IOTP
Click on the red underlined text to get to the source
...
The Internet Open Trading Protocol (IOTP) provides a payment system
independent interoperable framework ...
... payment system used with it provides
its own security, there are numerous cases where IOTP requires
authentication and integrity services ...
... authentication and tamper-proof protocol
messages specifically for Version 1.0 of the IOTP protocol. The
reader should recognize that an effort towards general XML digital
signatures exists but is unlikely to produce its final result in time
...
... reader should recognize that an effort towards general XML digital
signatures exists but is unlikely to produce its final result in time
for IOTP Version 1.0. Future versions of IOTP ...
... IOTP Version 1.0. Future versions of IOTP will probably adopt by
reference the results of this general XML digital signature effort.
...
... Provide a means by which an IOTP message may be made "tamper-
proof", or detection of tampering is made evident ...
... Easily integrate within the IOTP 1.0 Specification ...
... Allow signed portions of IOTP message to be "forwarded" to another
trading roles with different signature ...
... element is a generalized place to put any type of
algorithm used within the signed IOTP message. The Algorithm may be a
Signature algorithm ...
... element is the top-level element in an IOTP
signature block. It consists of a collection of Signature ...
... URL
references within the Manifest to be relative to the HrefBase. For
example, the IOTP Manifest may contain:
<Manifest LocatorHrefBase='iotp:<globally-unique-tid>'>
...
... URL Locator for the resources to be
fingerprinted. For use within IOTP a "scheme" with the value "iotp"
may be used with the following structure:
...
... This should be interpreted as referring to an element with an ID
attribute that matches <id-value> in any IOTP Message that has a
TransRefBlk Block with an IotpTransId that matches <globally-unique-
tid>.
...
... If the LocatorHrefBase attribute is omitted, <globally-unique-tid>
should be interpreted as the current IotpTransId, which is included
in the IOTP message which contains the Manifest component.
Value: Encoding ...
... signature element. This is the area
where a specific IOTP implementation may include custom attributes
which must be authenticated directly. An Attribute element ...
...
At this time, no IOTP specific attributes are specified.
...
... Attributes Description
OriginatorRef: A reference to the IOTP Org ID of the originating
signer.
...
... certificate.
RecipientRefs: A list of references to the IOTP Org ID of the
recipients this signature is intended for.
...
... >
For IOTP 1.0, the following parameter type is standardized:
"AlgorithmRef".
...
...
The following is an example signed IOTP message:
...
... <!--
******************************************************
* IOTP SIGNATURES BLOCK DEFINITION *
******************************************************
...
... <!--
******************************************************
* IOTP SIGNATURE COMPONENT DEFINITION *
...
... <!--
******************************************************
* IOTP CERTIFICATE COMPONENT DEFINITION *
...
... <!--
******************************************************
* IOTP SHARED COMPONENT DEFINITION *
******************************************************
...