNM1doY05NRE13TIRFME1UWTFNek0zV2pCb01SZ3dGZ1IEVIFRREV3OUVZWFpwWkNCVVpYTjBJREI3TURJeEVqQVFCZ05WQkFjVENVTjFjR1Z5ZEdsdWJ6RVVNQkIHQTFVRUN4TUxSVzVuYVc1bFpYSnBibWN4RIRBVEJnTIZCQW9UREVOdmJXMWxjbU5sSUU5dVpURUxNQWtHQTFVRUJoTUNWVk13Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQU1JR0pBb0dCQU5nc2pTQkxjcFp2QnVDQ2ITTHR3RGFkaFZEMGNLRXJuQ3M2azg5UEhSUGJSMFdYOHBDUzByZwxIMkcyaDMxNU5vNGkzQVNIdHZhYmdHeIIRVFNiR2EzcWtNYmVLNDZTSGxtTkJOTUp2YUkvMmZVQIBxdkkzejILTVJSTGh3eUhCMEdFNmUvSzdnVGZkSUo0MUJobTZzSmcwYzJqZ041cWt1d3FZQkV4eWN1MUFnTUJBQUdqT0RBMk1DY0dBMVVkRVFRZ01CNkJIRzE1VkdWemRFVnRZV2xzUUdOdmJXMWpaWEpqWIc5dVpTNWpiMjB3Q3dZRFZSMFBCQVFEQWdYZ01BMEdDU3FHU0IiM0RRRUJCUVVBQTRJQkFRQ0UrNEVaUWZYZWpmVnBsbXEzZnFtujJZSGZhczErcXA0MUg4UWRmNmRESXBiYkZ2OUxocnorYkc2c2hWQIptMVpYVXphaHI6N2Q3Z2U3V0MxR2FZVjFHYIdFTXJMUkZkeXM2c1VIQkZNbHZuNkZPRjNqOHdMY3JuN2FFN3pRMEMwa2U5LzVVNVBHTnIaZWVaUGNLNTIKM0hPdWpzbXUvaENPVW1OOXZVM2M3MHVjMmhRaE96aExJQ0VIQ2VTRDFCd2hEMXNkdXZmNnVOanAzUGp2eUpCakITeDVxY2UwS25oQmxpcDR3ejRNTWxpdEtTdkFXSEIqR1Bvb0w0N01ac3I4N3RLamJHaTgxcWJrQ3hiYIZ1dEIoYmkzZDRnaW1Ockc1RXJ0dUUxNmwvRW9GUkJLU2VRTXd2cFdGUIIIN2YreWtKVGE5ZVRLaWF4R2hOcDR4dnc5LS0tLS1FTkQgQ0VSVEIGSUNBVEUtLS0tLQ==</sicdX509Certificate>
</sicdX509Data></sicdEncryptionKeyInfo><sicdKeyTypeUsage>ENCRYPTION</sicdKeyTypeUsage><sicdKeyTypeUsage>SIGNATURE</sicdKeyTypeUsage><sicdKeyTypeUsage>AUTHENTICATION</sicdKeyTypeUsage></PublicKeys>-<PublicKeys>
<sicdPartyID>PartyBSeller</sicdPartyID>-<sicdEncryptionKeyInfo KeyOwner=″PartyBSeller″>
<sicdPubllcKeyID>RKeyA</sicdPublicKeyID>
-<sicdX509Data>
<sicdX509Certificate>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tTUIJREZEQ0NBZnInQXdJQkFnSUVQT0ZQSVRBTkJna3Foa2IHOXcwQkFRVUZBREI2TVFzd0NRWURWUVFHRXdKVIV6RVZNQk1HQTFVRUNoTU1RMjI0YIdWeVkyVWdUMjVsTVMwd0t3WURWUVFMRXISVWFHbHpJRU5CSUdsekIHWnZjaUIwWIhOMGFXNW5JSEIxY25CdmMyVnpJRzI1YkhreEpUQWpCZ05WQkFNVUhFTnZiVzFsY21ObEIFOXVaU0JVWIhOMEIFTKJJRkp2YjNRZ0I6RXdIaGNOTURJd05URTBNVGMxTXpNM1doY05NRE13TIRFME1UWTFNek0zV2pCb01SZ3dGZ1IEVIFRREV3OUVZWFpwWkNCVVpYTjBJREI3TURJeEVqQVFCZ05WQkFjVENVTjFjR1Z5ZEdsdWJ6RVVNQkIHQTFVRUN4TUxSVzVuYVc1bFpYSnBIbWN4RIRBVEJnTIZCQW9UREVOdmJXMWxjbU5sSUU5dVpURUxNQWtHQTFVRUJoTUNWVk13Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQU1JR0pBb0dCQU5nc2pTQkxjcFp2QnVDQ2ITTHR3RGFkaFZEMGNLRXJuQ3M2azg5UEhSUGJSMFdYOHBDUzByZWxIMkcyaDMxNU5vNGkzQVNidHZhYmdHeIIRVFNiR2EzcWtNYmVLNDZTSGxtTKJOTUp2YUkvMmZVQiBxdkkzejILTVJSTGh3eUhCMEdFNmUvSzdnVGZkSUo0MUJobTZzSmcwYzJqZ041cWT1d3FZQkV4eWN1MUFnTUJBQUdqT0RBMk1DY0dBMVVkRVFRZ01CNkJIRzE1VkdWemRFVnRZV2xzUUdOdmJXMWpaWEpqWIc5dVpTNWpiMjB3Q3dZRFZSMFBCQVFEQWdYZ01BMEdDU3FHU0IiM0RRRUJCUVVBQTRJQkFRQ0UrNEVaUWZYZWpmVnBsbXEzZnFtUjJZSGZhczErcXA0MUg4UWRmNmRESXBiYkZ2OUxocnorYkc2c2hWQIptMVpYVXphaHI6N2Q3Z2U3V0MxR2FZVjFHYIdFTXJMUkZkeXM2c1VIQKZNbHZuNkZPRjNqOHdMY3JuN2FFN3pRMEMwa2U5LzVVNVBHTnIaZWVaUGNLNTIKM0hPdWpzbXUvaENPVW1OOXZVM2M3MHVjMmhRaE96aExJQ0VIQ2VTRDFCd2hEMXNkdXZmNnVOanAzUGp2eUpCakITeDVxY2UwS25oQmxpcDR3ejRNTWxpdEtTdkFXSEIqR1Bvb0w0N01ac3I4N3RLamJHaTgxcWJrQ3hiYIZ1dEIoYmkzZDRnaW1Ockc1RXJ0dUUxNmwvRW9GUKJLU2VRTXd2cFdGUIIiN2YreWtKVGE5ZVRLaWF4R2hOcDR4dnc5LS0tLS1FTkQgQ0VSVEIGSUNBVEUtLS0tLQ==</sicdX509Certificate>
</sicdX509Data></sicdEncryptionKeyInfo><sicdKeyTypeUsage>ENCRYPTION</sicdKeyTypeUsage><sicdKeyAlgorithm>RSA</sicdKeyAlgorithm><sicdDescription>String</sicdDescription><sicdLocation>String</sicdLocation></PublicKeys>-<PublicKeys><sicdPartyID>ConnectorB</sicdPartyID>-<sicdEncryptionKeyInfo KeyOwrer=″BOwner″>
<sicdPublicKeyID>RKeyB</sicdPublicKeyID>
-<sicdX509Data>
<sicdX509Certificate>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tTUIJREZEQ0NBZnInQXdJQkFnSUVQT0ZQSVRBT
kJna3Foa2IHOXcwQkFRVUZBREI2TVFzd0NRWURWUVFHRXdKYIV6RVZNQk1HQTFVRUNoTU1RMjI0YIdWeVkyVWdUMjVsTVMwd0t3WURWUVFMRXISVWFHbHpJRU5CSUdsekIHWnZjaUIwWIhOMGFXNW5JSEIxY25CdmMyVnpJRzI1YkhreEpUQWpCZ05WQkFNVUhFTnZiVzFsY21ObEIFOXVaU0JVWIhOMEIFTkJJRkp2YjNRZ0I6RxdIaGNOTURJd05URTBNVGMxTXpNM1doY05NRE13TIRFME1UWTFNek0zV2pCb01SZ3dGZ1IEVIFRREV3OUVZWFpwWkNCVVpYTjBJREI3TURJeEVqQVFCZ05WQkFjVENVTjFjR1Z5ZEdsdWJ6RVVNQkIHQTFVRUN4TUxSVzVuYVc1bFpYSnBibWN4RIRBVEJnTIZCQW9UREVOdmJXMWxjbU5sSUU5dVpURUxNQWtHQTFVRUJoTUNWVk13Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQU1JR0pBb0dCQU5nc2pTQkxjcFp2QnVDQ2ITTHR3RGFkaFZEMGNLRXJuQ3M2azg5UEhSUGJSMFdYOHBDUzBVZWxIMkcyaDMxNU5vNGkzQVNidHZhYmdHeIIRVFNiR2EzcWtNYmVLNDZTSGxtTkJOTUp2YUkvMmZVQIBxdkkzejILTVJSTGh3eUhCMEdFNmUvSzdnVGZkSUo0MUJobTZzSmcwYzJqZ041cWt1d3FZQkV4eWN1MUFnTUJBQUdqT0RBMk1DY0dBMVVkRVFRZ01CNkJIRzE1VkdWemRFVnRZV2xzUUdOdmJXMWpaWEpqWIc5dVpTNWpiMjB3Q3dZRFZSMFBCQVFEQWdYZ01BMEdDU3FHU0IiM0RRRUJCUVVBQTRJQkFRQ0UrNEVaUWZYZWpmVnBsbXEzZnFtUjJZSGZhczErcXA0MUg4UWRmNmRESXBiYkZ2OUxocnorYkc2c2hWQIptMVpYVXphaHI6N2Q3Z2U3V0MxR2FZVjFHYIdFTXJMUkZkeXM2c1VIQkZNbHZuNkZPRjNqOHdMY3JuN2FFN3pRMEMwa2U5LzVVNVBHTnIaZWVaUGNLNTIKM0hPdWpzbXUvaENPVN1OOXZVM2M3MHVjMmhRaE96aExJQ0VIQ2VTRDFCd2hEMXNkdXZmNnVOanAzUGp2eUpCakITeDVxY2UwS25oQmxpcDR3ejRNTWxpdEtTdkFXSEIqR1Bvb0w0N01ac3I4N3RLamJHaTgxcWJrQ3hiYIZ1dEIoYmkzZDRnaW1Ockc1RXJ0dUUxNmwvRW9GUkJLU2VRTXd2cFdGUIIiN2YreWtKVGE5ZVRLaWF4R2hOcDRR4dnc5LS0tLS1FTkQgQ0VSVEIGSUNBVEUtLS0tLQ==</sicdX509Certificate>
</sicdX509Dara></sicdEncryptionKeyInfo><sicdKeyTypeUsage>SIGNATURE</sicdKeyTypeUsage><sicdKeyTypeUsage>ENCRYPTION</sicdKeyTypeUsage><sicdKeyAlgorithm>RSA</sicdKeyAlgorithm><sicdDescription>String</sicdDescription><sicdLocation>String</sicdLocation></PublicKeys>-<ConnectorCapability ConnectorName=″x-ccnscup.commerceone.comconnector∷centerSell″><EncryptionCapability>true</EncryptionCapability><SignatureCapability>true</SignatureCapability></ConnectorCapability>-<ConnectorCapability ConnectorName=″x-ccnscup.commerceone.comconnector∷sell″><EncryptionCapability>false</EncryptionCapability><SignatureCapability>true</SignatureCapability></ConnectorCapability>-<CPRecvServlcesSecurityPolicy>-<SecurityPolicyTemplatePreference Name=″3DES-RSA-2048″>
<Category>XMLEncryption</Category>
<Preference>1</Preference>
</SecurityPollcyTemplatePreference>-<SecurityPolicyTemplatePreference Name=″RSA-MD5-C14N″>
<Category>XMLSignature</Category>
<Preference>2</Preference>
</SecurityPolicyTemplatePreference>-<SecurityPolicyTemplatePreference Name=″RSA-SHA1-C14N″>
<Category>XMLSignature</Category>
<Preference>6</Preference>
</SecurityPolicyTemplatePreference>-<SecurityPolicyTemplatePreference Name=″AES-128-RSA-2048″>
<Category>XMLEncryption</Category>
<Preference>5</Preference>
</SecurityPolicyTemplatePreference>-<ServiceAuthentication>
<AcceptedCredentials>X509</AcceptedCredentials>
<AcceptedCredentials>BASIC</AcceptedCredentials>
<sicdAuthenticateMode>SOURCE</sicdAuthenticateMode>
</ServiceAuthentication></CPRecvServicesSecurityPolicy></SecurityReceiverInfo>
ComputeSecurityContract.XML<?xml version=″1.0″?>-<prefix_0SecurityContractICDxmlnsprefix_0=″publicidcom.commerceoneschemas/soapextension/contract/security/v1_0/SecurityContract.xsd″xmlnsxsi=″http//www.w3.org/2001/XMLSchema-instance″>
