Matwin Internet Commerce Technologies Open Trading Protocol OTP  Interoperable framework for Internet commerce  Virtual capability that safely replicates real world: trading events such as offer, pmnt, pmnt receipt, delivery, receipt of goods.  + new trading models  Any two global parties using OTP-conformant e-commerce process will complete business safely and successfully  Standard available at

Matwin Internet Commerce Technologies OTP  Product of an international consortium, including Mondex, SET, CyberCash, DigiCash, VISA, MC, and banks (eg RB and CIBC)  Defined as an XML DTD

Matwin Internet Commerce Technologies OTP: our digest  Roles and exchanges  IOTP messages  Error handling  Security and signatures  Trading components  Trading blocks  The big picture

Matwin Internet Commerce Technologies Roles and exchanges Roles (entities)

Matwin Internet Commerce Technologies Trading exchanges  Offer  Merchant provides consumer with reason for the trade. Consumer must accept the offer  Payment  In either direction between the consumer and the payment handler  Delivery  Transmits on-line goods or delivery info about physical goods from delivery handler to consumer  Authentication  Ant trading role can authenticate any other role Trading Exchanges =exchanges of data between trading roles

Matwin Internet Commerce Technologies Trading exchanges  Any IOTP transactions consist of the above exchanges, e.g. IOTP purchase includes Offer, Payment, Delivery  Exchanges consist of components, transmitted between various trading roles  Components are packed, e.g, IOTP purchase combines Delivery Organization Component with the Offer Response Component

Matwin Internet Commerce Technologies Protocol structure  Trading components are assembled into trading blocks and IOTP Messages  IOTP messages are exchanged as XML documents between Trading Roles

Matwin Internet Commerce Technologies OTP message structure Trans. Ref. Block contains a globally unique id for the IOTP transaction Ea. Block has an id unique within transaction Combin. Of the two uniquely identifies any Trading Block or component

Matwin Internet Commerce Technologies IOTP Transactions (incomplete)  Purchase (offer, pmnt, [delivery])  Refund (result of prev. purchase)  Value exchange: of one currency and method of pmnt to another

Matwin Internet Commerce Technologies IOTP Transactions (incomplete)  Withdrawal (electronic, of cash from a financial institution)  Deposit  Inquiry  Ping

Matwin Internet Commerce Technologies IOTP message <!ELEMENT OtpMessage (TransRefBlk, SigBlk?, ErrorBlk?, ( AuthReqBlk | AuthRespBlk | DeliveryReqBlk | DeliveryRespBlk | InquiryReqBlk | InquiryRespBlk | OfferRespBlk | PayExchBlk | PayReqBlk | PayInstCCExchBlk | PayInstCCReqBlk | PayInstCCRespBlk PayRespBlk | PingReqBlk | PingRespBlk | TpoBlk | TpoSelectionBlk | )* ) > This contains information which describes an IOTP Message within an IOTP Transaction Trading block-depends on the type of OTP transaction This contains information which describes an IOTP Message within an IOTP Transaction

Matwin Internet Commerce Technologies TransfRefBlk and TransId <!ATTLIST TransRefBlk ID ID #REQUIRED > <!ATTLIST TransId ID ID #REQUIRED Version NMTOKEN #FIXED '1.0' OtpTransId NMTOKEN #REQUIRED OtpTransType CDATA #REQUIRED > TransTimeStamp CDATA #REQUIRED >

Matwin Internet Commerce Technologies Error handling  Errors are bound to occur  Technical errors: independent of the meaning of the msg  The kind of error is indicated by the code, part of XML specs  Handled via  Retrying transmission  Cancelling transaction

Matwin Internet Commerce Technologies Business errors  Connected with particular process  Insufficient funds – pmnt  Back order – delivery  Must be presented to the user for decision

Matwin Internet Commerce Technologies OTP security  Use of digital signatures  Signatures are components  Hash one or more components or trading blocks  Identify  Who signed  Who should verify

Matwin Internet Commerce Technologies Signature hashing

Matwin Internet Commerce Technologies Signatures cont’d  two organizations might use cryptography only understood by them – symmetric cryptography (DES)  The same cryptography might be used by several Trading Roles – asymmetric cryptography  One transaction might involve both kinds  Signatures are optional

Matwin Internet Commerce Technologies Trading components  Protocol Options Component  Authentication Data Component  Authentication Response Component  Order Component  …  Pmnt component  Sig component  …

Matwin Internet Commerce Technologies Order component <!ATTLIST Order ID ID #REQUIRED xml:lang NMTOKEN #REQUIRED OrderIdentifierCDATA #REQUIRED ShortDesc CDATA #REQUIRED OkFrom CDATA #REQUIRED OkTo CDATA #REQUIRED ApplicableLaw CDATA #REQUIRED ContentSoftwareId CDATA #IMPLIED > timestamps

Matwin Internet Commerce Technologies Organisation component <!ATTLIST Org ID ID #REQUIRED xml:lang NMTOKEN #REQUIRED OrgId CDATA #REQUIRED OtpMsgIdPrefix NMTOKEN #REQUIRED LegalName CDATA #IMPLIED ShortDesc CDATA #IMPLIED LogoNetLocn CDATA #IMPLIED > Domain name For Trading roles other than Consumer

Matwin Internet Commerce Technologies Payment component <!ATTLIST Payment ID ID #REQUIRED OkFrom CDATA #REQUIRED OkTo CDATA #REQUIRED BrandListRef NMTOKEN #REQUIRED SignedPayReceipt ('True'|'False') #REQUIRED AuthDataRef NMTOKEN #IMPLIED StartAfter NMTOKENS #IMPLIED > IDs the Trading Role that sends the Payment Request Block containing the Payment Component to Payment Handler

Matwin Internet Commerce Technologies Trading Blocks  Part of def of IOTP message (see p.8)  Have to do with (among others)  Authentication  Delivery  Offer response  Error  Pmnt  Signature

Matwin Internet Commerce Technologies Payment request block <!ELEMENT PayReqBlk (Status+, AuthData?, BrandList, BrandSelection, Payment, PaySchemeData?, Org*, TradingRoleData*) > <!ATTLIST PayReqBlk ID ID #REQUIRED > Contains success/failure status Of the steps (Offer Response or Pmnt Response) Is there to be authentication W/pmnt? If yes, provide info How it will occur Pmnt brands and protocols That may be used Payment see The Payment component p. 21

Matwin Internet Commerce Technologies Brand list component <Brand ID ='M1.5' BrandId='MC/BritishAirways' BrandName='British Airways MasterCard' BrandLogoNetLocn='ftp:otplogos.. BrandNarrative='Double air miles with British Airways MasterCard' ProtocolAmountRefs ='M1.7 M1.8' > 238djqw1298erh18dhoire 8ueu26e482hd82he82 SET pmnt with a loyalty Brand: BA VISA USD (see Standard for SCCD)

Matwin Internet Commerce Technologies Brand selection <BrandSelection ID=‘M1.2' BrandListRef='M1.3' BrandRef='M1.5' ProtocolAmountRef='M1.7' CurrencyAmountRef='M1.9' > Selection of brand from the above list to effect the payment described

Matwin Internet Commerce Technologies Big picture  OTP= protocol for Internet commerce, defined in XML  Transactions = exchanges betw. Roles  Exchanges consist of components, assembled into blocks and messages  Messages are XML documents  Messages and parts can be signed with digital signatures  Full XML definition and dig sig definition publicly available