-<prefix_0SecurityPolicies>
-<prefix_0AuthenticationPolicies>
-<prefix_0X509CredentialPolicy PolicyId=″P-AuthenX.509Source″>
<prefix_0CredentialPolicyAlgorithm>X.509v3</prefix_oCredentialPolicyAlgorithm>
<prefix_0AuthenticateMode>SOURCE</prefix_0AuthenticateMode>
</prefix_0X509CredentialPolicy>
</prefix_0AuthenticationPolicies>
-<prefix_0SignaturePolicies>
-<prefix_0XMLDsigPolicy PolicyId=″P-XMLSignatureRSA-MD5-C14N″>
<prefix_0SignaturePolicyAlgorithr>http//www.w3.org/2000/09/xmldsig#</prefix_0SignaturePolicyAlgorithm>
<prefix_0SignatureAlgorithm>MD5withRSA</prefix_0SignatureAlgorithm>
<prefix_0HashFunction>MD5</prefix_0HashFunction>
<prefix_0CanonicalizationMethod>http//www.w3.org/TR/2000/CR-xml-c14n-20001026</prefix_0CanonicalizationMethod>
<prefix_0Transform>http//msdn.microsoft.com/ws/2002/01/Security#RoutingSignatureTransform</prefix_0Transform>
</prefix_0XMLDsigPolicy></prefix_0SignaturePolicies>-<prefix_0EncryptionPolicies>-<prefix_0XMLEncryptionPolicy PolicyId=″P-XMLEncrypt3DES-RSA-2048″>
<prefix_0EncryptionPolicyAlgorithm>http//www.w3.org/2001/04/xmlenc#</prefix_0EncryptionPolicyAlgorithm>
<prefix_0EncryptionMethod>http//www.w3.org/2001/04/xmlenc#3des-cbc</prefix_0EncryptionMethod>
<prefix_0KeySize>2048</prefix_0KeySize>
<prefix_0KeyEncryptionMethod>http//www.w3.org/2001/04/xmlenc#rsa-1_5</prefix_0KeyEncryptionMethod></prefix_0XMLEncryptionPolicy></prefix_0EncryptionPolicies>-<prefix_0EncryptionKeyInfo KeyOwner=″x-ccnscommerceone.comCollaborationParty∷sellParty″><prefix_0PublicKeyID>DefaultTestCert</prefix_0PublicKeyID>
-<prefix_0X509Data>
<prefix_0X509Certificate>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tTUIJREZEQ0NBZnInQXdJQkFnSUVQT0ZQSVRBTkJna3Foa2IHOXcwQkFRVUZBREI2TVFzd0NRWURWUVFHRXdKVIV6RVZNQk1HQTFVRUNoTU1RMjI0YIdWeVkyVWdUMjVsTVMwd0t3WURWUVFMRXISVWFHbHpJRU5CSUdsekIHWnZjaUIwWIhOMGFXNW5JSEIxY25CdmMyVnpJRzi1YkhreEpUQWpCZ05WQkFNVUhFTnZiVzFsY21ObEIFOXVaU0JVWIhOMEIFTKJJRkp2YjNRZ0I6RXdIaGNOTURJd05URTBNVGMxTXpNM1doY05NRE13TIRFME1UWTFNek0zV2pCb01SZ3dGZ1IEVIFRREV3OUVZWFpwWkNCVVpYTjBJREI3TURJeEVqQVFCZ05WQkFjVENVTjFjR1Z5ZEdsdWJ6RVVNQkIHQTFVRUN4TUxSVzVuYVc1bFpYSnBibWN4RIRBVEJnTIZCQW9UREVOdmJXMWxjbU5sSUU5dVpURUxNQWtHQTFVRUJoTUNWVk13Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQU1JR0pBb0dcQU5nc2pTQkxjcFp2QnVDQ2ITTHR3RGFkaFZEMGNLRXJuQ3M2azg5UEhSUGJSMFdYOHBDUzByZWxIMkcyaDMxNU5vNGkzQVNIdHZhYmdHeIIRVFNiR2EzcWtNYmVLNDZTSGxtTKJOTUp2YUkvMmZVQIBxdkkzejILTVJSTGh3eUhCMEdFNmUvSzdnVGZkSUo0MUJobTZzSmcwYzJqZ041cWt1d3FZQkV4eWN1MUFnTUJBQUdqT0RBMk1DY0dBMVVkRVFRZ01CNKJIRzE1VkdWemRFVnRZV2xzUUdOdmJXMWpaWEpqWIc5dVpTNWpiMjB3Q3dZRFZSMFBCQVFEQWdYZ0iBMEdDU3FHU0IiM0RRRUJCUVVBQTRJQkFRQ0UrNEVaUWZYZWpmVnBsbXEzZnFtUjJZSGZhczErcXA0MUg4UWRmNmRESXBiYkZ2OUxocnorYkc2c2hWQIptMVpYVXphaHI6N2Q3Z2U3V0MxR2FZVjFHYIdFTXJMUkZkeXM2c1VIQkZNbHZuNkZPRjNqOHdMY3JUN2FFN3pRMEMwa2U5LzVVNVBHTnIaZWVaUGNLNTIKM0hPdWpzbXUvaENPVW1OOXZVM2M3MHVjMmhRaE96aExJQ0VIQ2VTRDFCd2hEMXNkdXZmNnVOanAzUGp2eUpCakITeDVxY2UwS25oQmxpcDR3ejRNTWxpdEtTdkFXSEIqR1Bvb0w0N01ac3I4N3RLamJHaTgxcWJrQ3hiYIZ1dEIoYmkzZDRnaW1Ockc1RXJ0dUUxNmwvRW9GUKJLU2VRTXd2cFdGUIIiN2YreWtKVGE5ZVRLaWF4R2hOcDR4dnc5LS0tLS1FTkQgQ0VSVEIGSUNBVEUtLS0tLQ==</prefix_0X509Certificate>
</prefix_0X509Data></prefix_0EncryptionKeyInfo></prefix_0SecurityPolicies>-<prefix_0SecurityChannel channelId=″CHANNEL1″sourceConnector=″x-ccnscup.commerceone.comconnector∷buy″targetConnector=″x-ccnscup.commerceone.comconnector∷sell″>-<prefix_0Credential AlgorithmId=″P-AuthenX.509Source″SequenceID=″4″ DelegationFlag=″false″>
<prefix_0PublicKeyName>BuyerPublicKey</prefix_0PublicKeyName></prefix_0Credential>-<prefix_0Integrity AlgorithmId=″P-XMLSlgnatureRSA-MD5-C14N″>
<prefix_0PublicKeyNameKeyOwner=″OwnerA″>BuyerpublicKey</prefix_0PublicKeyName>
<prefix_0MessagePart PartName=″Order″isOptional=″false″/>
</prefix_0Integrity></prefix_0SecurityChannel>-<prefix_0SecurityChannel channelId=″CHANNEL2″sourceConnector=″x-ccnscup.commerceone.comconnector∷centerSell″targetConnector=″x-ccnscup.commerceone.comconnector∷centerSell″>-<prefix_0Confidential AlgorithmId=″P-XMLEncrypt3DES-RSA-2048″>
<prefix_0PublicKeyName KeyOwner=″x-ccnscommerceone.comColiaborationParty∷sellParty″>DefaultTestCert</prefix_0PublicKeyName>
<prefix_0MessagePart PartName=″Order″isOptional=″false″/>
<prefix_0MessagePart PartName=″Image″isOptional=″false″/>
</prefix_0Confidential></prefix_0SecurityChannel></prefix_0SecurityContractICD>
权利要求
1.一种为至少一个消息在服务之间的交换动态地确定安全选项的方法,该消息含有一个或多个部分,该方法包括为第一和第二服务提供机器可读安全简档,其中,安全简档标识各自服务可接受的数个安全要素,所述安全要素包括签名消息的一个或多个部分的要求;加密消息的一个或多个部分的要求;包括签名算法和应用于消息的一个或多个部分的与签名算法有关的一个或多个签名选项子集;包括加密算法和应用于消息的一个或多个部分的与加密算法有关的一个或多个加密选项子集;与签名算法一起使用的一个或多个签名密钥;与加密算法一起使用的一个或多个加密密钥;应用于消息的一个或多个部分的至少一个验证算法;访问安全简档和为各个服务可接受的消息选择特定的一组安全要素;和服从特定选项集在各个服务之间传送消息。
2.根据权利要求1所述的方法,其中,安全简档保存在第一和第二服务的安全逻辑单元可访问的登记表中。
3.根据权利要求1所述的方法,其中,一个或多个安全要素通过机器可读默认安全简档中的默认值指定。
4.根据权利要求1所述的方法,其中,签名的要求应用于消息的各个部分。
5.根据权利要求1所述的方法,其中,签名的要求应用于整个消息。
6.根据权利要求1所述的方法,其中,加密的要求应用于消息的各个部分。
7.根据权利要求1所述的方法,其中,加密的要求应用于整个消息。
8.根据权利要求1所述的方法,其中,签名算法应用于整个消息。
9.根据权利要求1所述的方法,其中,加密算法应用于整个消息。
10.根据权利要求1所述的方法,其中,签名和加密密钥是非对称的。
11.根据权利要求1所述的方法,其中,加密密钥是对称的。
12.根据权利要求1所述的方法,其中,验证算法由可信代理在传送消息之前完成和通过验证断言证明。
13.根据权利要求1所述的方法,其中,验证算法包括由接收消息的服务提交伴随着消息的证件加以检查。
14.根据权利要求1所述的方法,其中,安全要素进一步包括至少一个验证算法的标识以建立发送服务的特权。
15.根据权利要求14所述的方法,其中,授权算法由可信代理在传送消息之前完成和通过授权断言证明。
16.根据权利要求14所述的方法,其中,验证算法包括由接收消息的服务提交伴随着消息的证件加以检查。
17.根据权利要求1所述的方法,其中,安全简档进一步包括签名和加密安全要素之间的偏爱的声明,而选择特定选项子集考虑到至少一个服务的偏爱。
18.根据权利要求17所述的方法,其中,特定选项子集对应于各个服务可接受和接收消息的服务最优选的选项子集。
19.根据权利要求17所述的方法,其中,特定选项子集对应于各个服务可接受和发送消息的服务最优选的选项子集。
20.根据权利要求17所述的方法,其中,选择特定选项子集考虑两个服务的偏爱。
21.根据权利要求17所述的方法,其中,选择特定选项子集考虑各个服务可接受的安全要素当中的最高安全等级。
22.根据权利要求17所述的方法,其中,选择特定选项子集考虑各个服务可接受的安全要素当中的最低安全等级。
23.根据权利要求17所述的方法,其中,在签名或加密消息的一个或多个部分的要求之间选择考虑至少一个服务的偏爱。
24.根据权利要求17所述的方法,其中,在签名或加密消息的一个或多个部分的要求之间的选择对应于各个服务可接受和接收消息的服务最优选的选项子集。
25.根据权利要求17所述的方法,其中,在签名或加密消息的一个或多个部分的要求之间的选择对应于各个服务可接受和发送消息的服务最优选的选项子集。
26.根据权利要求17所述的方法,其中,在签名或加密消息的一个或多个部分的要求之间的选择考虑两个服务的偏爱。
27.根据权利要求17所述的方法,其中,在签名或加密消息的一个或多个部分的要求之间的选择考虑各个服务可接受的安全要素当中的最高安全等级。
28.根据权利要求17所述的方法,其中,在签名或加密消息的一个或多个部分的要求之间的选择考虑各个服务可接受的安全要素当中的最低安全等级。
29.根据权利要求1所述的方法,其中,安全简档进一步包括各个服务用来实现签名和加密的一个或多个资源。
30.根据权利要求17所述的方法,其中,安全简档进一步包括各个服务用来实现签名和加密的一个或多个资源。
31.根据权利要求1所述的方法,其中,安全简档进一步包括各个服务用来验证发送消息的服务的一个或多个资源。
全文摘要
本发明涉及协商和实现两个或更多个万维网服务之间的安全措施的基于计算机的设备和方法。更具体地说,本发明涉及指定输入和输出接口、与输入一致的安全合同的计算和生成以及按照协商的安全措施的安全实现的设备和方法。在权利要求书、说明书和附图中描述了本发明的具体方面。
文档编号G06F15/00GK1695123SQ03825165
公开日2005年11月9日 申请日期2003年8月19日 优先权日2002年9月18日
发明者西蒙·S·Y·常, 约瑟夫·S·桑菲利波, 杰雅拉姆·R·卡西, 克里斯托弗·克拉尔 申请人:Jgr阿奎西申公司
完整全部详细技术资料下载
  • 该技术已申请专利。仅供学习研究,如用于商业用途,请联系技术所有人。
  • 技术研发人员:西蒙.S.Y.常;约瑟夫.S.桑菲利波;杰雅拉姆.R.卡西;克里斯托弗.克拉尔
  • 技术所有人:JGR阿奎西申公司
  • 我是此专利的发明人
相关技术
网友询问留言 已有0条留言
  • 还没有人留言评论。精彩留言会获得点赞!
1
精彩留言,会给你点赞!

使用协议| 关于我们| 联系X技术

© 2008-2024 【X技术】 版权所有,并保留所有权利。津ICP备16005673号-2